Pranksters, Hackers, Swatting and Service Failures: 911 Systems Need an Upgrade
FlaglerLive | April 2, 2017
A recent rash of disruptions in antiquated 911 emergency-response systems points up the urgent need for new technology to save lives in the wireless age. But few states or localities have the financial means to pay for it on their own.
Earlier this month, AT&T wireless customers nationwide found they couldn’t dial 911, prompting local emergency officials in more than a half dozen states — including Alabama, Colorado, Florida, Indiana, Oregon, Tennessee and Texas — to tell people to call an alternate number or text authorities in case of emergency. The company said it was a “service issue.” The Federal Communications Commission is investigating.
In Dallas this month, callers were unable to reach 911 during spikes in calls that put hundreds of people on hold. City officials blamed a combination of calls from T-Mobile customers and a shortage of people to handle calls. To combat the problem, officials have dedicated $2 million to upgrades, increased staffing and asked T-Mobile to disable a feature that calls 911 repeatedly if an initial call does not go through.
And in October, a malicious Twitter post with a link targeting faulty phone software caused people’s cellphones to repeatedly call 911 in cities around the country in what investigators now think was the largest cyberattack on the country’s emergency-response system, The Wall Street Journal reported.
During the attack, emergency call centers in at least a dozen states from California to Florida were overwhelmed by a storm of calls for 12 hours over two days. A Washington state teen was arrested and accused of sharing the link as a prank. Apple said it is “putting safeguards in place” to prevent similar incidents on its iPhones.
The attack illustrated how aging 911 systems are vulnerable to malicious hackers who may deliberately program multiple phones to crash emergency networks, either by infecting phones with malware or by buying a few thousand phones, according to a 2016 paper on U.S. call center security by Ben-Gurion University’s Cyber-Security Research Center in Israel.
Flagler County on occasion has its own 911 system abusers, usually restricted to individuals who repeatedly call the dispatch center even after it’s clear they have no emergency, and after they’ve been warned to stop. An arrest usually follows. There have also been so-called “Swatting” calls, as was the case on two occasions last week, when a man using a Skype account, so as to foil any attempt to trace him, called in a claim that his house in Palm Coast’s F Section was on fire, his parents weren’t home, and he didn’t have a phone to call 911. The call was placed at 48 minutes after midnight. Units were dispatched, and five minutes later the emergency was called off. The dispatch center did have an alert on the residence noting that it had been a victim of Swatting and fake deliveries before.
An hour later, 911 again got a call, this time on the department’s administrative landline, claiming “father shot mother with a Ruger” at the same address, according to dispatch notes. When asked if he was going to continue calling in pranks, the male went, “hey hey hey hey” and disconnected. See the narrative of the two calls here and here.
All of the incidents demonstrate the need for states and localities to switch to the newest “next-generation” internet-based technology that uses digital routing instead of old-fashioned phone lines with switches. Internet-based systems are better capable of handling cellphone traffic that is subject to accidental or malicious misuse. (Flagler County’s 911 system, which has had its own issues, is moving in that direction but funding is an obstacle.)
An estimated 70 percent of emergency calls are now made via cellphone, but few states and localities have the technology to fend off abuse or buggy software that can cause cellphones to call 911 repeatedly and stall the entire system.
The newest internet-based technology “offers a wider suite of defensive tools” for call centers, said Trey Forgety, government affairs director for the National Emergency Number Association, which represents government agencies and private firms involved in the emergency system.
Calls thought to be malicious or repetitive could be flagged and diverted automatically to systems that could detect whether they are legitimate by using techniques such as requiring clicks or voice commands, Forgety said.
Most emergency officials know how vulnerable their systems are. But they worry about where they will get the money to upgrade them.
“It’s easy to crash some of the bigger systems like Denver and Dallas,” said Monica Million, operations manager at the Grand Junction Regional Communication Center in Colorado. “The next-generation protocol is a more secure pipeline with better monitoring software than we currently have. But most of us in the states don’t have the financial resources to make the transition ourselves.”
Million estimated Colorado would need $15 million to move the state into the newest next-generation technology.
The cost of making the switch will vary by jurisdiction, but major metropolitan governments can expect to spend between $5 million and $7 million, and potentially more depending on other equipment and network needs.
The National 911 Program, housed in the U.S. Department of Transportation, is studying the costs associated with the transition to help Congress develop a long-term funding plan. U.S. Sen. Bill Nelson, a Florida Democrat, has circulated a draft bill that would help with funding.
Fairfax County, Virginia, is one of the few localities to install a next-generation system after years of planning for the costs, said Steve Souder, who oversaw the transition last year as the county’s director of public safety before retiring. It’s part of a $4.3 million regional project to upgrade systems in the Northern Virginia suburbs outside Washington, D.C.
The county was having trouble with 911 outages caused by cellphones, Souder said. Once the new infrastructure is in place, the county can finally “take defensive action against attacks with bogus calls or call storms,” he said.
Some of the states and localities that were among the first to move to an internet-based service are finding that the technology is evolving so fast they already need to upgrade.
In 2012, Washington became the first state to have a 911 service based on internet connectivity. But the technology isn’t advanced enough to keep pace with today’s mobile phone issues, as the October Twitter prank demonstrated. An Olympia call center was shut down for about 15 minutes by the storm of bogus calls.
Washington now plans to upgrade its technology so that it can “shed” excess calls to neighboring call centers at busy times, said Andy Leneweaver, the state’s deputy state 911 coordinator. The estimated initial cost of the upgrade is $5 million, but it will cost a total of $45 million over five years.
“It can’t prevent the problems,” Leneweaver said, “but it can help mitigate them.
–Tim Anderson, Stateline, and FlaglerLive