
									DA 22-62
Released: January 19, 2022


PUBLIC SAFETY AND HOMELAND SECURITY BUREAU SEEKS COMMENT ON
POTENTIAL SAFEGUARDS IN CONNECTION WITH SHARING OF 
NETWORK OUTAGE REPORTING SYSTEM AND DISASTER INFORMATION REPORTING SYSTEM DATA

PS Docket No. 15-80

Comments Due: 30 days after publication in the Federal Register

On March 17, 2021, the Federal Communications Commission (Commission) adopted a framework for sharing communications outage information with state, federal, and Tribal nation agencies to improve their situational awareness, enhance their ability to respond more rapidly to outages, and to help save lives, while safeguarding the confidentiality of this data. See Amendments to Part 4 of the Commission’s Rules Concerning Disruptions to Communications, PS Docket No. 15-80, Second Report and Order, 36 FCC Rcd 6136 (2021) (Second Report and Order).
  These new rules will allow participating agencies to share critical operational status information with first responders who play a vital role in public safety.  

By this Public Notice, as directed by the Commission, the Public Safety and Homeland Security Bureau (PSHSB or Bureau) seeks comment on the cost, manner, and technological feasibility of potential additional safeguards to protect Network Outage Reporting System (NORS) and Disaster Information Reporting System (DIRS) information that will be shared with agencies granted access pursuant to the Second Report and Order. Second Report and Order, 36 FCC Rcd at 6154, para. 61.
  This includes potential mechanisms to further limit the vulnerability of NORS and DIRS data to manipulation and improper access, which could otherwise become an increasing risk as the Commission expands access by participating agencies to these systems. Id.


In the Second Report and Order, the Commission set forth a framework to: (1) provide state, federal, local, and Tribal partners (“Participating Agencies”) with access to the critical NORS and DIRS information needed to ensure public safety; (2) safeguard this information while providing access to participating agencies; and (3) preserve the presumptive confidentiality of the information and acknowledge the sensitive nature of the information. Second Report and Order, 36 FCC Rcd at 6137, para. 3.
  Specifically the Commission adopted the following safeguards: (1) providing read-only access to the NORS and DIRS filings; (2) limiting the number of users with access to NORS and DIRS filings at participating agencies; (3) requiring special training for participating agencies regarding their privileges and obligations under the program; and (4) potentially terminating access to agencies that misuse or improperly disclose NORS and DIRS data. Second Report and Order, 36 FCC Rcd at 6153, para. 58.
  

The Commission also acknowledged the potential utility of proposals raised in the record by commenters concerning whether to include confidential notifications, headers, or watermarks on the read-only outage reports. Second Report and Order, 36 FCC Rcd at 6154, para. 61.
  The Commission therefore directed the Bureau “to seek, via Public Notice, further information on the cost, manner and technical feasibility of implementing these [additional] technological measures and safeguards in NORS and DIRS and to make determinations on which of these measures and safeguards, if any, would be suitable for implementation.” Id.
  Further, the Commission delegated authority to the Bureau “to implement in NORS and DIRS any measures and safeguards that it determines suitable and in the public interest based on the record developed in response to the Public Notice.” Id.
  The Commission cautioned, however, that these proposals “should not impose new regulatory requirements on service providers or additional conditions on agencies seeking access to outage data” or otherwise serve as a basis to delay the effective date of the rules adopted by the Commission. Id.  
  Thus, these additional proposed safeguards, if adopted, would not impose any requirements on providers or conditions on their access, but simply require additional internal Commission procedures designed to assist in ensuring continued protection of the confidentiality of this data under the Commission’s new rules.

Some commenters suggested additional safeguards would “help reduce the risk that participating agencies’ employees or others could make unauthorized modifications to the filings, whether unintentional or malicious, and ensure the accuracy of information shared via the information sharing framework.” Second Report and Order, 36 FCC Rcd at 6154, para. 60.
  To that end, the Bureau seeks comment on the cost, utility and feasibility of additional measures and their implementation, as described below.  


As directed by the Commission, the Bureau seeks comment on the effectiveness of a Commission process for adding headers and footers to any PDF reports it receives in a NORS account, specifying that the data is “Confidential.”  The confidentiality notice printed on each page could serve as a reminder to Participating Agencies that distributing NORS/DIRS information is against Commission regulations.  Would placing headers and footers on each page assist in alerting parties that the information they are viewing is confidential and should not be tampered with or distributed?  

As directed by the Commission, the Bureau is also examining the feasibility of including a watermark on documents printed from the NORS/DIRS database by Participating Agencies.  There are, however, some technical challenges to implementing this safeguard in the current NORS/DIRS environment.  To ensure that remotely printed documents could display the watermark regardless of where they were printed, the documents would likely have to be converted to a locked Portable Document Format (PDF), which would mean the data could not be aggregated, sorted, or compiled by the end user, as is currently possible when data is downloaded as certain other file types (i.e., Word, Excel, or a database (db) format).  Locking the document to prevent editing and to allow imprinting each page with a watermark would, however, make altering the document more difficult.  In terms of limiting accessibility to just PDF files, is the loss of functionality an acceptable sacrifice to maintain integrity of the data?  The Bureau seeks comment on whether the security benefits of requiring documents to be imprinted with a watermark outweigh the loss of data flexibility that results from requiring all exported filed to be converted to locked PDF documents.  Are there other technological measures that the Commission staff should take to prevent the improper use of shared NORS and DIRS information that should be considered consistent with the Commission’s direction in the Second Report and Order?

Filing Requirements.  Interested parties may file comments within 30 days.  Comments may be filed using the Commission’s Electronic Comment Filing System (ECFS). See Electronic Filing of Documents in Rulemaking Proceedings, 63 FR 24121 (1998).
  All comments must reference PS Docket No. 15-80. Id.
  

· Electronic Filers: Comments may be filed electronically using the Internet by accessing the ECFS: http://apps.fcc.gov/ecfs/.
· Paper Filers: Parties who choose to file by paper must file an original and one copy of each filing.
· Filings can be sent by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail.  All filings must be addressed to the Commission’s Secretary, Office of the Secretary, Federal Communications Commission.
· Commercial overnight mail (other than U.S. Postal Service Express Mail and Priority Mail) must be sent to 9050 Junction Drive, Annapolis Junction, MD 20701.  U.S. Postal Service first-class, Express, and Priority mail must be addressed to 45 L Street, NE Washington DC 20554. FCC Announces Change in Headquarters Location, Public Notice, 35 FCC Rcd 11534 (OMD 2020); Amendment of the Commission’s Rules of Practice and Procedure, Order, 35 FCC Rcd 7867 (OMD 2020), 85 Fed. Reg. 64404 (Oct. 13, 2020).

· Effective March 19, 2020, and until further notice, the Commission no longer accepts any hand or messenger delivered filings.  This is a temporary measure taken to help protect the health and safety of individuals, and to mitigate the transmission of COVID-19.  See FCC Announces Closure of FCC Headquarters Open Window and Change in Hand-Delivery Policy, Public Notice, DA 20-304 (March 19, 2020).  FCC Closes Headquarters Open Window and Changes Hand-Delivery Policy | Federal Communications Commission.  After COVID-19 restrictions are lifted, the Commission has established that hand-carried documents are to be filed at the Commission’s office located at 9050 Junction Drive, Annapolis Junction, MD 20701.  This will be the only location where hand-carried paper filings for the Commission will be accepted. See Amendment of the Commission’s Rules of Practice and Procedure, Order, 35 FCC Rcd 5450 (OMD 2020).


To request materials in accessible formats for people with disabilities (braille, large print, electronic files, audio format), send an e-mail to fcc504@fcc.gov or call the Consumer & Governmental Affairs Bureau at 202-418-0530 (voice).

Ex Parte Rules.  The proceeding this petition initiates shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission’s ex parte rules. 47 CFR §§ 1.200 et seq.
  Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies).  Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made, and (2) summarize all data presented and arguments made during the presentation.  If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenter’s written comments, memoranda or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum.  Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with Rule 1.1206(b).  In proceedings governed by Rule 1.49(f) or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding and must be filed in their native format (e.g., .doc, .xml, .ppt, searchable .pdf).  Participants in this proceeding should familiarize themselves with the Commission’s ex parte rules.

Additional Information.  For further information regarding this Public Notice, please contact Scott Cinnamon, Cybersecurity and Communications Reliability Division, Public Safety and Homeland Security Bureau, (202) 418-2319, or by email to scott.cinnamon@fcc.gov.
Non-Public: For Internal Use Only

2