If you haven’t heard by now, the City of Dallas fell victim to a hacker this past weekend. Someone managed to turn on ALL 156 of the city’s tornado sirens multiple times. The event started at 11:30 pm on Friday, April 7th and continued into the early morning hours of April 8th.
As a Cyber Security professional, this story raises more questions than answers, but I want to focus on two of the big ones that pop out to me.
First: Is the critical, potentially lifesaving, infrastructure of the tornado sirens connected to the Internet? If so, why?
The United States has major infrastructure vulnerabilities due to potential connections to the Internet. From nuclear plants, to water treatment centers, to power grids, our infrastructure is highly vulnerable to attack. Now tornado sirens? What average person would have thought they could be potentially on the Internet?
Notice, I did not ask if the tornado sirens are on a network but on the Internet.
The most fundamental way to protect critical infrastructure from Cyber-attack is having a closed loop network that only performs the critical services in question. Is that the case here? Are the sirens on a closed loop network, or have city officials left the public vulnerable by having mission critical systems on the Internet where anyone can attack them, if they know where to look?
Second: How did the hacker gain access?
The city is fairly confident that the attack came from outside of their organization, but how did this occur?
Based on the attack, it is safe to say the sirens are on a network (Internet or closed loop) and controlled by a software management system, but how did that individual get in. Is there any possibility the system wasn’t actually hacked, but someone within the city was the victim of a Phishing attack?
Remember that 85% of all organizations polled have been victim to a Phishing attack, and Spear Phishing, that is targeting specific individuals, has an incredibly high success rate, as well. Could it be that this hacker didn’t exploit issues with software, but someone provided the hacker with their password? Could someone have fallen victim to a Phishing attack that compromised a critical system with a virus?
A big part of me wonders if this hacker just demonstrated that the human element in the equation is the true weakest link in any cyber security defense.
While I suspect it may take time for the truth to come out, the hacking of the Dallas area tornado sires only shows that not enough attention is given to Network Security, Cyber Security, and to Cyber Security Awareness within organizations.
UPDATE:This news was unexpected. The city suspects is was, indeed, a hack via wireless.While they are not saying exactly how or what took place, the info they have given is rather interesting. The person(s) who did the hack spent some time and had some knowledge of what they were doing. This raises additional questions that I thought about including in the original post but decided against simply to keep things short… More thoughts coming on this soon.