Democratic lawmakers are calling for an independent investigation into how the Federal Communications Commission responded to a reported cyberattack in May that crippled the agency’s comment filing system.
Sen. Brian Schatz (D-Hawaii) and Rep. Frank Pallone Jr. (D-N.J.) sent a letter to the Government Accountability Office (GAO) on Thursday that cast doubt on the FCC’s version of the incident.
“While the FCC and the FBI have responded to Congressional inquiries into these [distributed denial of service] attacks, they have not released any records or documentation that would allow for confirmation that an attack occurred, that it was effectively dealt with, and that the FCC has begun to institute measures to thwart future attacks and ensure the security of its systems,” the letter reads.
{mosads}“As a result, questions remain about the attack itself and more generally about the state of cybersecurity at the FCC — questions that warrant an independent review.”
Schatz is the top Democrat on the Senate Commerce subcommittee on technology and Pallone is the ranking member of the House Energy and Commerce Committee.
The agency’s comment filing system went down shortly after John Oliver criticized the FCC’s efforts to roll back the Obama-era net neutrality rules.
In a segment on his HBO show “Last Week Tonight” on May 7, Oliver slammed FCC Chairman Ajit Pai’s plan and urged viewers to file comments in support of the rules on the agency’s Electronic Comment Filing System.
Shortly after, the system slowed to a crawl, making it hard for many to leave comments and sparking speculation that Oliver’s segment had overwhelmed it with traffic.
But the next day, the agency’s chief information officer, David Bray, said that the site had been the victim of a DDoS attack, which aims to take down a site by flooding it with fake traffic.
Net neutrality supporters have questioned the FCC’s claims and demand evidence of the attack.
An FCC spokeswoman declined to comment on lawmakers’ letter.
Pallone and Schatz asked the GAO to determine what evidence the FCC has that it suffered a cyberattack and to review the agency’s cybersecurity practices and infrastructure. They also cited reports that the net neutrality docket had been flooded with fake comments from both sides of the issue.
“The FCC’s lack of action in preventing or mitigating this issue is also cause for concern,” they wrote. “In fact, taken together, these situations raise serious questions about how the public makes its thoughts known to the FCC and how the FCC develops the record it uses to justify decisions reached by the agency.”