HOUSTON — Hackers and terrorists might target next-generation 911 dispatch centers, making the service unavailable for people in need.
To prevent cyberattacks to emergency services, the Department of Homeland Security (DHS) has awarded $2.6 million to the University of Houston to develop technology to protect emergency response systems, such as current and next-generation 911 systems, against Distributed Denial of Service (DDoS) attacks.
The grant is part of a larger Distributed Denial of Service Defenses (DDoSD) program recently announced by DHS.
DDoS attacks are an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Additionally, the attacks addressed by the University of Houston computer scientists not only threaten to disrupt emergency services, but also hold them hostage by demanding a ransom.
“These hackers engage in blackmail, trying to extort payment in return for not launching an attack that would make access to 911 services unavailable,” said Larry Shi, the principal investigator on the grant. “Banks have been a big target, and emergency services have also been compromised. The FBI and DHS issued security alert warnings to call centers of the possibility of such attacks.”
One of these cyberattacks already happened in New York, where service was interrupted from several hours to a day.
Used to render key resources unavailable, a classic DDoS attack usually seeks to disrupt an organization’s website and temporarily block a consumer’s ability to access it. A more strategic attack makes a key resource inaccessible during a critical period, which is what Shi and his colleagues are working proactively to prevent.
A life or death matter
“This could become a life or death matter for callers in medical distress or reporting a fire,” Shi said. “Whether it’s a person experiencing a heart attack or an explosion … every minute is critical in mitigating damage and reducing issues. We aim to address this now before it becomes a problem, as well as develop solutions to be better prepared in case a cyberattack does come to pass.”
Another scenario that played out in California, he said, involved tens of thousands of prank calls. He explained how programs can be written to make robocalls to easily overwhelm an emergency call center’s resources. Adding to the problem is that many call centers are traditionally understaffed. Shi said even dead cellphones not connected to a service can be hacked to make 70 calls per minute, preventing those with valid emergencies from getting through.
As more systems become connected and reliant on the Internet, they become more vulnerable to cyberattacks.
“With Wi-Fi in everything and the prevalence of smart devices nowadays, we must think out of the box,” Shi said. “Even refrigerators can be hacked.”
The researchers will work with a variety of consultants and subcontractors, including SecureLogix, a company specializing in security and management, First Watch, a firm specializing in public safety data analysis; and the Industry Council for Emergency Response Technology.