Baltimore 911 Suffers ‘Limited Breach,’ Forcing Temporary Manual Operations

Officials confirmed a weekend cyberattack that impacted emergency dispatch systems as well as the city’s 311 services.

by Kevin Rector, The Baltimore Sun / March 28, 2018
Baltimore Police patrol officer Lakea Lee fills out information on her prowler while an ambulance waits with one patient at a two-vehicle crash during a police ride-along in the city's Eastern district on Sept. 22, 2017. Baltimore's 911 dispatch system was hacked over the weekend, prompting a temporary shutdown of automated dispatching and an ongoing investigation into the breach, Mayor Catherine Pugh's office has confirmed. (Karl Merton Ferron/Baltimore Sun/TNS) TNS

(TNS) —  BALTIMORE — Baltimore’s 911 dispatch system was hacked by an unknown actor or actors over the weekend, prompting a temporary shutdown of automated dispatching and an ongoing investigation into the breach, Mayor Catherine Pugh’s office confirmed to The Baltimore Sun on Tuesday.

James Bentley, a spokesman for Pugh, confirmed the Saturday morning hack affected messaging functions within the Computer Aided Dispatch, or CAD, system, but said the mayor would not otherwise be commenting on the matter Tuesday.

Dave Fitz, an FBI spokesman, said his agency was aware of the breach and provided some technical assistance to the city.

Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, said in a statement that city personnel had “identified a limited breach” of the CAD system, which supports the city’s 911 and 311 services, at about 8:30 a.m. Saturday.

Johnson said 911 and 311 “were temporarily transitioned to manual mode” and continued to operate without disruption.

“This effectively means that instead of details of incoming callers seeking emergency support being relayed to dispatchers electronically, they were relayed by call center support staff manually,” Johnson said.

City personnel were able to “isolate and take offline the affected server, thus mitigating the threat” of the hack, Johnson said.

The CAD system was fully restored by 2 a.m. on Sunday after “a thorough investigation of all network systems,” Johnson said.

The mayor’s office did not respond Tuesday to questions about what information was or might have been compromised, the specific nature of the hack, whether there are any suspects, or if there have been any other attacks on the city’s emergency response systems in recent years.

The CAD system automatically populates 911 callers’ locations on mapping systems and makes connecting them with the closest emergency responders far more efficient — especially when callers from mobile phones don’t know where they are or are confused about their exact location.

Such systems also send information being taken by dispatchers directly to first-responders in some cases, and log information for data retention and records.

When a CAD system isn’t working, as Baltimore’s wasn’t on Saturday, dispatchers essentially must revert to taking all of a caller’s information verbally, and with nothing to reference it against to make sure it’s accurate, said Brian Fontes, the CEO of NENA, an association that represents 911 professionals across the country.

“It’s much less efficient,” Fontes said.

While such systems do not store much personal or financial data like that targeted in other high-profile hacks, they can contain some medical information and provide back-door access to important mapping systems used by cities like Baltimore.

They are also critical to a city’s ability to respond to other disasters, something bad actors interested in causing damage beyond the cyber realm might wish to undermine.

“If I’m a bad actor out there and I wanted to do some real harm beyond the 911 center, one of the main things I would want to do is bring down the 911 center,” Fontes said. “If there were a concerted attack of some sort, you want to make sure that your 911 centers are up and running because they are your dispatch centers for emergency responses.”

Operators of 911 centers around the country have been coming to terms with their systems’ vulnerabilities to cyberattacks more in the past few years as more attacks have been reported, Fontes said.

The U.S. Department of Homeland Security warned of the problem in 2015, noting that the move by 911 centers and other “public safety answering points,” or PSAPs, to internet-based systems meant “an increase in their vulnerability to cyberattack.”

“News reports of successful government website hacks appeared frequently over the past year, with several hacktivist groups openly targeting cities and local government for political reasons,” the Emergency Management and Response Information Sharing and Analysis Center, which falls under the U.S. Fire Administration and the Federal Emergency Management Agency, wrote in an alert.

“While PSAPs don’t hold valued information like credit card numbers or social security numbers, they do often house names and addresses and sometimes medical records,” the alert read. “This information can be combined and can be used to help a hacker get the more damaging information.”

Some attacks on 911 systems use compromised mobile devices to send a deluge of calls to 911 centers, overwhelming them. Others take control of a system and demand a ransom for its release. It’s not clear what the Baltimore hack entailed.

Fontes said his organization stresses “redundancy and resiliency,” and many centers are moving to “next generation” technologies that allow them to operate on back-up systems, or virtually, in cases of attack.

©2018 The Baltimore Sun Distributed by Tribune Content Agency, LLC.