In 1968, the U.S. introduced the emergency number 911 which replaced the traditional dialing numbers for the police, fire, and ambulance. Today, North Carolina alone receives 8 million annual calls to 911, that’s more than 23,000 a day delivered across 188 call centers, and they all rely on the technology of 20 routers to service your emergency, come to your aid, and keep you safe and well.
Whether at home or exploring the great outdoors, we all try to live with a sense of security, confident in the fact that should an emergency occur, we can dial 911 and help will be immediately dispatched. But have you ever stopped to consider what you might do if this critical call for help was denied because you could not connect to 911? Through the use of new attack known as a Telephony Denial-Of-Service (TDoS), this type of cyber threat has the potential to significantly jeopardize public safety. As such, it’s worth looking more closely at our emergency response systems and where their vulnerabilities lie—and more importantly, how they can be mitigated through knowledge and awareness.
While it’s true we are surrounded by pioneering technology that helps support our day-to-day systems, services, and processes, it’s important to remember that technology-based capabilities are only considered cutting-edge until they are superseded. In technology, there is always a capability verse requirement gap, and telephone lines are no exception. Further, computer networks have limits to capacity and can be subject to overloading. An attacker’s strategy is to use or block vacant connections with malevolent traffic, thereby leaving no lines available for reports of genuine emergencies.
911 System Vulnerabilities
- 911’s capacity to take calls is limited, with contact centers often built only to manage ‘normal call volumes’ under ‘typical circumstances.’
- The U.S. government considers the 911 system to be a crucial form of infrastructure. Although this response system if a lifesaving resource, technological progress has simply not kept up with the necessary requirements for advanced security in such a vulnerable, fragile infrastructure.
- States often depend on a single router to process all of their 911 calls. Sole routers can be overwhelmed, making it easy for an attacker to affect multiple call centers. The ‘Rocky Mount SR’ router in North Carolina serves 64 call centers—and more than 50 percent of those are in the North Carolina State.
The October 2016 Attack On Our 911 Services
In October of 2106, a teenager from Arizona actually executed a successful attack against iPhones and the emergency response system. By infecting the mobile devices with malware, he was able to program the phones to repeatedly call 911 and then immediately disconnect. More than 100 fraudulent calls were made in just a few minutes, putting the emergency center under significant strain and risking their ability to maintain service and response to genuine emergencies in a timely fashion.
Are Our 911 Systems Robust?
The Ben-Gurion University used experimental testing in controlled environments to ascertain what level of interference and disruption the emergency services could withhold. Their investigations determined that just 6,000 infected phones were enough to interrupt services in any U.S state and anticipated that 200,000 contaminated smartphones could create a substantial impact to the safety of our people across the entire U.S..
Denial-of-service attacks are challenging to block. The Federal Communications Commission (FCC) stipulated that 911 dials made from mobile phones are immune to enhanced filtering. The screening and filtering of calls could make call legitimacy difficult to determine and could additionally prevent genuine calls from connecting to the relevant emergency response teams.
How Are We Developing The Protection Of Our Emergency Services?
So, has any money been spent to support this vulnerable infrastructure? In 2015, the University of Houston was awarded $2.6 million by The Department of Homeland Security for the sole purpose of further developing technology that could protect our 911 systems against denial-of-service attacks.
How Could The Government Make Our Emergency Response Teams Less Susceptible To Attacks?
- A greater network spread. Over-investing in single routers will increase chances of a major failure should it come under attack.
- Federal Authorities may potentially process only calls from phones that are attached to a legitimate service plan, thereby ensuring traceability. Of course, there are wider concerns about possible repercussions and the chance of a legitimate calls being blocked, which could lead to increased injury and death.
- Thought should be given to firewall installation on devices to identify and stop recurrent 911 calls that present as botnet activity.
What Should You Do If 911 Fails?
Planned attacks aren’t the sole cause of impacted 911 services; we must also consider the possibility of natural disasters or hardware failure. There are things you can do to support yourself, such as ensuring your home is equipped with fire extinguishers and trauma kits, and that you are trained in basic first aid.
The 911 Emergency Response Teams are there to protect you, and a true crisis should warrant an immediate call. Many believe that the emergency services are more vulnerable to an attack than researchers might predict. We can acknowledge that improvements to defense strategies take time, research, and understanding—the question is, how much time do we have?