The Importance of Enhanced System Security: A Look at the Recent Weather Alarm Hacking Scandal
April 14, 2017
The city of Dallas, Texas boasts 156 emergency weather sirens throughout the entire city charged with warning residents when there is an imminent threat from a tornado or other severe weather. On Friday, April 7, 2017 Dallas residents were startled awake when every siren in the city was activated at the same time. The sirens blared for more than an hour and a half before city officials were able to manually turn them off. The reaction from the 1.3 million residents was predictable; over 4,000 calls to 911 flooded the city’s emergency response lines. Wide-spread panic eventually turned into irritation as residents were informed there was no danger, just a system malfunction. It wasn’t until later that an investigation revealed hackers had in fact manipulated the wireless radio system behind the alerting system, triggering these alarms.
In light of this discovery, a new concern has emerged surrounding the security of emergency communication protocols as evidenced by this hacker’s ability to override the security of the city’s critical infrastructure. This is not the only city where a breach like this has occurred, and the array of system infrastructure that can be impacted by such attacks, raises serious concerns about the effectiveness of all emergency communication tools—with good reason.
If we can’t trust our emergency systems, how do we prepare to alert residents of potential disruptions and disasters?
“It’s probably not a one-and-done,” said James Norton, deputy assistant secretary of the U.S. Department of Homeland Security under President George W. Bush. “I think you will see more of it as it goes on, as organizations look to target major cities and find gaps. It could have been some folks wanting to send a signal … or a lead-up to something else. It’s hard to speculate. “But it’s a warning to the state and locals to update their systems and become more sophisticated.” Read the full article here.
The answer lies in redundancy and security. That means delivering alerts not just by one sole method, but by many, with each providing clear information and direction in the case of a real event.
“Those are times when we’re really glad that we’ve been trying to encourage people to get weather radios; we’ve been encouraging them to sign up for CodeRED and to receive messages as best they can from all services,” said Sarah Somers, director of Grayson County’s Office of Emergency Management. Read the full article here.
It also lies within fundamental security measures such as maintaining your technology and ensuring cybersecurity procedures are updated. Educate your employees on procedures and have a clear business continuity and disaster recovery plan in place to activate, if such an event does occur.
Learn more with The Common Sense Approach to Cybersecurity, the new guide filled with common sense tips for improving your organization’s resistance to hacking, malware and other types of cybercrime.