Hill Democrats Question FCC’s Cybersecurity Protocols

A woman walks by the Federal Communications Commission building in Washington, D.C. (Alex Wong/Getty Images)

Congressional Democrats are calling on the Federal Communications Commission to review its cybersecurity protocols following a May cyberattack that knocked the agency’s commenting system offline, and ahead of online activism in support of net neutrality planned for Wednesday.

Ranking House Democrats on two committees — Energy and Commerce and Oversight and Government Reform, as well as their relevant subcommittees — first sent a letter to the three FCC commissioners on June 26, expressing their concerns about the agency’s cyber preparedness and the attack’s impact on net neutrality comments.

“Recent events have raised questions about the security of the FCC’s network, and we have serious concerns that the FCC’s website failures deprive the public of opportunities to comment on net neutrality — an issue that affects everyone who uses the internet,” the six Democrats wrote.

The May episode came during a surge in public comments regarding the FCC’s proposed changes to net neutrality rules.

The same six Democrats followed up with a letter to the Government Accountability Office on July 7 that asked the office to examine the FCC’s “information technology and information security practices.”

Activists in recent months have increased their opposition to the FCC’s planned changes to net neutrality rules — the idea that internet service providers, who perform a gatekeeping function, should treat all online data equally, with no blocking, throttling or unreasonable discrimination of legal content.

Rep. Gerry Connolly, a Virginia Democrat and the ranking member of the House Oversight panel’s Government Operations subcommittee, said it was necessary to understand the nature of the FCC cyberattack so that the agency can take steps to prevent it from happening again.

“With any federal rulemaking, it is critical we protect the integrity and transparency of the public comment process,” Connolly, who signed both letters, said in a July 7 statement provided to Morning Consult. “Reports of difficulties for legitimate consumers to share their concerns are troubling and jeopardize the credibility of the process. This is another reminder of the need to replace legacy systems and modernize federal IT assets. Federal agencies must take steps to protect against cyberattacks and anticipate threats.”

Democratic members of the Energy and Commerce Committee in May requested that their Republican colleagues hold a hearing to discuss the FCC’s system protocols. No hearing has been scheduled.

Sens. Ron Wyden (D-Ore.) and Brian Schatz (D-Hawaii) also sent a letter to FCC Chairman Ajit Pai on July 7 expressing concerns that a similar DDoS — distributed denial-of-service — cyberattack could occur in conjunction with the Day of Action to Save Net Neutrality planned for July 12.

The event, a daylong push to support the current net neutrality rules, counts advocacy groups and Facebook Inc., Inc. and Google Inc. among its planned participants.

The senators said that thousands of individuals are likely to comment on the FCC’s site about the proposed net neutrality changes, and they cautioned the agency to bolster its Electronic Communication Filing System or provide temporary alternative measures for the public to comment throughout the day.

“We encourage you to seek out and employ ECFS measures that allow for flexible scalability and alternative methods of filing,” the senators wrote.

An FCC spokesman declined to comment but pointed to a June 15 letter that Pai sent to Wyden.

“I agree that this disruption to ECFS by outside parties was a very serious matter,” Pai wrote in the letter. “As a result, my office immediately directed our Chief Information Officer (CIO) to take appropriate measures to secure the integrity of ECFS and to keep us appraised of the situation.”

Morning Consult