As more and more pieces of our environment get connected to the Internet, the number of potential targets of a cyberattack becomes staggering, and the possible consequences become increasingly worrisome.
Take what happened recently in Dallas, TX, where most of the city’s population was woken up in the middle of the night to the wailing of sirens because of a cyberattack. Around midnight of Friday, April 7, all 156 of the city’s emergency alert sirens were activated at the same time. The alert system was designed to warn citizens of incoming natural disasters (storm , tornados, etc.), prompting a flood of 911 calls from worried residents.
Ever wonder what the end of the world feels like? #dallas #sirens — ManicPixieDreamGay (@deadlyblonde) April 8, 2017
At first, officials believed that the alarms had gone off due to some sort of a system failure, but they later informed the public that it was in fact a cyberattack that had set them off. Details of the attack were not revealed for security reasons.
Although the attacks are believed to have originated in Dallas itself, identifying its authors will be a tricky business. “Like finding a needle in a haystack,” said Rocky Vaz, director of Dallas’s Office of Emergency Management about the probability of finding the attackers. Nevertheless, they have requested assistance from the FCC.
The Security of Smart Cities
The consequences of an intrusion such as this one could be devastating. Authorities have already taken measures to minimize the risk of future attacks, and although they have asserted that the attackers would not have been able to shut down the system completely, the vulnerability of critical infrastructure poses a major threat to smart cities that are increasingly dependent on being connected to the Internet.
Every day, the Internet of Things is growing new limbs and stretching further into the urban landscape. This makes almost everything a potential target, including parking meters, stoplights, public transport, and, as was the case in Dallas, emergency alert systems.
And this is actually not the first time that a major American city has been confronted with a cyberattack of this kind. In 2016, a ransomware wreaked havoc on San Francisco’s tramways, and electronic traffic control signs were toyed with in (once again) Dallas. All of this serves as a strong reminder for cities to take security seriously and reinforce their defense systems with strong security solutions before their critical infrastructure is, inevitably, targeted in an attack.
You might need to update this article. I believe the city is now publicly talking about the exploit being implemented via a radio interface, and not a computer-based attack via network.
Basically, they said the attacker transmitted a radio command that activated each siren. I’m completely speculating, but it sounded like a radio command is used to activate the system and the sirens all respond or relay the command. Which would make sense as you don’t want to depend on wires running to each siren station.
It raises the question of whether this is a “cyber” attack just because the system is connected to computers (and what system today isn’t?) if the exploit channel was not originating from across the Internet or wifi.