Ever think it’d be nice if hacking attempts came with full DEFCON 5 alarms – and the alerts and sirens started up whenever a user clicked on an obvious phishing link in an email? Well, as the city of Dallas found out at 1 a.m. one morning, maybe not so much.
The city’s tornado warning system was hacked, leading to sirens sounding for hours throughout much of the night, starting at 11:40 p.m. until 1:20 a.m. This resulted in panic, with 911 receiving at least 4,400 phone calls concerning impending attacks or emergency conditions.
The intended use of the system is to alert people to severe weather conditions, so the cause for alarm was justified. Except there was no need for the alarms.
That didn’t stop emergency personnel from needing to rule out an actual emergency, first. Fixing the problem also proved to be difficult, as the hacker continuously attacked the system while technicians were attempting to power it down.
Every time the staff reportedly had fixed the problem, the 90-second sirens would start right back up again. An investigation led staff to believe the hacker was local, especially given how Dallas’ emergency system’s signal was configured.
Eventually, the system had to be powered down until the following day when the vulnerability was patched. This event was loud and focused a lot of attention on the state of our technical infrastructure. The number of attacks on infrastructure systems has steadily risen throughout the years.
If you recall, in 2013, Iranian military hackers attacked a dam in New York, attempting to gain control of its systems. Reportedly, the computer system of the dam was antiquated, which security experts say reflects the current state of many critical systems nationwide.
This event also brought attention to the trend of the tech industry’s relian
ce on IoT devices. The more connected systems become, the more they tend to rely on older, more vulnerable systems. And when one part of the network becomes compromised, the rest can be expected to follow.
One way IT pros can keep the damage from attacks confined have separate networks for IoT systems to run on. That way, when hackers target the more vulnerable systems, like vending machines or lights, they’ll be separated from systems containing more sensitive data. Another might be to level the playing field and update the older systems.
The post Dallas – and the rest of us – receives cybersecurity wake-up call appeared first on IT Manager Daily.
