A group of House Democrats is worried about the Federal Communications Commission’s cybersecurity preparedness in the wake of an alleged distributed denial-of-service attack that wreaked havoc on its online comment filing system last month.
The FCC claimed it experienced a “nontraditional DDOS attack” May 7-8 on its comment system after HBO’s “Last Week Tonight” host and comedian John Oliver urged viewers to visit the FCC’s website and share their displeasure with a then-newly proposed rollback of Title II net neutrality rules.
Senate lawmakers already pushed the commission for answers on what happened to the comment system, to which CIO David Bray responded that the “malicious” incident disrupted an API used for bulk filing, blocking “new human users … from visiting the comment filing system.” His explanation came as part of deep dive attached to FCC Chairman Ajit Pai’s official response to questions from Sens. Ron Wyden, D-Ore., and Brian Schatz, D-Hawaii.
A larger group of senators also asked the FBI to investigate the FCC’s claims.
The FCC consulted with the FBI to determine “the attack did not appear to rise to the level of a major incident,” yet it affected visitors from filing comments, leaving the House lawmakers uncertain and raising “fundamental questions” about the commission’s detection of and response to the attack.
“What analysis did the FCC and the FBI conduct to determine that this was not a ‘major incident?’” reads the letter issued Monday by Democratic Reps. Frank Pallone Jr. of New Jersey; Elijah Cummings of Maryland, Mike Doyle of Pennsylvania, Diana DeGette of Colorado, Robin Kelly of Illinois and Gerry Connolly of Virginia.
Also: “What ‘additional solutions’ is the FCC pursuing to ‘further protect the system?’” they asked, quoting the FCC’s response to the senators’ initial questioning.
The representatives run down a series of eight questions total, asking the FCC to recap how it responded to the attack, during which the commission claims “the system remained secure and nothing was hacked.” The lawmakers also sent questions to the Department of Homeland Security’s National Cybersecurity and Communications Integration Center about the FCC’s reporting of the alleged DDoS attack.
The letter’s signees also called into question the validity of many comments submitted since the alleged cyberattack occurred. Thousands of comments may have been submitted using the names and addresses of real people without their consent, according to a report the lawmakers cited.
“We ask you to examine these serious problems and irregularities that raise doubts about the fairness, and perhaps even the legitimacy, of the FCC’s process in its net neutrality proceeding,” the Democratic lawmakers wrote to the FCC. “Giving the public an opportunity to comment in an open proceeding such as this one is crucial — so that the FCC can consider the full impact of its proposals, and treat everyone who would be affected fairly.”
The lawmakers don’t give the FCC an immediate by which it should respond. They did, however, ask that DHS’s NCCIC respond by July 17 and brief them by July 19.