E&C and OGR Dem. Leaders Request GAO Examine Alleged Cyberattack that Blocked Receipt of Net Neutrality Comments
Washington, D.C. – Democratic Leaders of the Energy and Commerce and Oversight and Government Reform committees today sent a letter to the Government Accountability Office (GAO) asking it to examine the Federal Communication Commission’s (FCC) information technology and information security practices.
The request comes after the FCC recently claimed its website was hit by cyberattacks that the agency says were responsible for interfering with the public’s ability to submit comments on the issue of net neutrality during the public commenting period. There have also been reports that as many as 150,000 comments from the agency’s net neutrality docket may have disappeared, and that automated comments were being submitted to the FCC using names and addresses of individuals without their knowledge or consent.
The letter to GAO Comptroller General Gene L. Dodaro was signed by Energy and Commerce Ranking Member Frank Pallone, Jr. (D-NJ), Oversight and Government Reform Ranking Member Elijah Cummings (D-MD), E&C Communications and Technology Subcommittee Ranking Member Mike Doyle (D-PA), E&C Oversight and Investigations Subcommittee Ranking Member Diana DeGette (D-CO), OGR Information Technology Subcommittee Ranking Member Robin Kelly (D-IL), and OGR Government Operations Subcommittee Ranking Member Gerald Connolly (D-VA).
“Cybersecurity and other problems can have a direct functional impact on the mission of the FCC,” the Democratic Leaders wrote to GAO. “We are requesting this review in light of recent reports regarding the agency’s cybersecurity preparedness and problems with the FCC’s ability to take public comments in its net neutrality proceeding.”
The House Democratic Committee leaders requested that GAO:
- Identify how many visitors were unable to access the FCC’s website and file comments during the time the system experienced a “high amount of traffic.”
- Identify the systems that are in place to ensure that the FCC is able to accommodate people attempting to file comments during high-profile proceedings, and determine whether the FCC has sufficient resources for that purpose.
- Determine whether the cause of the incident the FCC announced on May 8, 2017, was due to a cyberattack, and if so, whether the steps the agency took to deal with the alleged attack was sufficient.
- Determine and assess what measures, if any, the FCC is taking to protect its networks, especially the Electronic Commenting Filing System, from denial-of-service attacks, and the sufficiency of those measures.
- Determine to what extent the FCC is coordinating with other federal agencies, such as the Department of Homeland Security, to investigate and to respond to the incident it announced on May 8, 2017.
The public commenting period is required by law to allow for the input of the American people. Under the Administrative Procedure Act, the FCC is required to give the public notice and an opportunity to comment, as well as to respond to those comments. The FCC is also required to meet cybersecurity requirements under the Federal Information Security Modernization Act (FISMA), which holds the Chairman responsible for providing information security protections for the Agency.
The letter to GAO comes after the Democratic Leaders sent a similar letter to FCC last week expressing concern about the alleged cyberattacks and requesting responses to a series of follow-up questions about the agency’s response in lieu of the attacks.
Click for full text of the letter to GAO.