[EAS] IPAWS expiration dates...

Lucero, Mark Mark.Lucero at fema.dhs.gov
Thu Oct 16 07:58:59 CDT 2014 

Dave,
Alerting authorities who are authorized to send alerts via IPAWS are provided a digital certificate.  This certificate is used to sign alerts for non-repudiation purposes.  It is a security mechanism to ensure that the organization sending the alert is truly authorized, and not a spoofed alert.

The digital certificate has a 3 year expiration date.  The Memorandum of Agreement between the alerting authority and FEMA also has a 3 year expiration date.  We rely on communication and relationships with the state and local emergency managers to ensure they have everything they need to send alerts through IPAWS.  I have reached out to Idaho state to ensure that they have everything they need.

Thank you for bringing this to everyone's attention.  It is important for stakeholders to know that there are security mechanisms in place to prevent unauthorized use of the system.  It is also important to understand that security sometimes comes at a cost:  The cost of keeping documentation and certificates up to date in this case.

v/r
Mark A. Lucero
Chief, IPAWS Engineering
FEMA National Continuity Programs
202-646-1386 (w)
202-257-1364 (bb)
mark.lucero at dhs.gov

-----Original Message-----
From: eas-bounces at radiolists.net [mailto:eas-bounces at radiolists.net] On Behalf Of Dave Turnmire

Well, just when you thought you had heard everything...

Today our emergency management folks went to send an RWT from our CAP server, which distributes both directly to our broadcasters/cable companies, as well as via IPAWS... and IPAWS rejected it.  Worked fine just a few days ago.  Turns out... there is a 4 year expiration date associated with IPAWS that no one on this end I have spoken with thus far was aware existed.  And apparently no warning.

We are still exploring this issue, but, given the potential seriousness of this, I thought I'd get you a heads up.  So... if you are associated with a jurisdiction that first signed up with FEMA approaching 4 years ago... you better go read your paperwork and find out if your ability to generate alerts is in peril.  I am, frankly, hoping this is a mistake on Idaho's part somewhere.  I would really hate to think that FEMA's system is designed to dump without warning the ability to send EMERGENCY alerts.  That obviously has some rather serious implications.  Perhaps someone from FEMA monitoring this list can comment.

More to follow as I get further clarification...

Dave Turnmire
Chair
Idaho SECC

__________________________________________________________
The EAS Forum Discussion List is hosted by the BWWG (Broadcast Warning Working Group). http://eas.radiolists.net Please invite your friends to join our Forum! The sign up is at: http://lists.radiolists.net/mailman/listinfo/eas
___________________________________________________________

More information about the EAS mailing list