Two Democratic lawmakers want a government watchdog to investigate the Federal Communications Commission’s claim that malicious hackers forced it offline in May.
FCC officials attributed the blackout of a site collecting comments about a net neutrality proposal to malicious hackers who overloaded the site with requests—what’s known as a distributed denial-of-service attack.
Some skeptics, though, say the outage was caused by a flood of legitimate commenters who want to retain Obama-era rules that prohibit internet service providers from giving preferential treatment to particular sites.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The outage came after comedian John Oliver directed net neutrality supporters in his audience to flood the FCC’s comment page.
The FCC has refused, so far, to provide evidence the attack occurred. The commission declined to release documentation related to the attack in response to a Freedom of Information Act request from the tech publication Gizmodo.
That leaves the public and Congress wondering both whether the attack occurred and, if it did, whether FCC’s cybersecurity protections are up to snuff, according to Thursday’s letter to the Government Accountability Office from Sen. Brian Schatz, D-Hawaii, and Rep. Frank Pallone, D-N.J.
Pallone is ranking member of the House Energy and Commerce Committee and Schatz is the top Democrat on the Senate Commerce Committee’s technology and internet subcommittee, both of which have jurisdiction over the FCC.
GAO considers relevant committee assignments when deciding whether to investigate something based on a congressional request.
The letter also notes “fake comments” posted to the FCC’s net neutrality comments site by digital bots. Those fake comments combined with the alleged DDoS attack “raise serious questions about how the public makes its thoughts known to the FCC and how the FCC develops the record it uses to justify decisions reached by the agency,” the lawmakers write.
Schatz and Pallone ask GAO to investigate how the FCC determined a DDoS attack occurred; what information the agency’s chief information officer had when he publicly announced the DDoS attack; what safeguards the agency has against future DDoS attacks and whether those protections meet standards from government cyber experts in the Homeland Security and Commerce departments.
The lawmakers also want the accountability office to investigate whether other important FCC web tools, such as its systems for auctioning digital spectrum, are secure.