[EAS] Next Generation

Bill Ruck ruck at lns.com
Tue Nov 11 16:45:05 CST 2014 

There are several points that I'd like to add to the discussion.

1.  A friend and colleague, who is not longer with us, Tom Croda, 
used to say "Nothing is fool-proof.  At best you can make it fool-resistant."

2.  The EAS and EAN protocols are public information.  They're 
published in FCC Part 11.  A lot of information about state and local 
level EAS systems is also public information.  It may be hard to 
enter the system at a national level but trivial to generate an EAN 
and get it into local level.  It is against the law but that has not 
stopped a lot of other events.

3.  Obscurity is not security.  I have learned is that the type of 
person interested in hacking tends to be un-social and has lots and 
lots of free time on his (and even her) hands.

4.  Good point about feature creep.  One lesson I learned the hard 
way in 1989 is the difference between WARNING and PUBLIC 
INFORMATION.  CAP / IPAWS / EAS is a WARNING system.  Never confuse 
it with any public information system.

5.  A good example of mind set for us to follow is General Groves 
during the Manhattan Project.  He kept the scientists focused on 
their goal.  He didn't want it perfect, he just wanted it to work.

6.  As a hardware kinda guy (although once upon a time I was pretty 
good with Fortran and Basic) "It's only software".

7.  Just like the evolving DTV standards keeping compatibility with 
first generation equipment eventually becomes impossible.  I've heard 
that the next generation of DTV will be completely incompatible with 
first generation DTV decoders.  We did have to throw away our carrier 
off / on / off / on / off / on EBS equipment.  We may have to 
consider the same with first generation EAS equipment if it isn't 
smart enough to handle a more robust and secure system.

In summary, Mike McCarthy's idea of a password downloaded from the 
CAP server is a very good way to provide reasonable security.  All 
stations now must have Internet connectivity for their EAS decoder so 
all that is necessary is new software.  If the message password does 
not match the daily password the message gets delayed until it is 
reviewed.  That function can be programmed to alarm the "Chief 
Operator".  Because the CAP server handshake is secure and the 
decoder software can make it difficult to learn the password it 
raises the bar much higher for a hacker.

Bill Ruck
San Francisco

More information about the EAS mailing list