Congress

GAO Will Investigate FCC DDoS Attack

Dems had said questions about the alleged attack remained unanswered 10/13/2017 11:43 AM Eastern

The Government Accountability Office will investigate the distributed denial of service (DDoS) attack the FCC says disrupted its network neutrality docket.

GAO public affairs managing director Charles Young confirmed the request had been accepted "and is now in the queue." But he added that the work "won’t get underway for several months when staff become available."

He said that is when GAO will determine the scope and methodology.

GAO does not agree to all such investigation requests, but if it comes from a ranking member of a relevant committee, the odds go way up. Then GAO has to determine if there is already an IG investigation, whether there are legal limitations, or if it is the subject of an open proceeding. GAO found no impediments to proceeding with the investigation.

A pair of top Democrats had asked GAO to investigate the FCC's claim of the DDoS attack, which the commission said impeded the filing of comments and occurred not long after John Oliver, host of HBO's Last Week Tonight, called for a flood of pro-network neutrality comments.

In a letter to GAO, House Energy & Commerce Committee ranking member Frank Pallone (D-N.J.) and Sen. Brian Schatz (D-Hawaii), Communications Subcommittee ranking member, said that while the FBI and FCC have responded to congressional inquiries about the attack, they had not supplied any documentation.

Related: Dems: FCC DDOS Attack Raises Cybersecurity Questions

They said questions remain that GAO needs to answer. Those are principally: 1) How did the FCC determine an attack had taken place May 8; 2) How does the FCC plan to prevent a future attack; 3) What are the cybersecurity implications and are other systems at risk; and 4) Has the FCC evaluated other systems for vulnerabilities and if so, has it taken any action.

The FCC's chief information officer had said there were multiple DDoS attacks on the docket, which he called "deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host" that "made it difficult for legitimate commenters to access and file with the FCC."

Despite the attacks, more than 22 million comments were registered in the docket.

Want to read more stories like this?
Get our Free Newsletter Here!