Emergency Notification System Hacked in Dallas
Another incident showcased how vulnerable critical infrastructure systems can be to cyber-attacks. This weekend in Dallas, the crisis siren warning system used by the Office of Emergency Management to warn citizens of tornadoes, dangerous weather, and potentially other situations, was comprised by hackers. 156 sirens began screaming just before midnight on Friday, sending an alert to a city of over one and a half million people, creating a flood of calls to emergency dispatchers.
The sirens woke up a lot of people. In all, over 4400 calls were received by frightened citizens. This created a long wait time for the reporting real emergencies, of over 6 minutes. Many concerned people also reached out to social media in an attempt to ascertain the crisis befalling their community. To enhance calm, the FBI posted a tweet informing residents there was “no active emergency”.
The Aftermath
In order to silence the false alarms, the Office of Emergency Management sent personnel to manually shut down sirens and repeaters. This took time. The claxons sounded for over an hour and a half before all of them were disabled.
But what now? The city is now without the system until such time as a fix can be determined and applied. Although this is a small exposure, it highlights how cyber based attacks can impact people and through a series of predictable events, shut down a city-wide emergency system.
Critical infrastructures are vulnerable to attack. Many systems in power grids, fuel distribution, food supply, emergency management, and healthcare services are connected directly or indirectly to the Internet. The benefits are great, but accompanying them are risks difficult to understand. Such connectivity and reliance creates vulnerabilities. This incident shows that the emergency systems which help mitigate risks, inform the public, and manage responses can also be undermined.
Choose Wisely
We, as a society, are at a pivotal point. We are applying great technology for improvements to services, safety, and the daily lives of citizens, but are opening unfamiliar risks at the same time. We cannot only focus on opportunities that technology brings, while ignoring the accompanying dangers. The threat-agent community of hackers, nation states, and organized criminals are getting stronger and more capable.
I believe for all systems which influence life-safety, additional measures must be instituted to understand potential risks and proper mitigations established to manage them. Digital systems must be created with the expectation they will be attacked and eventually compromised. Every critical system should benefit from a set of supporting strategic capabilities that enable owners to predict, prevent, detect, and respond to cyber-attacks.
Technology is a tool. It can be used for greatness or maliciousness. In Dallas, we witnessed a taste of misuse. It is in everyone’s best interest to think ahead and prepare for greater challenges as we embrace the benefits of technology.
Interested in more? Follow me on Steemit, Twitter (@Matt_Rosenquist), and LinkedIn to hear insights and what is going on in cybersecurity.
This post has been ranked within the top 80 most undervalued posts in the first half of Apr 10. We estimate that this post is undervalued by $0.23 as compared to a scenario in which every voter had an equal say.
See the full rankings and details in The Daily Tribune: Apr 10 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.
If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.
What are your thoughts on the Shadow Brokers release of the NSA hacking tools?
I think they are becoming a powerful force to influence events. They have earned a voice. If they were able to gain access to those tools, it is likely other would be able to as well. I think we will see more of their activity over time and have a better understanding of their intent and motivations.