FCC Enters into $15M Consent Decree with Charter for Outage Reporting Violations

On July 29, 2024, the Enforcement Bureau (“the Bureau”) entered into a consent decree with Charter Communications, Inc. (“Charter”) to resolve the Bureau’s investigation into whether Charter violated the FCC’s outage reporting rules in connection with three network outages and hundreds of maintenance-related outages, which impacted 911 service, that Charter failed to report to the FCC.  Charter has agreed to implement a compliance plan and pay a $15,000,000 civil penalty.

 On February 19, 2023, Charter’s network was the target of a minor, low and slow Denial of Service (“DoS”) attack, which resulted in an interconnected Voice over Internet Protocol (“VoIP”) telephony service outage.  Approximately 400,000 customers across 41 states and D.C. were affected.  Service was restored in less than four hours and Charter has maintained that it has adhered to CISA’s best practices and the NIST Cybersecurity Framework.  The outage met the threshold for reporting, but Charter failed to file the required report in the FCC’s Network Outage Reporting System (“NORS”) until almost six hours after it was due.  In addition, due to a clerical error, Charter failed to notify over 1,000 public safety answering points (“PSAPs”) of the outage.

 As a result of the February 19 outage, the FCC sent Charter a Letter of Inquiry and initiated an investigation.  In response to Commission inquiries, Charter indicated that, based on a misunderstanding of the FCC’s rules, hundreds of planned maintenance events may have met the criteria for filing a NORS report but were never submitted. In addition, Charter identified two additional, unplanned outages, on March 31, 2023 and April 26, 2023, that met the NORS reporting threshold but were never reported.   

 To resolve the investigation, Charter has agreed to develop and implement a compliance plan to ensure compliance with the 911 Rules, including reviewing and updating its PSAP notification procedures and creating and maintaining a NORS evaluation and reporting system that will automatically determine when a NORS report needs to be filed.  Notably, the compliance plan also includes a first-of-its-kind provision that Charter will implement certain cybersecurity measures required by the NIST Cybersecurity Framework, other industry standards and best practices, and state and federal laws —including network segmentation and vulnerability mitigation management—and will promptly notify CISA and other Sector Risk Management Agencies of confirmed cybersecurity incidents.  Additionally, Charter has agreed to pay a $15,000,000 civil penalty.

 Please Contact Us if you have any questions. 

Recent Posts