Hacked sirens should serve as warning that better infrastructure security is needed

Dallas breach shows that government and city systems nationwide must be more closely monitored against emerging threats

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

It’s tempt­ing to ignore the warn­ing sirens that blared Dal­las out of bed last Sat­ur­day night, the work of a hack­er. But that would be a very seri­ous mis­take.

Bob Sul­li­van, jour­nal­ist and one of the found­ing mem­bers of msnbc.com

We hear so much about the impor­tance of secur­ing America’s crit­i­cal infra­struc­ture sys­tems. Then you find out that the com­pa­ny respon­si­ble for main­tain­ing the Dal­las out­door warn­ing siren net­work also is an office fur­ni­ture mov­ing com­pa­ny.

Relat­ed video: Start-up helps lock down indus­tri­al con­trols, secure crit­i­cal infra­struc­ture

In case you missed it, out­door sirens in Dal­las screeched con­tin­u­ous­ly the night of April 4, harass­ing many of the city res­i­dents with the ulti­mate false alarm. Ini­tial­ly believed to be a mal­func­tion, city offi­cials con­ced­ed it was a hack by Sun­day.

The sirens are sup­posed to warn res­i­dents about imme­di­ate dan­ger, like tor­na­does. They did their job. Amer­i­ca just received per­haps the clear­est warn­ing ever that our essen­tial ser­vices are com­i­cal­ly easy to attack, putting our cit­i­zens in seri­ous per­il. Will we lis­ten, or just go back to sleep?

Big prob­lem no mat­ter the source

No one died Sun­day morn­ing. There was no blood, so there weren’t any dra­mat­ic pic­tures. But there will be. It doesn’t take much imag­i­na­tion to see how eas­i­ly this hack­er prank (or, was it a test?) could have gone very wrong. For starters, it served as a denial of ser­vice attack on the city’s 911 sys­tem, which was over­whelmed with calls.

More than 4,400 911 calls were received from 11:30 p.m. to 3 a.m., the city said. About 800 came right after mid­night, caus­ing wait times of six min­utes. As far as we know, no one died because of this. But that could have hap­pened.

But that’s only the tip of the ice­berg. Secu­ri­ty experts I’ve chat­ted with have warned for years of a hybrid attack that could eas­i­ly cause pan­ic in a big city. Imag­ine if this hack had been com­bined with a cou­ple of con­vinc­ing fake news sto­ries sug­gest­ing there was an ongo­ing chem­i­cal attack on Dal­las.

With­out fir­ing a shot, you could eas­i­ly see real cat­a­stro­phes. Take it a step fur­ther, and com­bine it with some kind of phys­i­cal attack, and you have a seri­ous, long-last­ing inci­dent on your hands. Death, fol­lowed by mas­sive con­fu­sion, then pan­ic, then a bunch of sit­ting ducks stuck in traf­fic.

Play­ing the “what if” game some­times leads to exag­ger­a­tion. But it is called for when some­one is about to ignore a warn­ing sign. So I asked secu­ri­ty con­sul­tant Jeff Bardin of Tread­stone 71 to tell me why the Dal­las inci­dent should be tak­en seri­ous­ly.

Poten­tial cat­a­stro­phe

For one, it could have been a diver­sion­ary tac­tic.

Test­ing the emer­gency sys­tems, get­ting to a ‘cry wolf’ state of affairs, get­ting author­i­ties into a full state of chaos and con­fu­sion while hack­ing and pen­e­trat­ing some­thing else. Kansas City shuf­fle,” he said. “This looks to me to be a test of the sys­tems. It could also be more than a test, mean­ing what was hacked dur­ing this fake emer­gency?”

Dal­las has been hit by “prank” hacks before. Last year, traf­fic signs were hijacked to dis­play fun­ny mes­sages like “Work is Can­celed — Go Back Home.” Very fun­ny. But this means we know the city’s sys­tems are being active­ly probed. Any intel­li­gent per­son has to con­sid­er what oth­er sys­tems this per­son or gang has toyed with. And, more impor­tant, what oth­er cities have they toyed with.

If I, as a hack­er, can con­trol the emer­gency sys­tems, alarms, build­ing secu­ri­ty, HVAC, traf­fic lights, first respon­der sys­tem, med­ical facil­i­ty inter­faces, law enforce­ment, etc., all the nor­mal phys­i­cal sys­tems that now have inter­net inter­faces, I can con­trol the whole of the city,” Bardin said. “What else was pen­e­trat­ed dur­ing this ‘test?’ How many oth­er major cities in the U.S. oper­ate the same way? What was inject­ed into these sys­tems dur­ing the test for lat­er access?”

Hope­ful­ly, the Dal­las siren hack­er is a kid who found flaws in a very old, inse­cure sys­tem and had some fun for a night, Bardin said. Per­haps it was some­one try­ing to “prove a point,” though in a care­less, dan­ger­ous way that did put lives in dan­ger.

Back to busi­ness as usu­al?

Point not made. Life is full of dis­as­ters avert­ed, then ignored. The planes that almost col­lid­ed. The car acci­dent nar­row­ly avert­ed. The key that was lost but is found.

It’s 48 hours after a major U.S. city had its sirens blar­ing all night long. Are you hear­ing about fed­er­al inves­ti­ga­tions? Are you hear­ing about exec­u­tive orders around crit­i­cal infra­struc­ture? (You did. But then, you didn’t.)

As for the fur­ni­ture-mov­ing com­pa­ny behind the sirens, it’s prob­a­bly unfair to blame them. The Dal­las Morn­ing News report­ed that Michi­gan-based West Shore Ser­vices was in charge of main­tain­ing the sys­tem.

But the biggest ques­tion of all: Will any­one hear this warn­ing siren? Or will we all go back to sleep, like Dal­las did?

Dal­las May­or Mike Rawl­ings seemed to get it, and called for seri­ous invest­ment in the wake of the attack.

This is yet anoth­er seri­ous exam­ple of the need for us to upgrade and bet­ter safe­guard our city’s tech­nol­o­gy infra­struc­ture,” he wrote on his Face­book page. “It’s a cost­ly propo­si­tion, which is why every dol­lar of tax­pay­er mon­ey must be spent with crit­i­cal needs such as this in mind. Mak­ing the nec­es­sary improve­ments is imper­a­tive for the safe­ty of our cit­i­zens.”

Let’s hope some­one lis­tens, and those sirens are heard far out­side Texas.

More sto­ries relat­ed to wide­spread hack­ing:
Threat of cyber attack on crit­i­cal infra­struc­ture is real, present dan­ger
Recent net­work out­ages point to crit­i­cal tech­ni­cal vul­ner­a­bil­i­ties
Pop­u­lar web­sites knocked down by IoT-enabled DDoS attack


Posted in Cybersecurity, Featured Story