In recent years, we’ve seen some outright astonishing cyberattacks waged by hackers that show the resources and capabilities these people have at their disposal. This makes them capable of pulling off both impressive and unsettling heists. It seems no particular industry, field, or work is impervious to such attacks, including public safety systems and emergency call centers.
We’ve seen a rash of notable cyberattacks that targeted public safety in recent months. Just days before the 2017 presidential inauguration, for example, hackers disabled 70 percent of police closed-circuit surveillance network cameras in Washington DC, using ransomware. That same month, ransomware also sent local government offices “25 years back in time” (including a county dispatch center) by sabotaging physical and digital communicative outlets. While telephones and radios were still usable, dispatchers had significant issues accessing their computers, which prolonged response times. In April, the city of Dallas’ emergency siren system was hacked and triggered 156 horns around the area to continuously go off for over 90 minutes in the middle of the night. While city officials originally thought the issue could be attributed to a technical malfunction, it was discovered that hackers triggered the sirens using radio signals to access the city’s system.
These are just a few mentionable instances of hackers breaching public safety systems that raises a bigger question of how susceptible public safety systems and emergency services are to cyberattacks. One way to answer this question is by looking at the state of equipment and electronics most of these systems use. Several public safety systems and emergency services rely on outdated machinery installed as far back as the 1980s. This was a time before the Internet existed, let alone machine-to-machine communication. As a result, equipment was designed with the aim of providing quality safety, ease of communication, and reliability. Issues regarding hackers and cybersecurity either didn’t exist at this time, or cybercriminals didn’t possess the necessary resources to implement a heist or attack with the sophistication and effectiveness we see nowadays.
The evolution and expansion of the Internet has been a monumental game-changer, since finding almost any type of information has become incredibly easy. Manufacturers themselves even post instruction manuals online. Inexpensive pocket-sized devices are capable of producing signaling protocols that were once viewed as extremely complicated and nearly impossible to duplicate. As the Internet of Things (IoT) grows, cities are gaining “smart” capabilities, which is prompting more wireless and Internet-enabled devices to interconnect with emergency infrastructure. Although safety can improve when connecting infrastructure to the Internet by enabling officials to remotely monitor and control systems, along with broadening and sharpening communicative outlets, these improvements also create more opportunities for cybercriminals.
Compared to the national level of public safety and emergency service systems, the risk on the local level is much higher to suffer a cyberattack. A lot more attention is paid to critical infrastructure on the national stage. Security protocols of power generation and transfer systems, for example, are subject to stiff regulations that don’t necessarily apply to cities, counties, and other regional communities. Lower more local levels of government are also notoriously underfunded, and might not recognize the importance of designating money towards cybersecurity operations.
The ramifications and weight of accountability aren’t nearly as severe when pinpointing blame on cyberattacks in public sectors compared to private. A CEO could be forced to resign if a catastrophic cyberattack compromises their company’s data. Public officials don’t suffer consequences remotely comparable if the same incident happens to a city’s systems. Politicians will point fingers, and spend more money trying to track down and punish the cybercriminals who committed the act instead of allocating funds to rectify the issue and look out for similar conditions that could prompt a repeat incident.
Filed Under: Cybersecurity, M2M (machine to machine)