The FCC has signaled it is about a year away from fully implementing GAO recommendations for fixing deficiencies in its electronic comment filing system (ECFS), but the General Accountability Office suggests that means a year away from a secure system.
ECFS is where the public and stakeholders can file comments on proposed FCC actions, like on whether or not to deregulate internet access, to cite one particularly germane example. The FCC is supposed to take those comments into account before taking action.
Related: FCC Net Neutrality Docket Heats Up Again
The FCC has said it has implemented 85 of GAO's 136 recommendations, with another 10 partially implemented and the remaining 41 to be fully implemented by April 2021.
GAO said in its report, a public version of one it gave to the FCC last September, that until that "until FCC fully implements these recommendations and resolves the associated deficiencies, its information systems and information will remain at increased risk of misuse, improper disclosure or modification, and loss."
The FCC took a lot of grief over its handling of the net neutrality docket which included filings under bogus names and addresses and allegations of millions of fraudulent comments, some from Russia, and of manipulation of comments by special interests. At the time FCC chairman Ajit Pai said that the FCC was erring on the side of inclusiveness and that bogus comments did not affect the outcome of the proceeding, but also agreed to tighten up the ship per the GAO report.
"The FCC is committed to protecting the confidentiality, integrity, and availability of our information systems," said an FCC spokesman. "We have been engaged in a major, multi-year strategic effort to modernize our IT capabilities and deliver secure, scalable, and reliable networks for both our internal operations and our public-facing systems. We have been working diligently to address the recommendations in the report and have addressed 94 to date and plan to implement the remaining recommendations on a rolling basis over the next year."
Related: FCC Says Rulemakings Aren't Opinion Polls
House Energy & Commerce Committee chairman Frank Pallone (D-N.J.), one of those critics of the FCC's handling of the docket (he requested the report), said he had urged Pai last December to fix the remaining issues before the public release of the report.
Pallone said he asked for the report because it was clear that "after the net neutrality repeal comment period debacle, the FCC’s cybersecurity practices had failed. After more than two years of investigating, GAO agrees and found a disturbing lack of security that places the Commission’s information systems at risk... Until the FCC implements all of the remaining recommendations, its systems will remain vulnerable to failure and misuse.
He called on Pai to fix the remaining vulnerabilities ASAP.
