May 1, 2017 | By Chris M. Roberts
City officials in Dallas have pointed the finger at a hacker for causing all 156 emergency sirens to turn on at the same time. The sirens were activated at 11:42 p.m., Friday April 7, and continued to wail for over 90 minutes before city workers pulled the plug on the emergency notification system. The simultaneous blaring of sirens caused a chain reaction of consequences including the flooding of the 911 emergency phone lines and causing delays in responses to actual emergencies. Researcher have concluded that the hacker was able to attack the system using a wireless transmission, meaning they could have conducted the attack from nearly anywhere in the Dallas area.
IISP Analyst Chris M. Roberts: "Researchers’ opinions vary on the difficulty of this hack, and while I tend to agree with those who say it was simple to carry out, the difficulty of the hack is not the important part of the story. The impact of the attack is where the focus needs to be. The sirens were offline for a number of hours and likely not trusted as much going forward, the 911 system was flooded with calls, and emergency responders were delayed. Additionally, the city has already responded by spending $100,000 to upgrade the system, in what is believed to be only the first round of funding for these technical upgrades.
This attack is an excellent example of why all infrastructure and internet-of-things (IoT) type systems need to be protected -- not just from computer attacks, but from all attack surfaces that leave the systems exposed. Systems, both old and new, connected to the internet or not, need to be evaluated and protected. The city of Dallas should be thankful that this wasn’t executed by someone with malicious intent because the outcome could have been much worse."
For further reading
- USA Today: https://www.usatoday.com/story/news/2017/04/08/hacker-triggers-all-156-emergency-sirens-dallas/100212412/#
- ZDnet: http://www.zdnet.com/article/experts-think-they-know-how-dallas-emergency-sirens-were-hacked/