FCC Claimed It Was a Victim of DDoS Attacks – Lawmakers Now Want to See Some Evidence
The Federal Communications Commission had claimed that it was a victim of a distributed denial of service (DDoS) attack on its Electronic Comment Filing System (ECFS) through which the public submits comments. Since this happened during the time when the Commission was collecting public comment on the critical decision of rolling back the net neutrality rules, several critics have demanded the FCC to release information of this DDoS attack.
The agency has so far claimed that it didn't "document" the attack and that sharing details would further put it at security risk. A few congressmen don't seem to be onboard. On Thursday, Senator Brian Schatz and Congressman Frank Pallone Jr sent a letter to the Government Accountability Office (GAO) asking for a full review of the FCC's claims. In particular, they question;
- that the agency hasn't released any records or documentation that would allow for a confirmation of such an attack;
- whether it effectively dealt with the attack;
- if it has begun to institute measures to thwart such attacks in the future;
- if the agency designed the comment portal in a way that implements cybersecurity practices;
- if other FCC systems are also at risk?
They have bluntly said that the alleged DDoS attack appeared to be designed to "inhibit or limit public comment on this important proceeding, raising doubts about the efficacy of the FCC's public comment process."
As folks at Engadget have noted, Senator Schatz is a ranking member of the Senate Commerce Subcommittee on Communications, Technology, Innovation and the Internet and Pallone Jr is a member of the House Committee on Energy and Commerce, making them pretty powerful voices.
"These situations raise serious questions about FCC's decision making process"
The Senator and the Congressman have also questioned the efficacy of the commission's public comment process, when it was reported that the portal was flooded with fake comments. How can the agency take public input when it can't ensure the system isn't being abused?
"The FCC's lack of action in preventing or mitigating this issue is also cause for concern," they write. "In fact, taken together, these situations raise serious questions about how the public makes its thoughts known to the FCC and how the FCC develops the record it uses to justify decisions reached by agency."
Seems like the FCC has some answering to do...