Charter Communications has agreed to pay a $15 million fine after admitting its failure to notify over a thousand 911 call centers about an outage caused by a denial-of-service attack and its failure to meet the Federal Communications Commission (FCC) reporting deadlines for hundreds of planned maintenance outages. This admission and settlement were detailed in an FCC announcement.
The consent decree reveals that Charter violated the agency’s rules concerning notifications to public safety officials and the Commission in connection with three unplanned network outages and hundreds of planned, maintenance-related outages occurring last year. Particularly, Charter failed to timely notify more than 1,000 Public Safety Answering Points (PSAPs) of an outage on February 19, 2023.
Phone providers like Charter are mandated to notify the FCC through its Network Outage Reporting System (NORS) and the pertinent 911 call centers about any significant outages. However, Charter reportedly missed critical NORS reporting deadlines for the February 2023 outage, as well as separate outages on March 31 and April 26, 2023.
During the February outage, Charter was required to notify impacted PSAPs ‘as soon as possible,’ but due to a clerical error linked to an email notification, over 1,000 PSAPs were not informed. Additionally, Charter did not meet the NORS notification requirement until almost six hours past the deadline. This delay impedes the FCC’s ability to assess the magnitude of major outages and reduces effectiveness in promoting network reliability best practices.
In its response to the FCC’s findings, Charter downplayed the violations, attributing the failure to administrative notifications rather than cybersecurity shortcomings. The company emphasized that the fine is unrelated to any violation of cybersecurity standards.
The settlement mandates Charter to pay a $15 million civil penalty, implement a comprehensive compliance plan, and create an automated notification system to ensure timely communication with PSAPs following network outages. The compliance plan includes the application of cybersecurity measures related to 911 communications services and is set to remain in effect for three years.
For further details, please refer to the original article on Ars Technica.