by Larry Wilkins, CPBE, CBNT, AMD
Chair, SBE EAS Advisory Group
The FCC and FEMA are in the process of making changes in the EAS and CAP system. Most of these changes concern security issues. To aid stations in understanding these changes and what will be required to keep your EAS units compliant, the SBE has gathered the following information.
A change in FCC EAS rules (Part 11) has come into effect that makes the validation of digital signatures in CAP messages a mandatory element. The FCC amended section 11.56 “Obligation to Process CAP-formatted EAS Messages” to add the following new paragraph:
(c) EAS Participants shall configure their systems to reject all CAP-formatted EAS messages that include an invalid digital signature.
The FCC has also changed its EAS rules to refine the time window within which an alert message is valid. The change is to 11.33(a)(10) “Message Validity”, where the existing sentence, “A header code must only be considered valid when two of the three headers match exactly;”, the FCC added: “the Origination Date/Time field (JJJHHMM) is not more than 15 minutes in the future and the expiration time (Origination Date/Time plus Valid Time TTTT) is in the future (i.e., current time at the EAS equipment when the alert is received is between origination time minus 15 minutes and expiration time).”
In a long-awaited move, FEMA is updating the IPAWS system with Transport Layer Security (TLS) protocol. TLS is a cryptographic protocol providing end-to-end communications security over networks and is widely used for Internet communications.
The Federal Bridge Certificate Authority (CA) will expire on Nov. 8, 2019. Depending on the CA used by IPAWS, it may be necessary to provide a new CA for installation in all EAS decoders.
Finally, The FCC has put into effect a new false EAS alert reporting rule. Pursuant to section 11.45(b), an EAS Participant must inform the Commission if it discovers that it has transmitted a false alert. This rule provides that: No later than 24 hours of an EAS Participant’s discovery (i.e., actual knowledge) that it has transmitted or otherwise sent a false alert to the public, the EAS Participant send an email to the Commission at the FCC Ops Center at FCCOPS@fcc.gov, informing the Commission of the event and of any details that the EAS Participant may have concerning the event.
FEMA has indicated the target date to update the IPAWS server to TLS is Nov. 8, 2019.
What do stations need to do to remain compliant with FCC and FEMA guidelines?
Sage Alerting Systems Endec
Sage added support for the Part 11.33 15-minute change in its 89-34 release. Sage has supported the ability to validate the digital signature since 2012, it is enabled by default.
Sage’s September 2019 release, called Rev95, will support the TLS and certificate updates. This release will be mandatory. After the FEMA switchover, scheduled for Nov. 8, 2019, older versions of the ENDEC software will not be able to receive CAP messages from IPAWS. This will render the station in violation of FCC rules concerning EAS monitoring and logging.
Sage Alerting Systems has indicated there will be a one-time charge of $349 for the September release. The release will only be sold through their distributors. This update will be provided free of charge for ENDECs purchased new after March 1, 2018, (18 months prior to September 2019). Direct questions regarding these updates to Sage at firstname.lastname@example.org or 914-872-4069 and press 1 for support.
Radio stations operating with E-prom V 9.5.8 and television stations operating with E-prom V 20.9.8 will remain compliant with the changes. Contact Gorman-Redlich at 740-593-3150.
Units operating with software versions 3.1 or 4.0 will remain compliant with the items listed above. If an updated CA certificate for FEMA IPAWS is necessary, Digital Alert Systems will make it available to DASDEC and One-Net users as soon as possible at no charge.
While the upcoming FEMA TLS change can be handled by either v3.1 or v4.0 software, Digital Alert Systems wanted to let customers know about some of the additional features in v4.0. The v4.0 upgrade includes a complete OS upgrade (improved operating and security), Triggered CAP Polling, Blue Alert (BLU) event code support, and greater flexibility for future value-added enhancements. V4.0 is a highly recommended upgrade.
While V4.0 is an optional upgrade, users should be aware that Digital Alert Systems has deprecated development support on v3.0. New feature requests, updates, and software revisions will only be provided within the Version 4.x series of software. Contact Digital Alert Systems at email@example.com or 585-765-2254.
Information in this report was furnish with the permission of Digital Alert Systems, Sage Alerting Systems and Gorman-Redlich.