Senators Want Pai to Drill Down on DDoS Attacks

A pair of Democratic senators has asked FCC chair Ajit Pai for more information on what the FCC has said were multiple DDoS attacks on its website that affected comments being posted there.

Related: FCC CIO Says Agency Hit by DDoS Attack

FCC chief information officer David Bray said the attacks "made it difficult for legitimate commenters to access and file with the FCC."

The key docket in terms of activity that could have been interrupted is net neutrality, where the FCC still managed to post more than a half a million comments since last week, attack or no. Among the senators' questions was whether any comments were prevented from being submitted and, if so, how many.

Sens. Ron Wyden of Oregon and Brian Schatz of Hawaii, the latter ranking member of the Senate Communications Subcommittee, sent a letter to Pai about the May 8 attack (which came in the wee hours of the morning following the May 7 airing of John Oliver's call, during HBO's Last Week Tonight, for a flood of comments in support of net neutrality.

Related: John Oliver Takes On Pai, Net Neutrality, Take II

They asked about the FCC's defenses against such an attack should it be repeated and wanted Pai to ensure the FCC provides other ways to comment as a workaround, such as a dedicated e-mail account.

“Any potentially hostile cyber activities that prevents Americans from being able to participate in a fair and transparent process must be treated as a serious issue,” the senators said.

Specifically, they requested the following information by June 8:

1. “Please provide details as to the nature of the DDoS attacks, including when the attacks began, when they ended, the amount of malicious traffic your network received, and an estimate of the number of devices that were sending malicious traffic to the FCC. To the extent that the FCC already has evidence suggesting which actor(s) may have been responsible for the attacks, please provide that in your response.
2. “Has the FCC sought assistance from other federal agencies in investigating and responding to these attacks? Which agencies have you sought assistance from? Have you received all of the help you have requested?
3. “Several federal agencies utilize commercial services to protect their websites from DDoS attacks. Does the FCC use a commercial DDoS protection service? If not, why not? To the extent that the FCC utilizes commercial DDoS protection products, did these work as expected? If not, why not?
4. “How many concurrent visitors is the FCC’s website designed to be able to handle? Has the FCC performed stress testing of its own website to ensure that it can cope as intended? Has the FCC identified which elements of its website are performance bottlenecks that limit the number of maximum concurrent visitors? Has the FCC sought to mitigate these bottlenecks? If not, why not?
5. “Did the DDoS attacks prevent the public from being able to submit comments through the FCC’s website? If so, do you have an estimate of how many individuals were unable to access the FCC website or submit comments during the attacks? Were any comments lost or otherwise affected?
6. “Will commenters who successfully submitted a comment — but did not receive a response, as your press release indicates — receive a response once your staff have addressed the DDoS and related technical issues?

While the letter did not question whether such an attack had happened, others have, including activist group Fight for the Future

"We think it's more than just coincidence that the FCC would cite a DDoS attack at the same time that John Oliver's call to make public comment on the FCC website in favor of net neutrality went viral," said Rashad Robinson, executive director of Color Of Change, a big Title II fan. "That said, we certainly hope to see a full investigation into what happened in order to ensure the integrity and full transparency of a key federal agency. But the unfortunate reality is that, after everything this administration has done to steal our rights as Americans, we wouldn't be surprised if this was merely an attempt to label the democratic exercise of free speech as a cyberattack.”

John Eggerton

Contributing editor John Eggerton has been an editor and/or writer on media regulation, legislation and policy for over four decades, including covering the FCC, FTC, Congress, the major media trade associations, and the federal courts. In addition to Multichannel News and Broadcasting + Cable, his work has appeared in Radio World, TV Technology, TV Fax, This Week in Consumer Electronics, Variety and the Encyclopedia Britannica.