OCR of the Document

View the Document >>

Federal Communications Commission, Responses to Inquiry from the House Energy & Commerce and Government Reform Committees. July 21, 2017. Unclassified.

FEDERAL COMMUNICATIONS COMMISSION WASHINGTON July 21 2017 OFFICE OF THE CHAIRMAN The Honorable Gerald Connolly Ranking Member Subcommittee on Government Operations Committee on Oversight and Government Reform US House of Representatives 2238 Rayburn House Of ce Building Washington DC 20515 Dear Congressman Connolly Thank you for your June 26 2017 letter and questions concerning the Federal Communications Commission s F or Commission s cybersecurity preparedness and its impact on the ability to accept comments from the public in ongoing proceedings I consider any disruption of the systems by outside parties to be a very serious matter That s why our Information Technology IT staff immediately addressed the disruption to the FCC's Electronic Comment Filing System ECFS that began late in the evening on May 7 and mitigated the impact on lers by the morning of the following day May 8 And following the events of May 7-8 I directed our Chief Information Of cer C10 to take appropriate measures to continue securing the comment ling system and to report back to my staff routinely on this work I also directed the C10 to fully assist in any of cial inquiries related this matter and to comply with all applicable federal guidelines and laws governing such incidents This work was successful and from Monday May 8 to Friday May 12 we received more than 2 1 million comments To put this number in perspective the FCC usually averages 10 000 comments per day in total for all our proceedings combined Moreover during the past two months the Commission s IT staff has taken additional steps to prevent potential disruptions similar to the May 7 8 event as well as to ensure the ongoing integrity and resiliency of the system And ECFS has performed well during the comment period following the adoption of the Restoring Internet Freedom Notice of Proposed Rulemaking The docket now contains more than 10 million comments overall demonstrating that our processes are facilitating widespread public participation in this proceeding Indeed the system did not experience any dif culties in the leadup to the deadline for initial comments which was earlier this week Although I cannot guarantee that we will not experience further attempts to disrupt our systems our staff is constantly monitoring and reviewing the situation so that that everyone seeking to comment on our proceedings will be afforded the opportunity to do so We are committed to this goal and will continue to foster a transparent process that encourages public participation in our proceedings The CIO has provided me with the attached answers to the list of questions in your letter Please let me know if I can be of any further assistance Sincerely Ajit Pai Enclosure FEDERAL COMMUNICATIONS COMMISSION WASHINGTON July 21 2017 OFFICE OF THE CHAIRMAN The Honorable Frank Pallone Ranking Member Committee on Energy and Commerce US House of Representatives 2125 Rayburn House Of ce Building Washington DC 20515 Dear Congressman Pallone Thank you for your June 26 2017 letter and questions concerning the Federal Communications Commission s F or Commission s cybersecurity preparedness and its impact on the ability to accept comments from the public in ongoing proceedings I consider any disruption of the systems by outside parties to be a very serious matter That s why our Information Technology IT staff immediately addressed the disruption to the FCC's Electronic Comment Filing System ECFS that began late in the evening on May 7 and mitigated the impact on lers by the morning of the following day May 8 And following the events of May 7-8 I directed our Chief Information Of cer C10 to take appropriate measures to continue securing the comment ling system and to report back to my staff routinely on this work I also directed the CIO to fully assist in any of cial inquiries related this matter and to comply with all applicable federal guidelines and laws governing such incidents This work was successful and from Monday May 8 to Friday May 12 we received more than 2 1 million comments To put this number in perspective the FCC usually averages 10 000 comments per day in total for all our proceedings combined Moreover during the past two months the Commission s IT staff has taken additional steps to prevent potential disruptions similar to the May 7-8 event as well as to ensure the ongoing integrity and resiliency of the system And ECF has performed well during the comment period following the adoption of the Restoring Internet Freedom Notice of Proposed Rulemaking The docket now contains more than 10 million comments overall demonstrating that our processes are facilitating widespread public participation in this proceeding Indeed the system did not experience any dif culties in the leadup to the deadline for initial comments which was earlier this week Although I cannot guarantee that we will not experience further attempts to disrupt our systems our staff is constantly monitoring and reviewing the situation so that that everyone seeking to comment on our proceedings will be afforded the opportunity to do so We are committed to this goal and will continue to foster a transparent process that encourages public participation in our proceedings The CIO has provided me with the attached answers to the list of questions in your letter Please let me know if I can be of any further assistance Sincerely Aj it Pai Enclosure FEDERAL COMMUNICATIONS COMMISSION WASHINGTON July 21 2017 OFFICE OF THE CHAIRMAN The Honorable Elijah Cummings Ranking Member Committee on Oversight and Government Reform US House of Representatives 2163 Rayburn House Of ce Building Washington DC 20515 Dear Congressman Cummings Thank you for your June 26 2017 letter and questions concerning the Federal Communications Commission s or Commission s cybersecurity preparedness and its impact on the ability to accept comments from the public in ongoing proceedings I consider any disruption of the systems by outside parties to be a very serious matter That s why our Information Technology IT staff immediately addressed the disruption to the CC's Electronic Comment Filing System ECFS that began late in the evening on May 7 and mitigated the impact on lers by the morning of the following day May 8 And following the events of May 7-8 I directed our Chief Information Of cer CIO to take appropriate measures to continue securing the comment ling system and to report back to my staff routinely on this work I also directed the CIO to fully assist in any of cial inquiries related this matter and to comply with all applicable federal guidelines and laws governing such incidents This work was successful and from Monday May 8 to Friday May 12 we received more than 2 1 million comments To put this number in perspective the FCC usually averages 10 000 comments per day in total for all our proceedings combined Moreover during the past two months the Commission s IT staff has taken additional steps to prevent potential disruptions similar to the May 7-8 event as well as to ensure the ongoing integrity and resiliency of the system And ECF has performed well during the comment period following the adoption of the Restoring Internet Freedom Notice of Proposed Rulemaking The docket now contains more than 10 million comments overall demonstrating that our processes are facilitating widespread public participation in this proceeding Indeed the system did not experience any dif culties in the leadup to the deadline for initial comments which was earlier this week Although I cannot guarantee that we will not experience further attempts to disrupt our systems our staff is constantly monitoring and reviewing the situation so that that everyone seeking to comment on our proceedings will be afforded the opportunity to do so We are committed to this goal and will continue to foster a transparent process that encourages public participation in our proceedings The CIO has provided me with the attached answers to the list of questions in your letter Please let me know if I can be of any further assistance Sincerely Ajit Pai Enclosure FEDERAL COMMUNICATIONS COMMISSION WASHINGTON July 21 2017 OFFICE OF THE CHAIRMAN The Honorable Diana DeGette Ranking Member Subcommittee on Oversight and Investigations Committee on Energy and Commerce US House of Representatives 2111 Rayburn House Of ce Building Washington DC 20515 Dear Congresswoman DeGette Thank you for your June 26 2017 letter and questions concerning the Federal Communications Commission s or Commission s cybersecurity preparedness and its impact on the ability to accept comments from the public in ongoing proceedings I consider any disruption of the systems by outside parties to be a very serious matter That s why our Information Technology IT staff immediately addressed the disruption to the FCC's Electronic Comment Filing System ECFS that began late in the evening on May 7 and mitigated the impact on lers by the moming of the following day May 8 And following the events of May 7-8 I directed our Chief Information Of cer CIO to take appropriate measures to continue securing the comment ling system and to report back to my staff routinely on this work I also directed the CIO to fully assist in any of cial inquiries related this matter and to comply with all applicable federal guidelines and laws governing such incidents This work was successful and from Monday May 8 to Friday May 12 we received more than 2 1 million comments To put this number in perspective the FCC usually averages 10 000 comments per day in total for all our proceedings combined Moreover during the past two months the Commission s IT staff has taken additional steps to prevent potential disruptions similar to the May 7 8 event as well as to ensure the ongoing integrity and resiliency of the system And ECFS has performed well during the comment period following the adoption of the Restoring Internet Freedom Notice ofProposed Rulemaking The docket now contains more than 10 million comments overall demonstrating that our processes are facilitating widespread public participation in this proceeding Indeed the system did not experience any dif culties in the Ieadup to the deadline for initial comments which was earlier this week Although I cannot guarantee that we will not experience further attempts to disrupt our systems our staff is constantly monitoring and reviewing the situation so that that everyone seeking to comment on our proceedings will be afforded the opportunity to do so We are committed to this goal and will continue to foster a transparent process that encourages public participation in our proceedings The CIO has provided me with the attached answers to the list of questions in your letter Please let me know if I can be of any further assistance Sincerely Ajit Pai Enclosure FEDERAL COMMUNICATIONS COMMISSION WASHINGTON July 21 2017 OFFICE OF THE CHAIRMAN The Honorable Robin Kelly Ranking Member Subcommittee on Information Technology Committee on Oversight and Government Reform US House of Representatives 1239 Longworth House Of ce Building Washington DC 20515 Dear Congresswoman Kelly Thank you for your June 26 2017 letter and questions concerning the Federal Communications Commission s F or Commission s cybersecurity preparedness and its impact on the ability to accept comments from the public in ongoing proceedings I consider any disruption of the systems by outside parties to be a very serious matter That s why our Information Technology IT staff immediately addressed the disruption to the Electronic Comment Filing System ECFS that began late in the evening on May 7 and mitigated the impact on lers by the morning of the following day May 8 And following the events of May 7-8 I directed our Chief Information Of cer CIO to take appropriate measures to continue securing the comment ling system and to report back to my staff routinely on this work I also directed the CIO to fully assist in any of cial inquiries related this matter and to comply with all applicable federal guidelines and laws governing such incidents This work was successful and from Monday May 8 to Friday May 12 we received more than 2 1 million comments To put this number in perspective the FCC usually averages 10 000 comments per day in total for all our proceedings combined Moreover during the past two months the Commission s IT staff has taken additional steps to prevent potential disruptions similar to the May 7-8 event as well as to ensure the ongoing integrity and resiliency of the system And ECF has performed well during the comment period following the adoption of the Restoring Internet Freedom Notice of Proposed Rulemakt ng The docket now contains more than 10 million comments overall demonstrating that our processes are facilitating widespread public participation in this proceeding Indeed the system did not experience any dif culties in the leadup to the deadline for initial comments which was earlier this week Although I cannot guarantee that we will not experience further attempts to disrupt our systems our staff is constantly monitoring and reviewing the situation so that that everyone seeking to comment on our proceedings will be afforded the opportunity to do so We are committed to this goal and will continue to foster a transparent process that encourages public participation in our proceedings The CIO has provided me with the attached answers to the list of questions in your letter Please let me know if I can be of any further assistance Sincerely Aj it Pai Enclosure FEDERAL COMMUNICATIONS COMMISSION WASHINGTON July 21 2017 OFFICE OF THE CHAIRMAN The Honorable Mike Doyle Ranking Member Subcommittee on Communications and Technology Committee on Energy and Commerce US House of Representatives 239 Cannon House Of ce Building Washington DC 20515 Dear Congressman Doyle Thank you for your June 26 2017 letter and questions concerning the Federal Communications Commission s or Commission s cybersecurity preparedness and its impact on the ability to accept comments from the public in ongoing proceedings 1 consider any disruption of the systems by outside parties to be a very serious matter That s why our Information Technology IT staff immediately addressed the disruption to the FCC's Electronic Comment Filing System ECFS that began late in the evening on May 7 and mitigated the impact on lers by the morning of the following day May 8 And following the events of May 7-8 I directed our Chief Information Of cer CIO to take appropriate measures to continue securing the comment ling system and to report back to my staff routinely on this work I also directed the CIO to fully assist in any of cial inquiries related this matter and to comply with all applicable federal guidelines and laws governing such incidents This work was successful and from Monday May 8 to Friday May 12 we received more than 2 1 million comments To put this number in perspective the FCC usually averages 10 000 comments per day in total for all our proceedings combined Moreover during the past two months the Commission s IT staff has taken additional steps to prevent potential disruptions similar to the May 7-8 event as well as to ensure the ongoing integrity and resiliency of the system And ECFS has performed well during the comment period following the adoption of the Restoring Internet Freedom Notice of Proposed Rulemaking The docket now contains more than 10 million comments overall demonstrating that our processes are facilitating widespread public participation in this proceeding Indeed the system did not experience any dif culties in the leadup to the deadline for initial comments which was earlier this week Although I cannot guarantee that we will not experience further attempts to disrupt our systems our staff is constantly monitoring and reviewing the situation so that that everyone seeking to comment on our proceedings will be afforded the opportunity to do so We are committed to this goal and will continue to foster a transparent process that encourages public participation in our proceedings The CIO has provided me with the attached answers to the list of questions in your letter Please let me know if I can be of any further assistance Sincerely Aj it Pai Enclosure Responses to Inquiry from the House Energy Commerce and Government Reform Committees According to the response to Senators Wyden and Schatz the May 2017 incident was a non-traditional attack where hot traf c increased exponentially between 11pm EST on May 7 2017 until 1pm EST on May 8 2017 representing a 3 000% increase in normal volume What additional solutions is the FCC pursuing to further protect the system as mentioned in the response First for your records please note the following correction to your question above concerning the timing of this event As we stated in our earlier response to Senators Wyden and Schatz bot traf c increased exponentially from 11 00 pm to 1 00 EST not 1 00 pm We provided this timeline to assist in understanding the nature of the attack Given the ongoing nature of the threats to disrupt the Commission s electronic comment ling system it would undermine our system s security to provide a speci c roadmap of the additional solutions to which we have referred However we can state that the IT staff has worked with commercial cloud providers to implement interact-based solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs The FCC also instituted a more predictive model for assessing the number of incoming comments and bot driven activity to ensure we will have more cloud-based resources available within a shorter time period to respond to potential surges in activity In addition the FCC implemented a control feature that recognizes when there is heavy bot traf c This improvement allows humans as opposed to bots to continue to access the electronic comment ling system even if a large amount of bot activity is also present According to the FCC the alleged cyberattacks blocked new human visitors from visiting the comment ling system Yet the FCC consulting with the FBI determined that the attack did not rise to the level of a major incident that would trigger further FBI involvement What analysis did the FCC and the FBI conduct to determine that this was not a major incident The FCC consulted with the FBI following this incident and it was agreed this was not a signi cant cyber incident consistent with the de nition contained in Presidential Policy Directive-41 PPD-41 Equally it is important to note the May 7-8 disruption was not a system hack or intrusion and at no point was the Commission s network cybersecurity breached What speci c hardware resources will the FCC commit to accommodate people attempting to le comments during high-pro le proceedings Does the FCC have suf cient resources for that purpose The Commission s Electronic Comment Filing System is commercially cloud-based so our hardware resources are provided by our commercial partners While it would undermine our system security to provide a speci c roadmap of what we are doing we can state that FCC IT staff has noti ed its cloud providers of the need to have suf cient hardware resources available to accommodate high-pro le proceedings In addition FCC IT staff has worked with commercial cloud providers to implement internet-based solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs Responses to Inquiry from the House Energy Commerce and Government Reform Committees Is the FCC making alternative ways available for members of the public to file comments in the net neutrality proceeding Yes lers always have four alternatives for submitting comments sending a written document ling through the normal web interface ling through the API or submitting through the electronic inbox using the Bulk Upload Template Did the FCC contact the National Cybersecurity and Communication Integration Center s Hunt and Incident Response Team HIRT at the U S Department of Homeland Security to investigate the May 8th 2017 incident and if so which date s was such contact made If the FCC did not contact HIRT to investigate the May 8th 2017 incident please explain why it did not do so The FCC did not contact HIRT because this event was not categorized as a signi cant cyber incident under PPD-41 What were the findings from any forensic investigative analyses or reports concerning the May 8th 2017 incident including how and why a denial-of-service attacks were declared and from what attack vectors they came Our response to Senators Wyden and Schatz describes why we have categorized this incident as a non-traditional attack Otherwise the investigation is ongoing at this stage Did the FCC notify Congress of the May 8th 2017 incidents as provided by And if so how did the FCC notify Congress If not why not Although I have been advised that the Of ce of Legislative Affairs provided background information on this matter to the committee of ces we did not provide a FISMA-based noti cation We determined that this event was not a major incident under the Of ce of Management and Budget s OMB de nition and hence it did not meet the criteria of a reportable incident to Congress under FISMA guidance Our rationale was based on the OMB guidance on ISMA contained in M-17-05 which provides instructions to agencies on when and how to report a major incident to Congress Under ISMA guidance a major incident is automatically 3 signi cant cyber incident per PPD-41 and the definitions of the two terms are closely related As discussed in the response to question number 2 this event was not categorized as a signi cant cyber incident per PPD-41 Did the FCC notify its Of ce of the Inspector General OIG of the May 8th 2017 incidents and if so when did it notify the The Of ce of the Inspector General contacted management on May 10 2017 and we have provided information to them about the incident                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu