San Francisco's emergency sirens fixed after security bug found
- The San Francisco Department of Technology announced late last week it has fixed a security bug with the city’s 114 emergency sirens, according to the San Francisco Chronicle and others.
- A security flaw in the sirens, which are used to alert residents to severe storms and other catastrophes including earthquakes, major fires and terrorism, could have enabled hackers to take control. Department of Technology officials declined to comment on the nature of the vulnerability to the Chronicle, though they said it related to how electronic signals were being encrypted.
- In a statement to the Chronicle, Linda Gerull, executive director of the Department of Technology, said the "upgrade increases the security of a piece of the public safety system in use citywide.” She promised to share the lessons learned with other cities.
This fix to San Francisco’s emergency siren system comes on the heels of recent revelations that the City of Baltimore’s 911 dispatch system was hacked, forcing it to be switched to “manual mode” before being fully restored 17 hours later. And it has striking reminders of an incident in Dallas last year, when that city’s 156 emergency sirens were hacked and reportedly went off more than a dozen times in the middle of the night, causing stress to the area's 911 system.
StateScoop reports San Francisco learned of the need for an upgrade in early February, but the municipal government disagreed with local security firm Bastille — which flagged the issue — on how to handle it. Bastille is expected to release more information soon giving its side of the story on what happened.
As hackers become more sophisticated, cities with similar emergency warning systems must make sure their technology is able to withstand such threats. In Dallas, the hack was attributed to someone with a radio that broadcast specific tones and activated the sirens. With so many cyberattacks being mounted on everything from cities’ electrical grids to emails and ATMs, it is up to city leaders to be prepared and be resilient.
In an interview with Smart Cities Dive, Andrew Salkin, senior vice president for City Solutions at 100 Resilient Cities, said there must be more thought on that area of cybersecurity among American cities. "The folks in Europe ... they’re a little bit ahead of where the conversation has been in the United States," Salkin said.
There are plenty of ideas out there on how to improve cybersecurity, including the use of the yet-to-be-hacked blockchain, but the onus is on cities to be proactive rather than reactive when threats reach their digital doorsteps.
- StateScoop San Francisco discloses security flaw in public warning system
- San Francisco Chronicle We didn’t know it, but SF’s emergency sirens had a security bug — it’s fixed now
Follow Chris Teale on Twitter