By John P. Mello Jr.
Apr 11, 2017 5:00 AM PT
Screaming sirens serenaded Dallas residents in the early morning hours Saturday after a cyberattack set off the city’s emergency warning system.
All of the city’s 156 sirens were set off more than a dozen times, The Dallas Morning News reported.
Officials have not yet identified the perpetrator of the attack, the city’s Office of Emergency Management Director Rocky Vaz told the newspaper, but he expressed confidence that it was someone outside the Dallas area.
The city has figured out how the system was compromised and has begun working to keep it from happening again, he added.
The sirens began sounding about 12:30 a.m. Saturday and weren’t silenced until 1:20 a.m., when the entire system was deactivated.
Despite the city’s pleas not to make 911 calls about the sirens, emergency operators were swamped with 4,400 calls during the early morning hours Saturday.
Inadvertent Threat to Life
If the Dallas attack should turn out to be an isolated incident, its impact will be minimal, but if such attacks should multiply, they could undermine public faith in emergency warning systems.
“Like crying wolf too often, these attacks erode the faith in these systems critical to safeguarding human life during an emergency,” said Sergio Caltagirone, director of threat intelligence for
“While a single event is unlikely to cause significant damage,” he told TechNewsWorld, “continual attacks will most certainly have a long-term effect.”
Both determined and hobbyist hackers are probing and testing the nation’s critical infrastructure, he added.
“There are no indications of an imminent wide-scale attack, but these attacks will only become more common — and the biggest fear is that an adversary will do great harm and possibly threaten human life inadvertently,” Caltagirone explained.
“Dallas is a well-funded municipality with the proper resources to defend their infrastructure from attack,” he added. “This does not bode well for the majority of municipalities who lack the resources of Dallas.”
911 System Disrupted
Although Dallas is still assessing the damage of the cyberattack, its disruption of the 911 system by inciting panic calls about the sirens probably placed some citizens’ lives at risk.
Because there were so many calls to the 911 system in a short period of time, the hack of the siren network created a sort of DDoS attack on 911.
“Any real emergency happening at the same time will get lost in the noise,”
SS8 Chief Security Officer Cemal Dikmen told TechNewsWorld.
Call hold times were delayed from their usual 10 seconds to about six minutes, noted James Scott, a senior fellow at the
Institute for Critical Infrastructure Technology.
“Every citizen was endangered by the inability to request emergency assistance in a reasonable amount of time,” he told TechNewsWorld.
“Every caller who legitimately required an emergency response to an actual threat was imperiled by the significantly delayed 911 call center response time,” Scott emphasized. “It is difficult to measure or predict the number of residents who needed emergency assistance and hung up the phone out of frustration, or the number of citizens whose safety and physical well-being were jeopardized by this trivial cyberattack.”
Emergency warning systems in many cities are old, which makes them even more vulnerable to cyberattacks. Ironically, Dallas’ system is about to be overhauled — the city council last fall approved $567,368 for the project.
“Many of them were first installed in the ’40s and ’50s,” explained Mike Ahmadi, global director for critical systems security at
“They’ve been upgraded over time and most recently connected to the Internet,” he told TechNewsWorld.
“Actually, the older systems without any connectivity are pretty safe from a hacker-proof perspective,” Ahmadi added. “It’s modernizing them and giving them IoT connectivity that’s made them vulnerable.”
Open information laws also can make these systems vulnerable, maintained Ed Cabrera, chief cybersecurity officer for Trend Micro.
“These require detailed government information to be publicly disclosed,” he told TechNewsWorld. “That makes things such as manuals and configuration settings openly available to potential adversaries meaning to do harm.”
It has been recognized for some time that older, outdated emergency warning systems are susceptible to cyberattacks, noted Vijay Basani, CEO of
“In spite of this known exploitable vulnerability, why have our state and local governments been so complicit in their failure to fix these vulnerabilities?” he asked.
That is the important question, Basani told TechNewsWorld.
“Besides just making emergency warning systems go off randomly, hackers could have shut them down completely, crippled them temporarily, or redirected emergency personnel to wrong locations,” he said. “Taxpayers should demand that their government fix these systems or upgrade them.”
The failure of Dallas’ emergency warning system is endemic to the poor security across these systems, said Dragos’ Caltagirone.
Securing systems comes down to identifying critical systems, detecting attacks and implementing real protection, he explained.
“Unfortunately, most organizations don’t even successfully complete the first step,” said Caltagirone. “All security starts with knowledge of your own environment. Many systems owners lack sufficient asset inventory. It’s impossible to protect what you don’t understand.”