How to Protect Your Siren System from Hackers

Emergency siren systems respond in various ways based on the type of activation tone that is transmitted. The tones correspond to the type of event that has occurred. Sometimes they will sound in a continuous burst for a predetermined length of time, other times they will sound in a series of short bursts, and for the most severe events they might emit prerecorded audio that contains critical instructions, for instance evacuation orders in the event of a wildfire.

In April 2017, someone hacked into the emergency weather siren system operated by the city of Dallas. The sirens are intended to warn citizens of weather events so serious that they should take immediate cover. Most of the time the sirens are used to warn of tornadoes, which are quite common in the region in the spring. On this night, the hacker reportedly unleashed all 156 sirens in the system simultaneously. Some media reports indicated that they blared for about 90 minutes, while others indicated that they sounded more than a dozen times for 90-second intervals. Regardless, the hack spawned quite a bit of panic. It also generated a lot of questions from government officials, the media and citizens.

Last month, sirens went off in Genesee County, Michigan, without any emergency to justify turning them on. Reportedly, this was the third time the sirens were activated in a month without apparent cause, and county public safety officials believe that the system was hacked each time.

It is surprisingly easy to perform such a hack. While setting off the sirens when no emergency is unfolding is panic-inducing, even more chilling is the prospect that a hacker would use the siren system to disseminate recordings containing bogus instructions, which potentially could have disastrous consequences for the emergency response effort and, more importantly, public safety.

Attacks against critical infrastructure in the United States are increasing, and that includes public safety infrastructure. In the last two years alone, more than 180 cyber attacks have been launched against 911 centers. In a story published last year by the Dallas Morning News, James Norton, deputy assistant secretary of the U.S. Department of Homeland Security during the President George W. Bush administration and now the president of a cybersecurity firm, characterized the Dallas siren hack as “probably not a one-and-done [event].”

"I think you will see more of it as it goes on, as organizations look to target major cities and find gaps,” Norton said at the time. “It could have been some folks wanting to send a signal ... or a lead-up to something else. It's hard to speculate. But it's a warning to the state and locals to update their systems and become more sophisticated."

We believe we have a better way. MCP subject-matter experts currently are assisting clients in Colorado and Kentucky to implement secure siren communication systems designed to defeat these types of attacks. The key to our approach is to encrypt the radio tones that activate the sirens from end to end. Though other encryption schemas are available, the MCP-specified technology is compliant with the Advanced Encryption Standard (AES), which is considered “public safety grade” and is required in most government and military systems. Though AES encryption is more expensive than the other options, it is worth the added cost—as the adage goes, one gets what one pays for, and encryption is no exception.

This is one of the first instances in the U.S. of using encryption to protect the radio signals that carry siren system activation tones. While the encrypted signal still can be intercepted by a scanner, doing so is pointless because the hacker cannot decrypt the signal.

While this sounds like a solution that is as simple to execute as it is effective, the truth is just the opposite—indeed, encrypting these systems can be challenging. We would love to help you work through those challenges and execute an upgrade that makes your siren system immune to hacks.