FCC says sharing DDoS attack details undermines security

Chairman Pai wants ranking members of congress to just trust that things are under control.

Back in May, HBO's John Oliver exhorted viewers to add their public comment on the FCC's website for net neutrality. While at first it seemed as if the server couldn't handle the extra load of commenters, the FCC said that the site had been a victim of multiple distributed denial-of-service (DDoS) attacks. When asked for evidence of the cyberattack by regulators, senators and journalists, the FCC refused to share any data.

Last month, a group of ranking House committee members sent a letter to the FCC Chairman Ajit Pai, which expressed concerns about the agency's "cybersecurity preparedness, and the multiple reported problems with the FCC's website in taking public comments in the net neutrality proceeding." Pai's response — dated July 21st and posted on July 28th — was predictably vague in responding to the specific queries from the Representatives. He said "it would undermine our system's security to provide a specific roadmap of the additional solutions to which we have referred."

Pai doubled-down on the reasoning in response to requests for what specific hardware solutions were in place, saying, "While it would undermine our system security to provide a specific roadmap of what we are doing, we can state that FCC IT staff has notified its cloud providers of the need to have sufficient 'hardware resources' available to accommodate high-profile proceedings."

As noted by Ars Technica, the FCC has refused to respond to several Freedom of Information Act (FoIA) requests around the DDoS attacks. The Commission has also denied reports that it didn't even document the event, confusing matters further. In the current letter, Pai asks the House members to trust that everything is now under control, since things seem to be working. "The docket now contains more than 10 million comments overall, demonstrating that our processes are facilitating widespread public participation in this proceeding," he wrote. "Although I cannot guarantee that we will not experience further attempts to disrupt our systems, our staff is constantly monitoring and reviewing the situation so that that everyone seeking to comment on our proceedings will be afforded the opportunity to do so."