Residents of Dallas, Texas, received an extremely unusual awakening late Friday night, April 7th when all 156 of the city’s emergency sirens started sounding. The alarms, which are intended to inform the public of emergency situations such as severe weather, blared for nearly two hours, terrifying and confusing the public. The city’s FBI office initially tweeted that the situation was due to a system malfunction, but was found that the alarm system was hacked. Having the right precautionary measures in place is crucial for public entities, as cyber issues have the potential to lead to confusion, panic, danger, and the leak of residents’ confidential information.
Cyber attacks are dangerous - and they’re on the rise
Dallas’s emergency system was taken down for a period of time to counteract the vulnerability, and at the moment is not yet back up and running. The disruption has decreased the availability of emergency services; at the moment the city’s 1.6 million residents have 911 lines, local media, and radio alerts to manage their emergency services. The person or group behind the hacks is also yet to be identified, though the origin has been reported to the Dallas area and it has been confirmed that the alarms did not come from their control system and were not remotely accessed; instead, the system was accessed through radio frequencies, and was possible due to a lack of encryption in the system’s signal.
As everything grows increasingly digitized, cyber attacks are on the rise. Federal data shows that cyber attacks on critical infrastructure rose by about 50% between 2012 and 2015, and the Department of Homeland Security has had trouble assembling a workforce to handle the increasing frequency and advancement of said attacks. Although 911 was previously mentioned as one of Dallas’s backup measures, the emergency number also isn’t secure from a cyber attack: last October, a tweeted malware link dialed 911 to anyone who clicked the link, and would only stop if the device was turned off. A similar issue happened to T-Mobile users who found themselves making “ghost calls” to 911, which led to severely increased wait times for the non-spectral callers. There have even been other infrastructure hacks; Lemont’s sirens were hacked in 2012, Montana’s television alert system was hacked in 2013, and it has been found that many infrastructure systems are left vulnerable due to a lack of preparation and awareness of the security issues. With digital infrastructure on the rise, it is worrying to think of what could be hacked in the future.
All public entities should take these security measures
The situation in Dallas illustrates the importance of having certain cyber security measures in place if you work for a public entity. One such measure is having an established shut-down protocol to ensure employees know how to disable functions in the event of an emergency. Another should be to have a backup system to communicate reliable information to the public. A computer security team should evaluate all systems regularly for weaknesses.
Lastly, ensure that you are properly covered in an emergency. In many cases, general liability insurance only covers bodily injury and property damage (and because electronic data is not tangible, it won’t be covered), and many other forms of coverage do not cover cyber attacks or expenses related to notification and communication. Cyber liability insurance will protect a public entity against liability claims from unauthorized access to or leaking of confidential information, and as well as claims from transmitting malware to a third party.
It is imperative to be prepared in the event of an emergency. Contact your HUB broker today to learn more about how to safeguard your entity from cyber attacks.