April 13, 2017
As news of the hacking of the Dallas emergency siren system spreads, this is a question on many minds. A growing number of municipalities, military bases, industrial facilities, and campuses utilize these systems to alert and protect their populations. Acoustic Technology, Inc. (ATI), a leader in the mass notification industry, has long anticipated the potential for such vulnerabilities, and has designed systems for many years that incorporate advanced security protocols to prevent attacks.
Radio control systems for sirens have evolved greatly over the years. Simple on/off control systems using DTMF tones were relatively easy to hack or spoof. In contrast, using FSK modems to encode digital data sent over the radio eliminates the most obvious vulnerabilities. However, providing true cybersecurity is complex, and needs to be addressed from many angles.
Some system operators have been reluctant to upgrade to more modern control systems due to budgetary concerns. However, in light of recent events, it has become clear that not upgrading can also be costly.
Many older systems include few, if any, of the advanced security features ATI can provide. All ATI command packets (including those sent over radio) are protected by several security features, including encryption with Advanced Encryption Standard (AES).
ATI's proprietary system control software, MassAlert™, is designed to prevent intrusion and to secure the communication links to warning systems in the field.
MassAlert™ employs a credential hierarchy to ensure users and administrators only have access to appropriate functions. Also, storage of critical system data is encrypted and ATI's remote unit controller hardware includes watchdogs on program operation and Cyclical Redundancy Checks on stored program code.
Finally, MassAlert™ uses the more modern Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), for protection of communication running over IP links such as Ethernet, fiber optics, Wi-Fi, or satellite.