Cyber Attack! 9-1-1 is Down! The Hospital Phones Failed! Activate the Emergency Communications Plan!

Call in the Calvary!

Dispatchers are unable to dispatch or communicate with public safety personnel. EMS personnel cannot communicate with Hospital Emergency Rooms or Advanced Life Support Medical Control Center physicians to get approval to administer specific drugs to save a life hanging in the balance.


Massive Cyber Attack on U.S. Government, Corporate Giants - Are 9-1-1 Centers and Hospitals Next?


The December 2020 disclosure of massive attacks on U.S. Government, corporate, non-governmental and non-profit entities has the attention of many organizations reliant on the Internet to operate. It also caused people to think more about what reliance on the Internet and its vulnerability means for their critical communications systems and its affect on the mission.

For example, if some of the most secure federal government and corporate computer systems, including the Department of Homeland Security (DHS), the National Nuclear Security Administration, the Departments of Commerce, Energy, Treasury and State, and corporate technology giants like Microsoft can be breached, how vulnerable are today’s 9-1-1 communications systems?


Image this scenario: The 9-1-1 communications system is incapacitated by a cyber-attack. Phone calls and text messages to 9-1-1 requesting Police, Fire, Rescue or Emergency Medical Services (EMS) go unanswered or are met with an indication that 9-1-1 is inoperative. It impairs public safety agencies from protecting the public, saving lives and property.


Dispatchers are unable to dispatch or communicate with public safety personnel. EMS personnel cannot communicate with Hospital Emergency Rooms or Advanced Life Support Medical Control Center physicians to get approval to administer specific drugs to save a life hanging in the balance.


Another scenario: Hospital workers on the third floor East Wing call a “Code Blue” to get additional help for a patient in respiratory or cardiac arrest, but the hospital’s telephone system is not working, nor is the computer system – both rely on the Internet Protocol (IP). Code Blue team members on the first and second floors are unaware of the call for help.


Meanwhile, other medical providers throughout the hospital are unable to order lifesaving medications from the in-hospital pharmacy on the computer network or by telephone. And the emergency room is unable to request and coordinate the medical evacuation of a trauma patient by helicopter to the closest trauma center.


The conversion of in-building telephone systems to Voice over Internet Protocol (VoIP) systems makes them reliant on a fully operational computer networking system for in-house communications and a viable Internet connection for communications beyond.


While a hospital is not a 9-1-1 center, it is considered critical infrastructure and it is also instrumental in the saving of lives. It too, relies on computer network-based, IP technology to operate. The vulnerabilities of the 9-1-1 system apply to hospitals and other critical infrastructure on which we rely, including the very providers of Internet (Cable TV, Cellular, Fios and similar offerings, Satellite, etc.) and utility services (Electric, Water, etc.).


Since at least 2013, 9-1-1 communications systems have been the targets of cyber-attacks. In 2013, DHS and the FBI issued a warning to States about several attacks that were launched. In the seven years that have followed, attacks have continued. Some attacks left the 9-1-1 centers crippled, and unable to operate. For example, the August 2017 attack on the 9-1-1 system in Schuyler County, NY left the center unable to communicate with public safety personnel.


A cyber-attack on government, corporate and non-profit organizations has long been a concern and too frequently, a reality. The outcome and consequences of the attacks has varied from minor to major.


On October 25 and 26, 2017, 9-1-1 centers in more than a dozen States were left paralyzed by a “zombie” call cyber-attack. The impact was widespread, spanning the country from California, Washington, and Texas to Florida and elsewhere. At the time, Trey Forgety, director of government affairs for the National Emergency Number Association, an organization closely aligned with 9-1-1 centers and their staff, stated, “This was a serious wake-up call.”


ARES D1 uses radio systems that are geographically dispersed. Their communications systems use the Earth’s atmosphere as their “transmission media and transport layer;” use a variety of communication modes and digital algorithms, most of which are extremely difficult to intercept and properly decode. And, they operate on a wide array of randomly selected radio frequencies, which when combined, make successful cyber-hacking virtually impossible.

One of the biggest and most damaging cyber-attacks was the 2015 attack on the U.S. Government’s Office of Personnel Management, which exposed the background investigation information and personal information of millions of government personnel holding or applying for sensitive security clearances. Approximately 21.5 million individuals were directly impacted by the attack according to the federal government.


Most of the attacks are not disclosed to the public, or even to government agencies. Reasons include concerns for panic among users of the computer network; damaging the public’s opinion of, and confidence in, the organization; a potential drop in stock prices; and the encouragement of other would-be attackers to attack the organization in cyberspace or in a physical terroristic act in the present time of vulnerability at in the future.


The Problem – Advanced Technology


In the past, 9-1-1 centers used microwave, fiber, and copper backbone circuits. Two-way radio analog and digital (including voice, telemetry, and data) systems connected the center with Police, Fire, Rescue, and EMS resources dedicated to the protection of the city, saving lives and property. Computer Aided Dispatch (CAD) systems were networked locally. The computer, two-way radio and backbone systems worked reliably almost all the time.


When a disaster or other event, including a technological failure happened, backup systems and workarounds were used. The best prepared 9-1-1 centers, Hospitals and other critical infrastructure called in “the Calvary” – the Amateur (Ham) Radio Operators. Many 9-1-1 centers or Emergency Operations Centers had a Ham radio system inside, so it had near instant connectivity to access the Amateur Radio Emergency Service (ARES) network and its distributed resources.


Today, copper circuits have mostly been replaced by fiber. Microwave remains. Analog has given way to digital two-way radios. CAD systems have become more complex and remain networked, but using IP the network extends beyond the single 9-1-1 center or local area. Now CAD systems are often regionalized. When a disaster occurs, the more complex, modernized, and more resilient systems still rely on backups and workarounds. What is missing? The Calvary!


The December 2020 cyber-attack disclosure came months after the cyber-attacker(s) entered and remained in the highly secure, well-protected computer systems. The attacker(s) remained undetected by even the most sophisticated security systems, while they had access to and likely gathered highly sensitive data.


The scope of the attack and its damage is still being determined. Experts predict the exact scope will not be clear for years. “This hack was so big in scope that even our cybersecurity experts don’t have a real sense yet,” said the head of the U.S. House of Representatives oversight committee, Stephen Lynch, after attending a classified briefing on the incident.


Back to my original question, if even the most secure computer systems of the federal government and corporations can be breached, how vulnerable are today’s 9-1-1 communications systems? And, similarly, other critical infrastructure.


When examining vulnerability, we must take note that most local governments and regional 9-1-1 centers, Hospitals and other critical infrastructure entities lack the funding needed to hire full-time cybersecurity professionals or invest in the most modern cybersecurity protective hardware and software. Often the role for cybersecurity is tasked to the Information Technology (IT) staff, some, or many of whom, have attended cybersecurity seminars, classes, or certification programs at some point in their career. Few have the resources, time, or capability to stay abreast of the technology and techniques or lack the funding for frequent upgrades to the security systems.


Need Help? “Dial 9-1-1”


Since 9-1-1 was introduced in the 1970s, many emergency service vehicles, websites and public education programs have and continue to display “Dial 9-1-1 for Emergency” or similar wording. 9-1-1 systems have saved countless lives and property over the decades. Now, its technology is outdated and being updated. But who does 9-1-1 call when it needs help?


Since 2017, the “Next Generation 9-1-1” (NG9-1-1) system is being implemented across the country. It is an Internet based system that relies on Emergency Services Internet Protocol (IP) Networks (ESInets) engineered to carry voice and data. Indiana, Massachusetts, Maine, and Vermont were among the initial States to implement the new system. Since then, other States, including Washington, have implemented the technology.


DHS’ Emergency Communications Division’s document, Cyber Risks to Next Generation 9-1-1, states that traditional 9-1-1 systems using standard voice-based telephone systems and closed, internal computer networks that supported CAD systems with little to no interconnection with other systems reduced the likelihood and impacts of cyber-attacks.


The report continued, that while NG9-1-1 Internet-based networks and interconnections enable new benefits, they also increase the likelihood and impacts of cyber-attacks that disrupt or disable 9-1-1 center operations.


A study by Yisroel Mirsky and Mordechai Guri, both of Ben Gurion University’s Information Systems Engineering program, which was published in January 2020 by the Institute of Electrical and Electronics Engineers (IEEE), one of the world’s largest technical professional organizations, concluded that cyber attackers using simple, inexpensive equipment could block access to even the most modern NG9-1-1 centers and access to emergency services in an entire State for days.


Nine months later (October 2020), all Washington NG9-1-1 center telephone systems were down statewide. Prior to that event, in February 2019, NG9-1-1 systems were inoperable in three well-populated Washington cities near Seattle. And, for more than a day in December 2018, 9-1-1 systems in Washington were disabled following a Distributed Denial-of-Service cyber-attack. 9-1-1 callers were blocked by Hackers from gaining access to the 9-1-1 centers, they received busy signals instead. All three incidents occurred after Washington State implemented the NG9-1-1 technology.

9-1-1 outages are a reality. They have happened before and are likely to continue to happen for a variety of reasons, including cyber attacks. Backup plans using cellular and satellite phones may not be enough. The prudent emergency planner knows Amateur Radio Emergency Service (ARES) brings skilled and experienced professional, volunteer emergency communicators and a variety of capabilities to get critical messages through when all else fails.


In its document, entitled, “Cyber Risks to Next Generation 9-1-1,” DHS states the increased vulnerability to NG9-1-1 do not undermine the benefits of the technology. But it cautions, “As cyber threats grow in complexity and sophistication, attacks could be more severe against NG9-1-1 systems….”


Beyond cyber-attacks, 9-1-1 communications system failures have been attributed to other causes. For example, Colorado experienced fifty-four 9-1-1 disruptions in 1998 and 30 additional disruptions in 1999. Some were due to weather, some human or technological error or malfunction.


With 9-1-1 systems being so dependent on the Internet, an accidental cut of a data cable during construction or digging, the misalignment of a microwave dish on either end of a network link caused by severe windstorm, tornado, or an earthquake, or extreme icing on a microwave antenna can also render a 9-1-1 center useless, or at least significantly reduce its capabilities.

Severe ice conditions, severe weather conditions or disaster caused damage can make 9-1-1 microwave and radio communications, cellular and Internet communications inoperable.


Most organizations have a plan to respond to a cyber attack or disaster and recover from the situation. And, a Continuality of Operations Plan (COOP) provides guidance and action steps the help ensure the organization continues to operate.


Many COOP plans call for the use of cellular and/or satellite telephones as the organization’s primary backup communications. But the organizations often understand that both are dependent on the Internet, and expensive to use in most cases. The backup systems also often fall short by not having the ability to communicate with multiple people or agencies with just one message or a single effort. In an emergency or disaster, reducing the effort and time to get help and contact others is critical. Additionally, using satellite phones requires some skill and practice, unlike a cellular phone. How often are satellite phone practice sessions held? Usually not often, or if they are, it is limited to a few key personnel.


The Solution – More Technology and Call in the Calvary!


Indiana Amateur Radio Emergency Service (ARES) District 1 (D1) serves the Northwest Indiana geographic area, bordering Chicago and the nearby Illinois counties. Following an absence of at least five years, it was resurrected in late September 2020. Its volunteer personnel now include engineers, doctors, firefighters, medics, emergency managers, students, businesspeople, government employees, retired individuals and more.


ARES D1 is the only officially recognized contingency, emergency and supplemental (auxiliary) volunteer communications organization within Indiana’s Lake, Porter, LaPorte, Newton and Jasper Counties operated in accordance with and under the auspices of the American Radio Relay League (ARRL) and its Memorandums of Understanding with the Association of Public-Safety Communications Officials-International (APCO-International) (9-1-1 Center personnel), Federal Emergency Management Agency (FEMA), National Weather Service (SKYWARN), Society of Broadcast Engineers (SBE) (TV, Radio, Internet Service and Cellular Providers, etc.), American Red Cross, Salvation Army, Civil Air Patrol (CAP), National Volunteer Organizations Active in Disaster (NVOAD) and other organizations.


ARES D1 personnel are trained, experienced, and practiced volunteer professional radio operators skilled in providing modern, reliable, interoperable, accurate, resilient and timely contingency, emergency, and supplemental communications. They also provide real-time severe weather observation data; resource position tracking and telemetry, ground-truth intelligence (“eyes and ears”) and serve as “force multipliers” for governmental and non-governmental public safety, critical infrastructure (Hospitals, Utilities, etc.), and emergency management related organizations and partners at all levels.


The volunteers receive training offered by the Federal Emergency Management Agency (FEMA) and become certified in accordance with the standards of the National Incident Management System (NIMS) and with FEMA’s National Qualification System (NQS). They are also eligible to be credentialed by Emergency Management agencies, Red Cross or other organizations. Some are trained and certified by the National Weather Service as Severe Weather Spotters. All are licensed by the Federal Communications Commission (FCC).

ARES ' skilled, experienced , practiced and professional emergency communicators use a variety of FCC approved capabilities to get critical messages to their destinations when all other communications systems fail.


These volunteers proudly answer the call for “amateurs,” or “Hams,” but amateurs they are not. The term “amateur” was established by the FCC many decades ago to distinguish the volunteers as the unpaid professionals they are from paid radio operators. The distinction continues in regulatory language and federal legislation.


Using a blend of technologies from yesteryear to today, from analog to digital, from voice to imagery, telemetry and data, ARES D1 personnel can establish communications between a 9-1-1 center, Police, Fire Rescue, EMS, Public Works, Utility Providers, Hospitals, Vaccination Points of Distribution, Emergency Operations Centers, Incident Command Post, Mobile Command Center and other critical infrastructure locations, or vehicles.


They can provide interoperability with local, regional, State and federal governmental agencies, the military, including all of the Defense Department forces, Coast Guard, and the National Guard. Additionally, with the Civil Air Patrol, the Indiana Guard Reserve, and similar State sponsored military militia organizations, as well as emergency management and humanitarian relief organizations including the Salvation Army, and others throughout the State, region, across the nation, and if needed, worldwide.


ARES D1 can transmit and receive encoded Email messages to and from Outlook and other Email systems in use at distant points; provide voice communications, transmission, and reception of Incident Command System (ICS), Hospital Incident Command System (HICS), Red Cross and other emergency incident forms, Spreadsheets, photos, other Images and more. And they can provide real-time weather information and a direct two-way radio connection to the National Weather Service Forecast Office.


ARES D1 uses radio systems that are geographically dispersed. They can be at fixed, mobile or portable locations to meet the need of the organization being supported during the emergency or disaster. Their communications systems use the Earth’s atmosphere as their “transmission media and transport layer;” use a variety of communication modes and digital algorithms, most of which are extremely difficult to intercept and properly decode. And, they operate on a wide array of randomly selected radio frequencies, which when combined, make successful cyber-hacking virtually impossible.


Attesting to the experience, reliability and capability of volunteer emergency communicators like those in ARES D1, the DHS Cybersecurity and Infrastructure Security Agency (CISA) National Emergency Communications Plan states:


“Volunteer emergency communications operators and groups using amateur radio have been providing backup communications to event planners, public safety officials, and emergency managers at all levels of government for nearly 100 years. Often, amateur radio services have been used when other forms of communications have failed or have been disrupted. Today, nearly all the states and territories have incorporated some level of participation by amateur radio auxiliary communication operators into their Tactical Interoperable Communications Plans and Statewide Communication Interoperability Plans, allowing them to quickly integrate the operators into response efforts, which can strengthen communications and operations during incidents and planned events of any scale.”


All 9-1-1 Centers, Hospitals, Emergency Management Agencies, Utility providers and other critical infrastructure locations should consider establishing a relationship and Memorandum of Understanding with ARES D1 or if located outside of the ARES D1 geographic area, with the ARES group that serves their geographic area.


For more information, visit www.aresd1.com or contact w1spy@arrl.net

36 views0 comments