Our 9-1-1 system is vulnerable to attack

Apr 14, 2017Uncategorized0 comments

911A telephony denial of service (TDoS) attack is a specific type of DDoS attack that originates from or is directed towards a telephone system with the intent of bringing down the targeted system. These attacks commonly focus on commercial businesses and may often include ransomware requests. In reality, these attacks can affect anyone, including our nation’s 911 infrastructure, because even it is not isolated from or immune from these types of attacks. And based on its mission, in many ways, it is more fragile.

Unintentional TDoS attack

Just last year, 911 centers across the country, including a site in Phoenix, Arizona, were the targets of allegedly unintentional 911 TDoS attacks when some malicious JavaScript code was published on a web page. The code, once loaded on a smartphone browser, would cause some devices to automatically dial 911 repeatedly without user intervention and without the user’s knowledge.

The bug, found in the Apple iOS, was recently corrected in Apple’s latest 10.3 release. Now, user confirmation is required before the phone will automatically make a call. While this fix should minimize the net effect of this specific type of focused attack by embedding code on a web page, there remains the possibility—if not the likelihood—that other TDoS attacks, with more nefarious intentions, could trigger similar events, ultimately preventing citizens from reaching 911 centers during dire times.

911 lines go down in Amarillo, Texas

Last week Amarillo, Texas, also experienced an outage with its 911 system.

Just after 7 a.m on Thursday, April 6, public safety dispatchers at the Amarillo, Texas, Police Department were forced to turn to social media to notify the public that their 911 lines were not working. In some ways similar to the recent outages in Dallas, the root cause of this outage was an overload of inbound 911 calls, spanning a short period of time.

Amarillo Police Sgt. Brent Barbee told reporters that while he was familiar with what are termed as “mass call events,” he had never witnessed them coming in “from one source” as was being experienced that morning. Typically, these events occur during weather events or if there’s a major accident on the highway and a large number of citizens with cell phones call in simultaneously to 911, creating a spike in call volume that is difficult to manage.

The subsequent investigation by Amarillo Police revealed that the source of these calls was from a multi-line telephone system at a local business. Once the company was contacted and made aware of the problem, officials disconnected the system and the problem was successfully cleared.

Unfortunately, the damage had already been done. It was reported that during this uninitiated attack, the Amarillo Emergency Communication Center received about 470 calls over a 90-minute span, averaging to over 11 calls per second. It was not known how many calls may have been missed; however, police officials reported they were not aware of any issues left unresolved. In this instance, the huge volume of this traffic was accidental, although certainly not difficult for anyone with malicious intent to replicate: overloading the inbound call-taking capabilities of a center and staff, effectively taking them out of service.

Just how vulnerable are we?

Although no official industry statistics exist, most industry experts will agree that approximately 80 percent or more of the nation’s estimated 6,000-plus Public Safety Answer Points (PSAPs) in the United States are operating with six positions or less.

Around the country, many agencies in metropolitan areas are moving or considering moving to consolidated, regionalized models for their public safety centers. In addition to this model providing financial benefits from physical and virtual consolidation, technology advantages are more realistically deployed, and centers can interwork with each other, effectively providing a meshed Next Generation 911 (NG911) safety net for citizens.

Using the NENA i3 framework, NG911 offers a modern approach to network security and protection based IP-based architecture and capabilities. In fact, cybersecurity remains the greatest concern. With new multimedia, multimodal methods of communication that will receive not only voice traffic, but also text messages, pictures and video from public sources, network design and implementation must address segmentation, detection and isolation of potential threats in addition to resiliency and reliability.

Interim solutions may be possible

While next-generation 911 networks are being built and deployed, can something be done to protect us from these attacks? Fortunately, the answer is a simple one, yet complex at the same time.

An initial response that would have solved the problem in Amarillo would be for the local exchange carrier to provide the PSAP with the ability to selectively block traffic from a specific source number for a predetermined period of time. To ensure this isn’t abused, checks and balances could be put into place that control who and when blockages can be applied, as well as what call routing is applied to blocked numbers. Likely, a happy medium could be reached that would still protect individuals while not denying other legitimate callers access to critical emergency services.

One thing to remember is that these problems have mostly been solved in the commercial space. These lessons learned need to be examined and then reshaped for the public safety use cases as we start deploying modern emergency service networks.

What will it all cost? Can we afford it?

At this point, it probably costs more to keep the legacy system running. An upgrade or replacement is likely to have an overall lower TCO, and, as with most upgrades to technology, the payback may be faster than you think. If the problem is about shoveling money out the window, don’t worry so much about the size of the shovel, just close the window!

By Mark J. Fletcher for Networkworld.com by IDG | Pixabay Mashup