National EAS Test Rescheduled for Oct. 3

The Federal Emergency Management Association (FEMA) previously announced that a National EAS test would be sent Sept. 20, 2018. Following the effects of the Hurricane Florence, the test has been moved to the backup date, Oct. 3, 2018.

The times for the test have not changed. At 2:18 p.m. Eastern Daylight Time (EDT), FEMA will send a Wireless Emergency Alert (WEA) test message to all WEA-capable wireless devices throughout the entire United States and territories. Immediately following the WEA nationwide end-to-end test, at 2:20 p.m. EDT, FEMA will conduct a live test of the Emergency Alerting System (EAS). All EAS participants are required to participate in this nationwide test. The EAS message will be disseminated via the Integrated Public Alert and Warning System (IPAWS).

Stations are encouraged to verify that their EAS units are communicating correctly with the IPAWS server. Review station logs (which should be checked once each week by the chief operator) to ensure stations are receiving the Required Weekly Test (RWT) from IPAWS. This RWT is fed every Monday at 11:00 a.m. local time. Contact your equipment representative for details on setting up your EAS decoder to properly receive and relay the National test.

EAS participants are reminded that they are required to register with the EAS Test Reporting System (ETRS). Form One was to be filed on or before Aug. 27, 2018. Then on or before 11:59 p.m. EDT, Oct. 3, 2018, EAS participants must file the day-of-test information sought by ETRS Form Two. Post-test data will be filed later with Form Three.

More information is availble from the FEMA website.

Advertisements

EAS National Test Reminder: Do Not Air Alert Tones as Examples

As you prepare your station for the EAS and Wireless Emergency Alert System (WEA) national test on Sept. 20, 2018, remember that the FCC forbids airing the audio attention signal or EAS tones for any reason other than a genuine alert, authorized test, or approved public service announcement. Remind your news and programming operations of this rule.

Any transmission, including broadcast, of the WEA or EAS attention signals or codes, or a simulation of them, under any circumstances other than a genuine alert, authorized test, or approved public service announcement violates the Commission’s rules and undermines the important public safety precautions that WEA and EAS provide. See 47 CFR §§ 10.520(d), 11.45.

While the FCC encourages improving public awareness of WEA and the EAS, including the upcoming nationwide test, broadcasters and cable providers are reminded to exercise caution and avoid inadvertently broadcasting the WEA or EAS tones in a news story.

Any question or concerns with the upcoming nationwide test can be directed to the FCC at alerting@fcc.gov.

Update FEMA Security Certificates by Sept. 24, 2018

By Larry Wilkins, CPBE
Chair, SBE EAS Advisory Group

As a reminder to all engineers, the Federal Emergency Management Agency (FEMA) will update one of its security certificates on Sept. 24, 2018.

Security certificates allow EAS decoders to use the digital signature in the CAP message to verify that the message came from an authorized authority, and that it wasn’t changed between the originator and EAS participants’ equipment. These certificates expire periodically. FEMA currently uses a chain of five certificates for alert validation, one of which expires at 11:55 p.m. EDT on Sept. 24, 2018 (Sep 25 03:55:36 2018 UTC).

Monroe-Electronics and Sage Alerting Systems have both issued updates to their EAS units.

DASDEC users: A field service bulletin and CA file are available from the Digital Alert Systems website at digitalalertsystems.com/resources_fsb.html. All DASDEC and One-Net customers should download the field service bulletin for instructions, and install the new CA file.

Sage Endec users should visit sagealertingsystems.com for compete information on downloading and installing the file in their units.

Engineers are also reminded that FEMA has scheduled a national EAS test on Thursday, Sept. 20. It will be sent at 2:20 p.m. EDT. The test will be fed via IPAWS.

Be aware that preceding the EAS test to broadcasters, FEMA will send a Wireless Emergency Alert (WEA) test message to all WEA capable wireless devices throughout the entire United States and territories. That message will be sent at 2:18 p.m. EDT.

National EAS Test Scheduled for Sept. 20

By Larry Wilkins, CPBE, chair, SBE EAS Advisory Group

The Federal Emergency Management Association (FEMA) has announced that a National EAS test will be sent on Thursday, Sept. 20, 2018. There is a difference between this test and the two previous tests. At 2:18 p.m. Eastern Daylight Time (EDT), FEMA will send a Wireless Emergency Alert (WEA) test message to all WEA capable wireless devices throughout the entire United States and territories. Immediately following the WEA nationwide end-to-end test, at 2:20 p.m. EDT, FEMA will conduct a live test of the Emergency Alerting System (EAS). All EAS participants are required to participate in this nationwide test. The EAS message will be disseminated via the Integrated Public Alert and Warning System (IPAWS).

Stations are encouraged to verify that their EAS units are communicating correctly with the IPAWS server. Review your station logs (which should be checked once each week by the chief operator) to ensure you are receiving the Required Weekly Test (RWT) from IPAWS. This RWT is fed every Monday at 11:00 a.m. local time. Contact your equipment representative for details on setting up your EAS decoder to properly receive and relay the National test.

EAS participants are reminded that they are required to register with the EAS Test Reporting System (ETRS) and must complete the filing of ETRS Form One on or before Aug. 27, 2018. Then on or before 11:59 p.m. EDT, Sept. 20, 2018, EAS participants must file the day-of-test information sought by ETRS Form Two. On or before Nov. 5, 2018, EAS participants must file the detailed post-test data sought by ETRS Form Three.

Filers can access ETRS by visiting the ETRS page of the Commission’s website at www.fcc.gov/general/eas-test-reporting-system. Instructional videos regarding registration and completion of the ETRS Forms are available on the ETRS page.

Preparing For the September 2017 National EAS Test

By Larry Wilkins, CPBE, chair, SBE EAS Advisory Group

All engineers should be aware by now that the Federal Emergency Management Agency (FEMA) has scheduled the 2017 national EAS test for Wednesday, Sept. 27 at 2:20 p.m. ET. This test will be originated and distributed via IPAWS only; the same manner as the 2016 National Test. The test will be sent with the event code NPT for National Periodic Test. All stations are expected to receive the NPT message from IPAWS or off-air and then to relay the NPT message on-air using their normal studio EAS equipment. The message will be sent with both English and Spanish language text and audio.

In preparation for the test a few items engineers need to check.
1. Verify each EAS unit has the correct time displayed. We have seen a number of units that are off by several minutes or on the wrong time zone. Equipment should be programmed to automatically synchronize to an internet time source. Even if it is set to a time server, check the clock for the correct time.

2. Verify you have a local incoming filter programmed to receive the NPT code, and it is set to automatic relay and not log only. The originator should be set to Primary Entry Point, and the event should be set to National Periodic Test (NPT).

3. Verify your station is receiving the IPAWS Required Weekly Test (RWT) on Mondays at 11:00 a.m. local time. This will assure your equipment is polling the IPAWS national server correctly.

4. If your station plans to rebroadcast the alert in Spanish, verify that the correct settings are programmed to access the Spanish version of the message. Since the procedure varies among equipment, contact the support number for your EAS unit.

5. Engineers should (if possible) be on site for the test on Sept. 27. This way you can verify firsthand the proper reception and relay as well the quality of the audio transmission.

Remember also that the FCC will require all stations to report the reception and relay of the NPT via the Commission’s EAS Test Reporting System (ETRS). The user name and password used for the 2016 test will not gain access to the ETRS for this test.

Filers can access the ETRS home page by visiting the ETRS page of the Commission’s website. Instructions for setting a new user name and password as well as filing the proper forms are available on the ETRS site.

All EAS participants must submit Form One on the FCC ETRS site no later than Aug. 28, 2017.

Multiple Streams on a Single Station
Analog and digital broadcast stations that operate as satellites or repeaters of a hub station (or common studio or control point if there is no hub station) and rebroadcast 100 percent of the programming of the hub station (or common studio or control point) may satisfy the requirements through the use of a single set of EAS equipment at the hub station (or common studio or control point) which complies with §11.32 and §11.33.

In other words, if you have one hub station feeding 100 percent of its programming to several other stations, submit a Form One only for the EAS unit at the hub station. If a station has its own programming, it should be filing at least one copy of Form One.

Concerning digital FM stations with auxiliary streams (HD-2 or HD-3) and television stations with auxiliary streams (.2 or .3) these EAS participants should only file for auxiliary streams if they have their own dedicated EAS units.

For example, if the main channel has one EAS unit and the HD-2 and/or HD-3 stream has a separate EAS unit, they should file a separate set of forms. If all three channels share a single unit, they should file one set of forms.

FEMA Announces Date for 2017 National EAS Test

The Federal Emergency Management Agency (FEMA) has set a date for the next National EAS Test: Sept. 27. A secondary date in case there is an actual emergency or weather event that day is Oct. 4. The test will be conducted in the same way (IPAWS) that FEMA originated last year’s test with both English and Spanish language text and audio.

On June 26, 2017, the Public Safety and Homeland Security Bureau (PSHSB) of the Federal Communications Commission released instructions for Emergency Alert System (EAS) participants to register for access to the 2017 EAS Test Reporting System (ETRS).

The ETRS was used successfully for the second national EAS test conducted last fall. However, based on experience with that test, the FCC has mandated that filers using the 2017 ETRS must use a single account. The PSHSB also stated in its public notice that it will release a further notice in July announcing the opening of the 2017 ETRS, and the date by which EAS participants must file their EAS reporting data.

FCC Seeks Comments on Blue Alert EAS Event Codes

By the SBE EAS Advisory Group
Larry Wilkins, CPBE, chair

In May 2015, President Barack Obama signed into law legislation that created a new kind of public emergency notification: the Blue Alert. It’s similar to the well-known Amber Alert for abducted children, but is meant to help catch people who credibly threaten or actually harm law enforcement officials. Presently a number of states have created a Blue Alert that is designed to go only via email, social media and/or website.

At the request of the Justice Department, the FCC is now considering creating a designated Blue Alert event code, that according to the DOJ would “facilitate and streamline the adoption of new Blue Alert plans throughout the nation and would help to integrate existing plans into a coordinated national framework.” The Commission has announced via a notice of proposed rulemaking that it will accept public comment on the proposed Blue Alert plan and its various elements. The comment period will run for 60 days.

The SBE EAS Advisory Group is presently monitoring this as it travels through the agency and the SBE will issue advisories to members on the status. As always, we encourage broadcasters to weigh in on the issue by using the FCC’s Electronic Comment Filing System for docket PS 15-94. In the meantime, no technical action is required. Do not add the proposed event code yet, and continue to follow existing guidance in applicable state plans regarding any Blue Alert program that might be in effect in your area.

The SBE encourages stations to check with their state broadcaster associations and/or state emergency communication committese (SECC) to see if a Blue Alert program is in use for their state. A number of SBE members serve as chairs or board members of their SECCs. The SECCs will be tasked with formulating a plan for creation and distribution of the new Blue Alerts if adopted.

Online Resouces

SBE EAS Advisory Group Publishes EAS Security Notes

Prepared by the SBE EAS Advisory Group

Intrusions into computerized equipment have been around since the internet became a reality years ago. It is no surprise to broadcast engineers that these invasions have made their way into radio and television stations.

Most recently, EAS devices have been a major target. To comply with FCC rules, these devices must have internet access to receive information from FEMA via IPAWS.

Security for EAS and other station devices should be a high priority for station engineers. As a result, the SBE EAS Advisory group has put together a basic security guidelines summary to aid stations in assuring that all equipment is protected from these outside intrusions.

Summary

Every week, broadcasters like you are having their station equipment and computers hacked or tampered with by outsiders or malware infections that affect station computers and networks. If it hasn’t happened to you yet, the odds are unfortunately high that it eventually will happen.

These types of intrusions are more than an inconvenience. It can cost you to repair the systems that were compromised. It can cost you revenue for lost airtime. It can cost you credibility in your audience and community. Moreover, it eventually will cost all of us if the government feels it necessary to step in with additional regulations and requirements on broadcasters.

At the same time, it’s challenging for many broadcasters to keep up with the wide range of potential cyberattacks. Many broadcasters don’t know they have become vulnerable to attackers until it’s too late.
To help broadcasters address this growing concern, we have compiled some tips and best practices on how to keep your operation from falling prey to cybercrime. The bottom line:
• Know your Systems. Know what is connected to the network and the internet: at the office, studio, transmitter site, and remotes. If it’s connected, it is at risk.
• Defend your Network. Anything that is connected to your network or the internet must be behind a firewall.
• Protect your Equipment. Change default passwords. Change default usernames. Regularly check for and install any software upgrades or patches for equipment.
• Use Common Sense with Email and the Internet. Be cautious about opening email attachments or downloading from websites you don’t completely trust. Harmful malware can enter your station, and do significant damage to your business.
What is the problem?

Recent events had plainly shown that broadcasters are a low-hanging fruit for internet mischief-makers and cybercriminals. All too frequently, this involves key station equipment and computers left vulnerable to the internet, not changing default passwords, or even not having passwords at all.

The results have included the entire programming stream disrupted by IP streamers redirected to offensive, political and/or obscene content, the issuance of false or simulated EAS messages, the creation of fake messages and alerts via RDS encoders, the wholesale disruption of station operations when computers are locked via malware and viruses, and more. These are issues that have already happened, repeatedly.

In many cases, the threats boil down to simple vulnerabilities that could have been easily addressed beforehand.
• Stations with unconfigured firewalls – or even no firewalls.
• Station equipment left exposed and unprotected to the open internet.
• Station equipment left with default or easily guessable passwords – or even no passwords.
• Email attachments open, which introduced malware across the station network.

Presenting the potential for reaching a wide audience with inappropriate or political content, broadcasters present an irresistible opportunity for internet bad guys. Some broadcasters have opined that cybersecurity is too expensive or difficult. However, as we outline below, broadcasters can take preventative steps that are often a minimal expense – or no expense at all.

The technical solutions:

• Know Your Systems. Know what systems are connected to your network and to the internet, and know which systems should not be. If it is connected to the network, it’s going to need to be protected. This applies to looking at your systems throughout your operation. This includes the business office, studios, transmitter sites, remote control points, and other remote sites.
• Firewalls to Defend Your Network. The one security item every company needs is a firewall, a security appliance that attaches to your network and acts as the protective shield between the outside world and your wired and/or wireless network. A firewall continuously inspects traffic and matches it against a set of predesigned rules. If the traffic qualifies as safe, it’s allowed onto your network. If the traffic is questionable, the firewall blocks it and stops an attack before it enters your network. Just about anything in your broadcast facility should be behind a firewall if it is on your network, or going to be connected to the internet. Properly configure your firewall, make sure any software or firmware is up to date, and don’t leave ports open.
• Equipment Passwords and Account Management. Equipment in your station may come with a default password. You are urged to change default passwords on any equipment in your operation. If there are accounts or usernames on equipment that are default, or unused, you should also change or delete these. And remember, just because a system has a password, does not mean that it may be fully protected from access by other means. Equipment needs to be behind a firewall.
• Updates and Patches. The manufacturers of equipment in your station may contact you periodically regarding software patches and updates. Make it a practice of applying those software updates in a timely manner. Also, make it a practice of checking with your various manufacturers from time to time to see if they have released software updates of which you may not have been. These updates and patches may include not only feature improvements and bug fixes; they may also contain critical security patches.
• Secure Networks. Other measures to consider is a virtual private network (VPN). A VPN securely and inexpensively uses the public internet, instead of privately owned or leased lines, to provide remote sites and individuals with secure access to your organization’s network. Consider, for example, a VPN link as part of the STL, if that relies on an IP stream from the studio to transmitter.
• Safe Web Browsing and E-Mail Habits. Very bad things can enter the station via email or suspect web sites. If your station’s employees send e-mails and browse the internet (and of course, virtually all do!), you may also want to consider a software security solutions that include e-mail security, Web gateway security, and URL filtering.
The social solutions

• Security fundamentally involves a social aspect. Internally, you may need to reorient your employees and colleagues around safe email and web browsing habits. You may want to orient these employees to be wary of scam and phishing emails, and to beware of potentially dangerous attachments to emails from unknown or suspicious senders. You may need to reinforce safe web browsing habits, such as being careful not to download content from unknown or suspect websites.
• Broadcasters are a community. Externally, you may find opportunities to share information about what you are doing to improve security, what threats you see, and how you are addressing them.
When to call in an IT security consultant

There are going to be things you might not be able to do alone as a broadcaster. For FCC issues, you get outside legal advice. For annual and quarterly financials, you have an accountant. The same goes for security expertise. When you need to conduct a risk assessment, or get assistance in setting up network and IT security solutions, it may be money well spent it if you don’t have the expertise to do it yourself.

Don’t be part of the problem. Be part of the solution.

The Society of Broadcast Engineers Forms EAS Advisory Group

The Society of Broadcast Engineers has actively worked as a source of information for the Emergency Alert System since it was launched. As the system has developed and evolved to include new technologies and alerting partners, so has the SBE adapted to be the most effective and thorough resource for broadcasters to use to implement their EAS efforts.

As part of this evolution, SBE President Jerry Massey, CPBE, 8-VSB, AMD, DRB, CBNT, authorized the formation of the SBE EAS Advisory Group. The purpose of the group is to stay abreast of developments regarding EAS that will affect SBE members, including changes in federal regulations, policy and technology, and communicate pertinent developments to appropriate SBE national leadership and staff.

The group’s member’s are:
Larry Wilkins, CPBE, AMD, CBNT (group chair)
George Molnar
James Hoge
Ed Czarnecki (Monroe Electronics/Digital Alert Systems)
Harold Price (Sage Alerting Systems)

The group members were chosen to yield insight from the two SBE national committees that are involved with EAS issues, SBE members who are heavily involved with EAS, and SBE sustaining members that manufacture EAS equipment. The group reports to Wayne Pecena, CPBE, 8-VSB, AMD, DRB, CBNE, the chair of the SBE Education Committee, and Joe Snelson, CPBE, 8-VSB, the chair of the SBE Government Relations Committee.

On the announcement of the group’s formation, SBE President Jerry Massey said, “The SBE has worked with the various EAS partners, from stations to manufacturers to legislators, to be the trusted source of EAS information. The SBE EAS Advisory Group continues the effort that was begun by previous SBE committees.”

Larry Wilkins, the group chair, added, “Going forward, one focus of the group will be to field reports concerning origination or distribution problems from broadcast stations and state emergency communications committees (SECC). Using the expertise of the committee members along with information from our contacts with the FCC and FEMA, a recommended solution can be issued to the industry.”

Initial Findings of the 2016 EAS Nationwide Test

EAS logoAt the end of December, the FCC released an initial overview of the nationwide EAS test results and highlighted several opportunities for strengthening the EAS. The Federal Emergency Management Agency (FEMA), in coordination with the Federal Communications Commission (Commission) and the National Weather Service (NWS), conducted a nationwide test of the Emergency Alert System (EAS) at 2:20 p.m. EDT on Sept. 28, 2016. The nationwide test was designed to assess the reliability and effectiveness of the EAS, with a particular emphasis on testing FEMA’s Integrated Public Alert and Warning System (IPAWS), the integrated gateway through which common alerting protocol-based (CAP-based) EAS alerts are disseminated to EAS Participants.

The test also provided the Commission an opportunity to evaluate improvements made to the EAS since the 2011 nationwide EAS test and to improve its ability to monitor the performance of EAS Participants during nationwide EAS tests. At the direction of the Commission, the Public Safety and Homeland Security Bureau launched the EAS Test Reporting System (ETRS), an electronic filing system and related database, on June 27, 2016. Using ETRS for the first time, EAS Participants nationwide registered accounts and submitted identifying information regarding their participation in the EAS. In the hours following the nationwide test, EAS Participants submitted “day of test” results that indicated whether they successfully received and retransmitted the test alert. EAS Participants submitted detailed analyses in the weeks following the test that specified how they received the alert and identified any complications they experienced during the test.

The FCC reports that the Nationwide EAS Test was successful. Initial test data indicates that the vast majority of EAS participants successfully received and retransmitted the National Periodic Test (NPT) code that was used for the test. The improvements made to the EAS using the lessons learned from the 2011 nationwide EAS test and the implementation of the ETRS appear to have significantly improved test performance over what was observed during the 2011 test.

From the data submitted by EAS participants to the ETRS, several steps have been identified where the Commission could strengthen the EAS. These improvements address problems with poor audio quality, inability to deliver the Spanish alert because of receive timing between the over-the-air test and the IPAWS CAP alert, better access to alerts for people with disabilities, shortcomings in some state EAS plans, improperly configured station equipment, and potential improvements in cybersecurity of the EAS.

Read the FCC’s public notice:
https://apps.fcc.gov/edocs_public/attachmatch/DA-16-1452A1.docx
https://apps.fcc.gov/edocs_public/attachmatch/DA-16-1452A1.pdf