Emergency Notification System Hacked in Dallas
Another incident showcased how vulnerable critical infrastructure systems can be to cyber-attacks. This weekend in Dallas, the crisis siren warning system used by the Office of Emergency Management to warn citizens of tornadoes, dangerous weather, and potentially other situations, was comprised by hackers. 156 sirens began screaming just before midnight on Friday, sending an alert to a city of over one and a half million people, creating a flood of calls to emergency dispatchers.
The sirens woke up a lot of people. In all, over 4400 calls were received by frightened citizens. This created a long wait time for the reporting real emergencies, of over 6 minutes. Many concerned people also reached out to social media in an attempt to ascertain the crisis befalling their community. To enhance calm, the FBI posted a tweet informing residents there was “no active emergency”.
In order to silence the false alarms, the Office of Emergency Management sent personnel to manually shut down sirens and repeaters. This took time. The claxons sounded for over an hour and a half before all of them were disabled.
But what now? The city is now without the system until such time as a fix can be determined and applied. Although this is a small exposure, it highlights how cyber based attacks can impact people and through a series of predictable events, shut down a city-wide emergency system.
Critical infrastructures are vulnerable to attack. Many systems in power grids, fuel distribution, food supply, emergency management, and healthcare services are connected directly or indirectly to the Internet. The benefits are great, but accompanying them are risks difficult to understand. Such connectivity and reliance creates vulnerabilities. This incident shows that the emergency systems which help mitigate risks, inform the public, and manage responses can also be undermined.
We, as a society, are at a pivotal point. We are applying great technology for improvements to services, safety, and the daily lives of citizens, but are opening unfamiliar risks at the same time. We cannot only focus on opportunities that technology brings, while ignoring the accompanying dangers. The threat-agent community of hackers, nation states, and organized criminals are getting stronger and more capable.
I believe for all systems which influence life-safety, additional measures must be instituted to understand potential risks and proper mitigations established to manage them. Digital systems must be created with the expectation they will be attacked and eventually compromised. Every critical system should benefit from a set of supporting strategic capabilities that enable owners to predict, prevent, detect, and respond to cyber-attacks.
Technology is a tool. It can be used for greatness or maliciousness. In Dallas, we witnessed a taste of misuse. It is in everyone’s best interest to think ahead and prepare for greater challenges as we embrace the benefits of technology.