Aro
und 11:45 PM night of April 7, 2017, the outdoor weather warning sirens began sounding around Dallas. It was a clear night, with no severe weather for hundreds of miles. Confused citizens called 911 to report or ask about the sirens, clogging lines and leading to
wait times exceeding six minutes. Others (like myself) called police dispatch lines and were told that nobody knew what was happening. Local news and the city were silent on all media channels – TV, web, Twitter, email, the Amber Alert system. The only sound we heard were the sirens, off and on for over an hour.
By the morning, it was reported that persons unknown had hacked into the warning system and activated the sirens. They had to be disabled manually by fire crews and would be unavailable for a few days while they investigated, updated and re-enabled the system. Thankfully, there was no severe weather predicted for this time.
A few possible explanations come to mind for this hack. First, it could be simple mischief. Someone figured out how to remotely activate the sirens and thought it would be funny to wake up the city. Second, a criminal enterprise might want to use the sirens as cover for an attack or crime. Third, a malicious state actor might want to test our emergency response before initiating an invasion or attack (think Red Dawn).
Mischief seems the most likely, simply because the sirens went off and nothing else happened. This kind of hack can only be used once. By the time the sirens are re-activated, this attack vector will be closed. Using it changes the future response, making it unsuitable as an evaluation of the city’s emergency preparedness. If the sirens were to sound again, it is much less likely that people will call 911 and block the lines. The police and fire departments will be ready, and hopefully the communication system of the City of Dallas will be faster to respond. If a bad actor wanted to use this as cover, they would have already carried out their plan.
I believe this incident was a prank and not a cause of grave concern. The response to it, however, was a bit troubling. The sirens exposed a gap in the City of Dallas communications strategy. The rapid response of our local news organizations was no better. The first notification, from the Dallas Morning News, came more than 45 minutes after the sirens started. Other organizations started posting after that, and the City of Dallas was one of the last to notify the public. If nothing else, a general “we are aware, nothing to fear, please stop calling 911” would have helped. I urge all of them to review their plans and work to the people of Dallas safe and informed.
The continued integration of technology and the Internet into our systems and lives open new avenues for hacks and attacks every day. Technologists need to remain vigilant and cautious when designing systems, doing their best to ensure security. Users of technology should continuously question whether a system needs to be on the Internet and remotely accessible. While convenient, some things might be better left to on-site access and local control. The cost of an attack on an exposed system can be very high. In this case, it appears to have just cost us some sleep, and for that we can all be grateful.
Kevin Hickey's Blog 