Sapsiwai - Fotolia

Dallas city alarm hack raises fears over vital system security

Hackers have accessed the emergency alert system in Dallas in the largest breach of its kind, raising fears about the cyber security of critical infrastructure

Authorities in Dallas, Texas say the emergency alert system in the city has been restored after it was shut down at the weekend when it was accessed by cyber attackers.

Rocky Vaz, director of Dallas’ Office of Emergency Management, said all 156 of the city’s emergency alert sirens were activated more than a dozen times in the early hours of 8 April 2017 after the system was accessed by external hackers, according to the Dallas Morning News.

The alarms resulted in a more than 4,400 calls to the city’s 911 emergency call centre, more than double the typical number of calls received between 11pm and 7am, according to Ars Technica.

As a result of the high call volume from concerned residents and staff shortages at the call centre, waiting times were pushed as high as six minutes, well above the target of answering most 911 calls within 10 seconds.

Officials do not know who was responsible for the hacking, but they believe the attack was carried out in the Dallas area.

However, Vaz claimed that investigators had worked out how the emergency system was compromised and said the city is working to prevent similar attacks in future, without providing any details.

Dallas Mayor Mike Rawlings said the incident was a “serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure,” adding that it was a “costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind.”

Read more about incident response

City officials said they have begun working with the Federal Emergency Management Agency on an alert system to send messages to all mobile phones in the area when there is an emergency.

The city said it also has asked the Federal Communications Commission to help find who is responsible for compromising the emergency alert system.

The breach comes days after a warning that critical infrastructure is likely to be increasingly targeted by ransomware attacks, according to Nextgov.

Critical infrastructure a ransomware target

Ransomware creates a business model in which anyone can potentially by extorted, McAfee chief technology officer Steve Grobman told reporters during a roundtable discussion at McAfee’s Security Through Innovation Summit in Arlington, Virginia.

“There’s no reason not to think that criminals will see government assets like critical infrastructure as a target they can hold for ransom,” he said.

If hackers were able to seize the controls of a critical infrastructure asset such as a dam or airport where they could cause major property destruction and loss of life, Grobman said the ransom demand could be huge, and there is a good chance the asset owner or the government would have to pay up.

The remedy, he said, is for governments and critical infrastructure providers to plan ahead by securing their systems and carry out incident response exercises specifically for dealing with ransomware attacks.

Industrial control systems vulnerabilities a threat

In February 2017, a cyber defence expert told Computer Weekly that vulnerabilities in industrial control systems commonly used by suppliers of critical national infrastructure are potentially the biggest threats to UK cyber security.

“Industrial control systems (ICS) in Europe and particularly the UK are based on legacy systems, which is creating opportunities for attackers as we move to a process control network environment,” said Azeem Aleem, director of advanced cyber defence practice for Europe, Middle East and Africa (Emea) at RSA.

“We are seeing evidence of attacks on ICS in things like StuxnetShamoon, and Black Energy linked to the attacks on the Ukrainian power grid,” he said.

According to RSA researchers, there is a sophisticated surge in the attack domains across industrial control systems. At the same time, many organisations are not aware of the device connectivity patterns inside and outside their ICS environment.

Risks to nuclear power stations highlighted

On 3 April 2017, it emerged that UK security services had told nuclear power stations to bolster their cyber defences in the face of increased threats.

Government officials warned that terrorists, foreign spies and “hacktivists” are looking to exploit “vulnerabilities” in the nuclear industry’s internet defences,

Peter Carlisle, vice-president for Europe, Middle East and Africa at Thales e-Security believes cyber attacks against critical national infrastructure are set to increase dramatically as criminals develop “increasingly heinous methods” to jeopardise the UK’s national security.

“From power stations to the transport network, the risk to the public remains severe, especially if hackers are able to gain access to electronic systems.

“To tackle this, the security industry must stand shoulder to shoulder with the government to protect data and critical infrastructure from attack, and ensure hostile forces never have the opportunity to do us harm,” he said.

Read more on Hackers and cybercrime prevention