FCC workshop addresses cybersecurity threats to broadcasters

By NCS Staff May 21, 2026

Weekly insights on the technology, production and business decisions shaping media and broadcast. Free to access. Independent coverage. Unsubscribe anytime.

The Federal Communications Commission held a workshop on cybersecurity for broadcasters, drawing presentations from federal officials, broadcast engineers, cybersecurity professionals and legal advisors on the threats facing radio and television stations and the steps operators can take to defend against them.

The workshop opened the first of two days of cyber-focused sessions hosted by the FCC’s Public Safety and Homeland Security Bureau. The second day shifted focus to communications service providers and the networks that carry emergency communications.

Opening remarks pointed to a series of incidents over the past year that compromised broadcast equipment and resulted in the transmission of false emergency alert signals, including offensive and unauthorized content.

“In several cases, attackers exploited vulnerabilities involving studio-to-transmitter links and related systems that are essential to delivering programming to the public,” said Zenji Nakazawa, chief of the Public Safety and Homeland Security Bureau.

The bureau issued a public notice in November encouraging broadcasters to strengthen cybersecurity practices following those incidents.

“Cyber attacks against broadcasters are occurring with greater frequency and sophistication. These incidents are not theoretical, and they are not limited to the IT department or engineering floor. They can disrupt operations, compromise systems, interfere with emergency communications, and undermine trust,” Nakazawa said.

Three sessions cover threats, defenses and response

The workshop was structured around three sessions. The first, presented by Wayne Pecena, associate director of educational broadcast services at Texas A&M University, surveyed the threat landscape and demonstrated tools used by both attackers and defenders, including network mapping software and search engines that catalog internet-connected devices.

Pecena described risks specific to the broadcast chain, including hijacking of studio-to-transmitter audio paths, manipulation of RDS data and tampering with EAS encoder/decoder units. He cited a 2022 DEF CON presentation that detailed the design of the EAS system as a point at which technical knowledge of those vulnerabilities became more widely available.

Advertisement

The second session, a panel moderated by Drew Morin, deputy chief of the Cybersecurity and Communications Reliability Division, addressed risk management strategy, asset inventory, network segmentation and identity controls. Panelists included Roz Clark, executive director of radio engineering at Cox Media Group; Daniel Parsons, chief information security officer at E.W. Scripps Company; Brian Kaiser, lead for the FBI Cyber Division’s Critical Sector Engagement and Intelligence Unit; and Valecia Stocchetti, senior cybersecurity engineer at the Center for Internet Security.

The closing session covered incident preparation and response.

Luke Dembosky, a partner at Debevoise & Plimpton, and Dave Wong, a director at Mandiant, the Google Cloud-owned incident response firm, described current attacker trends, including a shift from file-encrypting ransomware toward data extortion, harassment of executives and their families, and the use of artificial intelligence to scale phishing and reconnaissance campaigns.

Reporting obligations emphasized

In closing remarks, Leon Kenworthy, chief of the Cybersecurity and Communications Reliability Division, reminded attendees of an existing reporting requirement.

“If you are the victim of a cyber incident that results in transmission of emergency alert system codes or attention signal, you’re required to report that to the FCC as part of the reporting piece of cyber incident response,” Kenworthy said.

Kenworthy framed the workshop as part of the agency’s continued focus on broadcast cybersecurity under Chairman Brendan Carr and said resources are available to operators of any size.

“No matter the size or sophistication of your organization, there are tools available to help you secure your systems and develop a cybersecurity risk management plan that suits your needs,” Kenworthy said.

The workshop was recorded and live streamed, with a recording available here: