Security, Automation Hijackings and EAS Follies

Publish date:

Security, Automation Hijackings and EAS Follies

Nov 1, 2014 9:00 AM, Shane Toven, Editor

Image placeholder title

How secure is your station? No, really�give it some thought. You likely have taken certain measures to ensure physical security; many of you also have taken measures to ensure security for your IT systems (you DO have a firewall in place, right?) but can you ever be certain that your station is immune from some form of hijack from the outside world? Perhaps even a disgruntled former employee?

October brought us several reports of events that impacted or had the potential to impact stations. Most stations (fortunately) were not affected but a few unlucky stations were caught off guard.

The first event to cross my radar was not really all that widespread. An operator at a local public safety facility triggered an NUW alert (Nuclear Power Plant Warning). This code propagated via CAP to a number of other facilities in the region, and then was aired by a network of stations serving as a statewide relay. Since there are in fact several nuclear power plants in that region, some stations dutifully relayed the alert. Other stations ignored it since it was not for their local area or their EAS units were not configured to relay that code. Still, it could have been far more widespread if the EAS units were not properly configured.

The next event involved a cluster of stations that had its automation systems hijacked by a �ransomware� virus. This virus knocked the stations off the air, encrypted files, and locked personnel out of the systems as they struggled to bring the stations back online.

Finally, a syndicated morning show recently aired audio from the national EAS test several years ago. This in turn caused a number of EAS units at stations downstream (including at least one cable company) to receive and decode the alert audio. Since the code was EAN, depending on the manufacturer of the unit and how it was configured, that EAS test was either ignored, immediately relayed, or is still in the unit waiting to be relayed on the appropriate date (November 9th). If your station falls into that last category, I hope you were able to catch it before it was relayed again.

All of this underscores the importance of being aware of your station''s infrastructure and where the weak points are. Certain things such as EAS are required by FCC rules, but check with your equipment manufacturer to ensure your unit has current firmware and is configured appropriately. As far as IT security, basic preventive measures include ensuring your software is up-to-date, regular backups are performed, networking firewalls are in place, and operators are trained on appropriate practices regarding e-mail and web browsing. Change passwords, remove old user accounts and check for unauthorized remote control software that could potentially be used as a back door by former employees.

Is there any foolproof guarantee to ensure your station will never become a target? No, but there are steps that you can take to make sure there is not a giant bulls-eye painted on your station''s door.