Hackers Blast Emergency Sirens

Screaming sirens serenaded Dallas residents in the early morning hours Saturday after a cyberattack set off the city’s emergency warning system. All of the city’s 156 sirens were set off more than a dozen times, The Dallas Morning News reported. Officials have not yet identified the perpetrator of the attack, the city’s Office of Emergency Management Director Rocky Vaz told the newspaper, but he expressed confidence that it was someone outside the Dallas area. The city has figured out how the system was compromised and has begun working to keep it from happening again, he added. The sirens began sounding about 12:30 a.m. Saturday and weren’t silenced until 1:20 a.m., when the entire system was deactivated. Despite the city’s pleas not to make 911 calls about the sirens, emergency operators were swamped with 4,400 calls during the early morning hours Saturday.

Emergency warning systems in many cities are old, which makes them even more vulnerable to cyberattacks. Ironically, Dallas’ system is about to be overhauled the city council last fall approved $567,368 for the project. “Many of them were first installed in the ’40s and ’50s,” explained Mike Ahmadi, global director for critical systems security at Synopsys. “They’ve been upgraded over time and most recently connected to the Internet,” he told TechNewsWorld. “Actually, the older systems without any connectivity are pretty safe from a hacker-proof perspective,” Ahmadi added. “It’s modernizing them and giving them IoT connectivity that’s made them vulnerable.” Open information laws also can make these systems vulnerable, maintained Ed Cabrera, chief cybersecurity officer for Trend Micro. “These require detailed government information to be publicly disclosed,” he told TechNewsWorld. “That makes things such as manuals and configuration settings openly available to potential adversaries meaning to do harm.”

It has been recognized for some time that older, outdated emergency warning systems are susceptible to cyberattacks, noted Vijay Basani, CEO of EiQ Networks. “In spite of this known exploitable vulnerability, why have our state and local governments been so complicit in their failure to fix these vulnerabilities?” he asked. That is the important question, Basani told TechNewsWorld. “Besides just making emergency warning systems go off randomly, hackers could have shut them down completely, crippled them temporarily, or redirected emergency personnel to wrong locations,” he said. “Taxpayers should demand that their government fix these systems or upgrade them.” The failure of Dallas’ emergency warning system is endemic to the poor security across these systems, said Dragos’ Caltagirone. Securing systems comes down to identifying critical systems, detecting attacks and implementing real protection, he explained.