Partners: Dallas Emergency Siren Hack Illustrates The Need For Regular Security Assessments

Solution providers are stressing the importance of keeping systems up to date after a hack left over 156 emergency sirens wailing for over an hour and a half in Dallas.

An unknown hacker tricked Dallas' emergency notification system into sending repeat signals, activating each siren 60 times starting on Friday evening, according to the Dallas Office of Emergency Management.

"We are glad that no permanent damage was caused, but it does illustrate the point that you really need to assess your systems on a regular basis," said Stephen Monteros, vice president of business development and strategic initiatives at Ontario, Calif.-based solution provider Sigmanet. "Our model has always been to provide regular security assessments as we find threats continue to evolve."

[Related: Partners Warn Against Application Layer DDoS Attacks Targeting IoT Devices]

The sirens, which typically warn citizens of severe weather, prompted concerned and confused residents to call 911, clogging that system as well, according to Dallas OEM.

Investigators said they believe the person responsible for the hack is from the Dallas area. The Federal Communications Commission in aiding in the investigation.

’This is yet another serious example of the need for us to upgrade and better safeguard our city's technology infrastructure," Mike Rawlings, the mayor of Dallas said in a statement. ’It's a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind. Making the necessary improvements is imperative for the safety of our citizens.’

Meanwhile, the Dallas Office of Emergency Management said more safeguards were put in place to prevent the situation from happening again.

The security of various vulnerable systems has become a bigger concern for local governments. In February, the Department of Homeland Security issued an assessment that warned that attacks against law enforcement, fire departments, and other emergency services are likely to increase in frequency.

The assessment, which noted that "vulnerable systems include call-center communications management software, closed-circuit TV camera systems, interactive voice response systems, and emergency alert systems — particularly wireless emergency alert systems," said that the unified nature of systems creates more targets for hackers.

Channel partners can take measures with city customers to avoid vulnerabilities in their critical infrastructure, including performing regular backups of all critical information to limit the impact of system loss and to help expedite the recovery process.

Emergency system operators also need to maintain up-to-date antivirus software and keep operating systems and software up to date with the latest patches.

"This was probably from legacy infrastructure that's not really robust, maybe not new and based on budget constraints," said Jon Salisbury, CTO of SmartLink, a Newport, Ky.-based solution provider specializing in smart cities.

"When you connect these systems from a city standpoint, if you don't have proper controls and policies for the proper segmentation, these things will happen," he said. "I think there's a lot of security firms around that would be able to do [an] assessment, put in designs that take human error out of it. There are tons of solution providers that can look at that."