Public warning systems are crucial during natural disasters, terrorist attacks or armed hostilities, and as such, their reliability is key. They need be promptly initiated during emergencies, and they need to be absolutely silent at all other times, as false alarms may damage the credibility of the system and create panic and havoc.
Emergency alarm system false alarms, caused by hacking, have been reported in Dallas (where the SirenJack malware triggered false alarms in the greater Dallas area for 90 minutes) and in many other cities across the US vulnerabilities that can equally cause such incidents exist.
Sirens are controlled using various methods: RF, analog landlines, wireless, serial cable connections and over IP, same the control methods used by SCADA systems. Thus, the cyber risks and risk mitigation methodologies of SCADA systems apply also to PWS/EAS systems.
The hackers in the Dallas incident penetrated the EAS system in the middle of the night using a rouge radio device. Once in, they were able to take over the system’s controls, forge activation messages and sound alarms, by simply replaying recorded messages that had been broadcast during scheduled system tests. The hackers exploited an innate system vulnerability: U.S. public safety systems use a control channel with a known RF frequency (700MHz, reserved by the FCC,) and a control protocol that sounds an alarm when a clear tone is broadcast on the public safety channel.
[inject id=’code-47fd23f73a9caecab1e206306adae7f9′]
As with all legacy control systems, the Dallas EAS lacked the capability to protect itself against cyber-attacks and intruders. The communication between the Emergency Control Center and the remote loudspeaker locations was left unsecured, and there were no intrusion detection or protection mechanisms set in place. Luckily, the hackers had no malicious intent beyond setting off the alarm, which nevertheless enraged the local population.
This case further emphasizes the extent to which SCADA systems affect our day-to-day lives. Remotely-controlled automation systems are embedded in smart buildings, intelligent transportation and many other staples of modern life. Many of these systems use legacy communication methods that lack proper security. At Radiflow, we have come across multiple power and water facilities that still use dial-up modems for remote maintenance, and whose security strategy was that no-one knows the dial-up phone number (!).
To prevent future attacks, standards and regulations need to be set for each industry. Any proposed set of mechanisms should combine multiple products and solutions, with an IPS (Intrusion Protection System)—an active in-line device for inspecting and protecting data traffic—as the first line of defense.
According to the NIST Guide to Industrial Control Systems (ICS) Security, the IPS needs to meet the following requirements:
An example for such a product is the Radiflow RF-3180 Secured Gateway, which was designed specifically to operate in harsh environmental conditions, and is compliant with all relevant European and US governing regulations.
To further secure the EAS, an additional layer of protection can be installed in the form of an IDS (Intrusion Detection System, such as the Radiflow iSID Industrial IDS.) While the IDS is not a real-time defense mechanism (i.e. it will not stop the attack as it occurs,) it very much increases the chances of detecting early signs of intrusion prior to the attack itself.
In conclusion: public warning/announcement and emergency alarm systems are prone to cyber-attacks by hackers and other adversaries. Due to most PWS’s age and design flaws and their critical public safety role, it is imperative that a comprehensive cyber-security “overhaul” project is launched to maintain the reliability and effectiveness of these systems.
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3
Cybersecurity e Safety: le sfide della Transizione 5.0 | 15 novembre 2024