Emergency services a likely target for cyberattacks, warns DHS
Ransomware attacks in particular threaten to disrupt services.
Calling 911 is meant to save lives. But the emergency service, and others like it, are also viewed as ripe targets for criminally minded cyber-attackers, according to a new federal assessment – and any vulnerability in those critical networks can expose victims to a multitude of dangerous ripple effects.
The analysis, compiled by the Department of Homeland Security (DHS) and obtained by ABC News, outlines concerns that the Emergency Service Sector can be exploited and mined for sensitive data, in turn hampering medical and law enforcement services and posing an ongoing threat to personal information and public safety.
"Cybercriminal exploitation of data stolen during ransomware attacks against the Emergency Service Sector (ESS) likely poses a persistent criminal threat due to the exposure and availability of victims’ personal information," according to the April 10 bulletin.
Ransomware attacks have “disrupted the networks of police department and 911 call center operations,” the bulletin continued, putting computer-aided dispatching services out of commission and forcing emergency services “to revert to manual dispatching to sustain their operations.”
Once stolen, potentially sensitive personal information and police records can be leaked, sold or otherwise used by the attackers “to facilitate additional crimes — including extortion, identity theft, and swatting,” the DHS bulletin said.
“Whereas cyberattacks were once considered to be a technology issue, today they’re considered a threat to the very operations of law enforcement and other public safety agencies,” said John Cohen, the former intelligence chief at the Department of Homeland Security, now an ABC News contributor.
“Imagine the impact on local public safety if jail management systems were inoperable because of a cyberattack, that police communication capabilities were disrupted, that the public was unable to contact local police in an emergency, that detectives and investigators were unable to access sensitive case data,” Cohen added. “If a foreign terrorist group, or a nation state, can tie up law enforcement responses by targeting their 911 call center, or police departments can't gain access to investigative or other important information – that will hamper their emergency response, and aid a threat actor in achieving their operational objectives.”
And because of how fundamental and highly sensitive emergency systems are, and the availability of personally identifiable information they include, they may strike cyber criminals as particularly attractive targets to extort, the DHS bulletin said, due to "the possible perception that ESS entities are motivated to pay ransoms to ensure continuity of services."
“For a police department, or fire department, or any emergency service to be hijacked in any way, it’s a big problem for public safety and, additionally, you have to have a lot of resources devoted to addressing it. And it can also prevent us from doing investigations,” said Robert Boyce, an ABC News contributor and retired chief of detectives in the New York Police Department.
The new federal analysis punctuates an already volatile moment in America, as partisan tensions seethe ahead of a high-stakes presidential election, multiple wars are being waged abroad, and political violence has already broken out overseas.
Meanwhile, domestic extremists that remain emboldened to attack are also adopting more blended ideological grievances, intelligence analysts have found, making it increasingly difficult for authorities to identify the motivations behind attacks.
“As we’re going into election season, there is increasing concern that local communities will experience a combination of cyber information operations and physical attacks simultaneously. The physical activities, to disrupt the election process, and the cyber activities to disrupt the ability of local officials to respond,” Cohen said.
In the 21st century, such threat actors are aided by a mushrooming array of technological advances that offer new, creative tools – like cyberattacks.
In January, a cyberattack hit the department of emergency communications in Bucks County, Pennsylvania, outside of Philadelphia, affecting its computer-aided 911 system – forcing dispatchers to use pen and paper to take information from callers, according to ABC station WPVI.
The same month, the computer system in Fulton County, Georgia, was hacked, paralyzing many government services and causing aftereffects that persisted for weeks.
State, local, tribal and territorial governments “manage the majority of ESS networks and are among the groups ransomware actors most often victimize, yet most do not have the resources to independently improve their cybersecurity posture," according to the DHS bulletin.
Further, emergency services “often rely” on state, local, tribal and territorial government networks that “use legacy information and operational technology systems – the replacement of which can be prohibitively expensive or disruptive to operations—and lack sufficiently trained and resourced information technology and cybersecurity personnel,” the bulletin said. It urged a “collaborative, cross-jurisdictional approach to cybersecurity and prioritizing cyber hygiene best practices” to shore up the vital networks against “unsophisticated network intrusions.”
“Good preparation is good prevention,” Cohen told ABC News. “The threat environment is volatile and complex, and the level of preparation that’s taking place at the state and local levels far exceeds anything that I've seen in my 40-plus years.”