House Commerce, Oversight Dems Seek GAO Look at FCC Cybersecurity, IT Practices
Democrats on the House Commerce and Oversight committees jointly urged the GAO on Friday to examine the FCC's IT and cybersecurity practices, after the May distributed denial-of-service (DDoS) on the FCC website that is believed to have affected comments in the net neutrality proceeding (see 1705170067). The Democrats, including House Commerce ranking member Frank Pallone, D-N.J., and House Oversight ranking member Elijah Cummings, D-Md., also cited concerns about reports that some comments on the FCC's May net neutrality NPRM were filed under stolen identities. Fourteen people claimed last month that comments were submitted fraudulently under their names in support of a rollback of the 2015 net neutrality rules (see 1705250064). “Cybersecurity and other problems can have a direct functional impact on the mission of the FCC,” the Democrats said in a letter to Comptroller General Gene Dodaro, citing "the agency’s cybersecurity preparedness and problems with the FCC’s ability to take public comments in its net neutrality proceeding.” Communications Subcommittee ranking member Mike Doyle, D-Pa.; Oversight Government Operations Subcommittee ranking member Gerald Connolly, D-Va.; Commerce Oversight Subcommittee ranking member Diana DeGette, D-Colo.; and Oversight IT Subcommittee ranking member Robin Kelly, D-Ill., also signed the letter. They asked the GAO to determine whether the FCC's website issues identified as a DDoS attack were caused by a cyberattack and whether the agency has taken sufficient steps to deal with the attack. The lawmakers asked GAO to assess whether the FCC is taking sufficient steps to protect the electronic commenting filing system and other systems from DDoS attacks, and whether the agency is coordinating with the Department of Homeland Security and others to investigate and respond to the May cyberattack and to determine how many users were unable to access the FCC's website during the incident and identify whether the FCC is able to sufficiently accommodate comment filings in high-profile proceedings. FCC Chairman Ajit Pai told Democratic lawmakers last month that the FCC was the victim of a “non-traditional” DDoS attack in the May incident, and the agency didn't have the technical option of blocking or removing the bots hitting ECFS' application program interface and instead increased API capacity (see 1706280044). The FCC and GAO didn't comment.