February 10, 2026
by John Baich, SECC Chair & CBA ABIP Inspector
Sangre de Cristo Broadcast Consulting, LLC
Last week the FCC’s Public Safety and Homeland Security Bureau issued Public Notice DA 26-96A1 citing an increase of ransomware attacks is reminding broadcasters to strengthen cybersecurity practices protecting on-air operations and EAS (Emergency Alert System) infrastructure. Modern broadcast chains rely heavily on IP-based, often internet-facing equipment, making them and the Station vulnerable to cyberattacks.
Recommended Cybersecurity Tasks:
- Develop a Cybersecurity Management Plan: Ransomware often enters your facility through rouge email attachments or nefarious links. Communicate to staff throughout your organization the risks of social engineering.
- Apply Updates & Patches: Keep operating systems and firmware current. Coordinate with vendors to ensure all equipment receives necessary security updates.
- Use Secure Passwords: Change default passwords immediately, use strong unique passwords, and update them regularly.
- Multi-Factor Authentication (MFA): Enable MFA on systems/services that support it.
- Use Firewalls & VPNs: Segment and protect EAS equipment, Barix devices, automation systems, remote controls, and remote production gear with proper network isolation.
- Monitor EAS Systems: Regularly review audit logs and enable alerts for admin logins or configuration changes. This action is beyond your standard weekly EAS logs.
- Implement Zero-Trust Architecture: Block unauthorized devices by default and require explicit authorization for every device on the network. Eliminate the plug & play mindset that opens your network to potential exploits.
- Deploy Active Virus/Malware Protection: Installation of trusted virus/malware software where possible provides an extra layer of protection. Check with specific platform vendors such as automation and servers on the specific virus/malware they support. The communication architecture of some systems may trigger third party protection software that could shut down your critical operations.
- Develop an Incident Response Plan: Maintain a written, up-to-date plan describing network architecture, procedures, and key resources to guide internal staff and vendors during a cyber incident.
FCC Public Notice (DA-26-96A1)
