E&C and OGR Dem Leaders Raise Alarms About Alleged Cyberattack that Blocked Receipt of Net Neutrality Comments
Washington, D.C. – Today, Democratic Leaders of the Energy and Commerce and Oversight and Government Reform committees, sent letters to the Federal Communications Commission (FCC) and the National Cybersecurity and Communications Integration Center (NCCIC), raising concerns about FCC’s cybersecurity preparedness. The request comes after the FCC recently claimed that its website was struck by multiple distributed denial-of-service attacks (DDoS) that the Agency says was responsible for interfering with the public’s ability to submit comments to the Agency on the issue of net neutrality during the public commenting period.
The letters were signed by Energy and Commerce Ranking Member Frank Pallone, Jr. (D-NJ), Oversight and Government Reform Ranking Member Elijah Cummings (D-MD), E&C Communications and Technology Subcommittee Ranking Member Mike Doyle (D-PA), Oversight and Investigations Subcommittee Ranking Member Diana DeGette (D-CO), OGR Information Technology Subcommittee Ranking Member Robin Kelly (D-IL), and Government Operations Subcommittee Ranking Member Gerald Connolly (D-VA).
“We ask you to examine these serious problems and irregularities that raise doubts about the fairness, and perhaps even the legitimacy, of the FCC’s process in its net neutrality proceeding,” the Democratic Leaders wrote to FCC Commissioners. “Giving the public an opportunity to comment in an open proceeding such as this one is crucial – so that the FCC can consider the full impact of its proposals, and treat everyone who would be affected fairly.”
The Committee Democratic leaders wrote that a FCC response to an inquiry from Senators Ron Wyden (D-OR) and Brian Schatz (D-HI) on this same issue raised additional questions. According to the FCC’s response to the two Democratic Senators, the May 2017 incident was a “non-traditional DDoS attack” where bot traffic “increased exponentially” between 11pm EST on May 7, 2017 until 1pm EST on May 8, 2017, representing a “3,000% increase in normal volume.”
As follow-up questions to that response, the House Democratic Committee leaders asked:
- What “additional solutions” is the FCC pursuing to “further protect the system,” as was mentioned in the FCC’s response?
- According to the FCC, the alleged cyberattacks blocked “new human visitors … from visiting the comment filing system.” Yet, the FCC, consulting with the FBI, determined that “the attack did not rise to the level of a major incident that would trigger further FBI involvement.” What analysis did the FCC and the FBI conduct to determine that this was not a “major incident?”
- What specific “hardware resources” will the FCC commit to accommodate people attempting to file comments during high-profile proceedings? Does the FCC have sufficient resources for that purpose?
- Is the FCC making alternative ways available for members of the public to file comments in the net neutrality proceeding?
The public commenting period is required by law to garner the input of the American people. Under the Administrative Procedure Act, FCC is required to give the public notice and an opportunity to comment, as well as to respond to those comments. FCC is also responsible for meeting cybersecurity requirements under the Federal Information Security Modernization Act (FISMA), which tasks the Chairman to provide information security protections for the Agency.
In their letter to NCCIC Director John Felker, the Democratic Leaders requested information about the alleged cyberattacks reported by FCC.
“Since the FCC’s announcement, fundamental questions have been raised about its detection of the alleged cyberattacks and its response,” the Democratic Committee leaders wrote in their letter.