Attacks, crashes underscore need for new 911 systems

 

Connecting state and local government leaders

Recent disruptions in legacy 911 emergency-response systems point up the urgent need for new technology, but few states or localities can afford the upgrades.

This article originally appeared on Stateline, an initiative of the Pew Charitable Trusts.

A recent rash of disruptions in antiquated 911 emergency-response systems points up the urgent need for new technology to save lives in the wireless age. But few states or localities have the financial means to pay for it on their own.

MORE INFO

Attackers can make it impossible to dial 911

If we are to prevent denial of service attacks on 911 systems, we must understand where the weaknesses lie, both in technology and policy. Read more.

How to secure 911 systems

While the threats facing emergency response systems depend on what type of infrastructure jurisdictions possess, officials can take steps to protect their networks. Read more.

Cities, states plod toward 'Next Generation 911

States and cities must exchange their traditional emergency phone systems for Internet Protocol networks, which can send digital voice, photo and video information over the internet. Read more.

Answering the call for solutions to 911 TDoS attacks

Experts are still dialing for dollars when it comes to ideas for how to mitigate the risk, or even the impact, of a potential telephony denial-of-service attack on the 911 emergency services system. Read more.

Earlier this month, AT&T wireless customers nationwide found they couldn’t dial 911, prompting local emergency officials in more than a half dozen states -- including Alabama, Colorado, Florida, Indiana, Oregon, Tennessee and Texas -- to tell people to call an alternate number or text authorities in case of emergency. The company said it was a “service issue.” The Federal Communications Commission is investigating.

In Dallas this month, callers were unable to reach 911 during spikes in calls that put hundreds of people on hold. City officials blamed a combination of calls from T-Mobile customers and a shortage of people to handle calls. To combat the problem, officials have dedicated $2 million to upgrades, increased staffing and asked T-Mobile to disable a feature that calls 911 repeatedly if an initial call does not go through.

And in October, a malicious Twitter post with a link targeting faulty phone software caused people’s cellphones to repeatedly call 911 in cities around the country in what investigators now think was the largest cyberattack on the country’s emergency-response system, The Wall Street Journal reported.

During the attack, emergency call centers in at least a dozen states from California to Florida were overwhelmed by a storm of calls for 12 hours over two days. A Washington state teen was arrested and accused of sharing the link as a prank. Apple said it is “putting safeguards in place” to prevent similar incidents on its iPhones.

The attack illustrated how aging 911 systems are vulnerable to malicious hackers who may deliberately program multiple phones to crash emergency networks, either by infecting phones with malware or by buying a few thousand phones, according to a 2016 paper on U.S. call center security by Ben-Gurion University’s Cyber-Security Research Center in Israel.

And all of the incidents demonstrate the need for states and localities to switch to the newest “next-generation” internet-based technology that uses digital routing instead of old-fashioned phone lines with switches. Internet-based systems are better capable of handling cellphone traffic that is subject to accidental or malicious misuse.

An estimated 70 percent of emergency calls are now made via cellphone, but few states and localities have the technology to fend off abuse or buggy software that can cause cellphones to call 911 repeatedly and stall the entire system.

The newest internet-based technology “offers a wider suite of defensive tools” for call centers, said Trey Forgety, government affairs director for the National Emergency Number Association, which represents government agencies and private firms involved in the emergency system.

Calls thought to be malicious or repetitive could be flagged and diverted automatically to systems that could detect whether they are legitimate by using techniques such as requiring clicks or voice commands, Forgety said.

Millions of dollars needed

Most emergency officials know how vulnerable their systems are. But they worry about where they will get the money to upgrade them.

“It’s easy to crash some of the bigger systems like Denver and Dallas,” said Monica Million, operations manager at the Grand Junction Regional Communication Center in Colorado. “The next-generation protocol is a more secure pipeline with better monitoring software than we currently have. But most of us in the states don’t have the financial resources to make the transition ourselves.”

Million estimated Colorado would need $15 million to move the state into the newest next-generation technology.

The cost of making the switch will vary by jurisdiction, but major metropolitan governments can expect to spend between $5 million and $7 million, and potentially more depending on other equipment and network needs.

The National 911 Program, housed in the Department of Transportation, is studying the costs associated with the transition to help Congress develop a long-term funding plan. U.S. Sen. Bill Nelson, a Florida Democrat, has circulated a draft bill that would help with funding.

Continuous upgrading

Fairfax County, Va., is one of the few localities to install a next-generation system after years of planning for the costs, said Steve Souder, who oversaw the transition last year as the county’s director of public safety before retiring. It’s part of a $4.3 million regional project to upgrade systems in the Northern Virginia suburbs outside Washington, D.C.    

The county was having trouble with 911 outages caused by cellphones, Souder said. Once the new infrastructure is in place, the county can finally “take defensive action against attacks with bogus calls or call storms,” he said.

Some of the states and localities that were among the first to move to an internet-based service are finding that the technology is evolving so fast they already need to upgrade.

In 2012, Washington became the first state to have a 911 service based on internet connectivity. But the technology isn’t advanced enough to keep pace with today’s mobile phone issues, as the October Twitter prank demonstrated. An Olympia call center was shut down for about 15 minutes by the storm of bogus calls.

Washington now plans to upgrade its technology so that it can “shed” excess calls to neighboring call centers at busy times, said Andy Leneweaver, the state’s deputy state 911 coordinator. The estimated initial cost of the upgrade is $5 million, but it will cost a total of $45 million over five years.

"It can’t prevent the problems," Leneweaver said, "but it can help mitigate them."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.