DHS working to protect emergency call centers against denial-of-service attacks

The distributed denial of service attack on managed DNS provider Dyn that made portions of the internet unreachable on Oct. 21 is just the latest example of the disruption caused by a system that finds itself overwhelmed with requests.

MORE INFO Answering the call for solutions to 911 TDoS attacks Experts are still dialing for dollars when it comes to ideas for how to mitigate the risk, or even the impact, of a potential telephony denial-of-service attack on the 911 emergency services system. Read more. Is an attack on emergency services just one call away? A recent study revealed how easy it would be for bad actors to overload and disable infrastructure for the 911 emergency services in the United States. Read more.

Similar to DDoS attacks, telephony denial-of-service attacks – where bad actors flood the system with illegitimate calls to knock out access to emergency services or other critical communication -- are reportedly on the rise. Tech-savvy criminals, hacktivists and even malicious nation-states see the phone system as a critical way to strong-arm federal or local authorities to pay them ransom, pay attention to their cause or just wreak havoc.

With more government services facing potential cyberthreats by telephone as well as online, the Department of Homeland Security has a cluster of efforts underway to lower the risk and the impact of potential telephone system-based attacks.

Such attacks can swamp a 911 call center, causing a potentially life-threatening risk.

In a TDoS attack an overwhelming number of calls are sent to the 911 system, and “the high number of bogus calls effectively ties up system resources so that actual 911 calls may not get through,” DHS Science and Technology Directorate Program Manager Daniel Massey said.

“As attacks become larger and more sophisticated, it is very important that systems for defense also improve to meet this threat,” he added. “Our project can play a significant role in helping defend against future attacks.”

In fact, DHS has a number of efforts underway to try and stem the tide of TDoS attacks, according to Mark D. Collier, CTO of SecureLogix Corp., a San Antonio, Texas-based telephony technology vendor working with DHS. Their core project together seeks ways to detect spoofing -- or differentiating fake calls from legitimate ones -- and aims to apply this to potential TDoS attacks, Colliers said.

In another project, in conjunction with the University of Houston, SecureLogix and DHS are investigating how the move to Next Generation 911 might impact TDoS attacks, particularly in relation to emergency services. “When you’re dealing with 911, this could be a real emergency situation,” Collier said. “We want to make sure that we are never dropping the right call.” Collier said the pilots his company is working on include at least two city 911 call centers and a major dispatch line for police and fire fighters.

Larry Shi, principal investigator for the University of Houston, said that different government agencies including the FBI and DHS have noticed the “growing number of TDoS attacks against both commercial call centers and emergency communication systems. Without proprietary protection, these attacks against 911 call centers can easily make the service unavailable which may cause serious consequences, like loss of lives.”

“The work funded at SecureLogix and University of Houston directly addresses the TDoS problem. The research team is working to develop mitigation strategies that are low cost, based on open standards and can significantly strengthen the resilience of emergency response systems against TDoS attacks,” Massey said.

The emergency dispatch system is “a national critical infrastructure whose availability, resilience and integrity are of paramount importance,” Massey said. “The next generation 911 system, NG911, will enable emergency calls from any wired, wireless, or IP-based device and will also allow multimedia sharing.” Unfortunately, this evolution may also make NG911 more vulnerable to different types of existing or new cyberattacks, he added.

“This is all about the DHS cybersecurity mission of testing these [solutions] in the real world, and getting results,” Collier said. Another pilot underway aims to protect government employees’ mobile phones from attack or breach, he added.

Ultimately, Massey said he expects these projects to produce “cutting-edge technology that can be easily deployed by the conclusion of the project.” The results of the pilot deployments should help demonstrate the effectiveness of the solution identify issues that may still need to be resolved and show how the results can be widely applicable to 911 systems around the country, as well as other critical systems that are vulnerable to telephony attacks.