The US Federal Communications Commission (FCC) reached a $15 million settlement with Charter Communications to resolve an investigation into the cable operator’s non-compliance with 911 and network outage notification rules.
During the FCC’s investigation, Charter admitted it violated rules regarding notifications to public safety officials and the agency related to three network outages, as well as “hundreds of planned, maintenance-related network outages that occurred last year”.
The rules require interconnected VoIP providers, such as Charter, to notify 911 call centres as soon as possible if outages last longer than 30 minutes.
Service providers are also required to file notifications in the FCC’s Network Outage Reporting System when outages reach a certain severity threshold.
In one occurrence, Charter failed to notify more than 1,000 emergency call centres of a disruption impacting 911 services and then didn’t comply with the FCC’s outage reporting rules.
“Public safety officials need to be able to inform the public of alternate ways to reach emergency services in the event of an outage,” stated FCC chair Jessica Rosenworcel.
New cybersecurity measures
The FCC noted in addition to the $15 million civil penalty, Charter is now required to “implement a robust compliance plan, including cybersecurity provisions, to ensure network resiliency and future adherence to the Commission’s 911 and network reporting rules”.
The compliance plan includes the agency’s first application of cybersecurity measures, such as network segmentation and vulnerability mitigation management, related to 911 communications services and network outage reporting.
The cable operator, which offers services through its Spectrum brand, “agreed to maintain and evolve its overall cybersecurity risk management program in accordance with the voluntary National Institute of Standards and Technology (NIST) Cyber Security Framework”.
It will also apply industry standards and best practices, and applicable state and/or federal laws covering cybersecurity risk management and governance practices.
The settlement, which is called a consent decree, is related to a network outage on 19 February 2023 as well as two additional outages on 31 March 2023, and 26 April 2023.
The February outage was due to a minor denial of service (DoS) attack on the company
A representative for Charter told Mobile World Live that it is glad to “have resolved these issues, which will primarily result in Charter reporting certain planned maintenance to the FCC”.
“The fine has nothing to do with cybersecurity violations and is attributable solely to administrative notifications. No provision within either the CISA Cybersecurity Best Practices or the NIST Cybersecurity Framework would have prevented this attack, and no flaws were identified by the FCC regarding Charter’s cybersecurity practices. We agreed with the FCC that we should continue doing what we’re already doing.”
Comments