The Wireless Emergency Alerts (WEA) Research, Development, Testing, and Evaluation (RDT&E) program, formerly known as the Commercial Mobile Alert Service (CMAS) RDT&E program, is a collaborative partnership that includes the cellular industry, Federal Communications Commission, Federal Emergency Management Agency, and U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T). The Carnegie Mellon Software Engineering Institute supported DHS S&T by developing a cybersecurity risk management (CSRM) strategy to ensure accurate, timely dissemination of alerts despite attempted or successful attacks on the cyber infrastructure that supports the WEA service.
The goal of the CSRM strategy documented in this report is to enable alert originators to identify and manage cyber threats and vulnerabilities that may affect their ability to send WEA messages. The primary audience for this report includes alert originators who plan to adopt the WEA capability. In addition, for DHS S&T, the report provides a framework for cybersecurity risk management that can be tailored and applied across the WEA alerting pipeline.