Emergency planners routinely think about the outside world: What if that building fell to a natural disaster or man-made attack, or that neighborhood flooded? What if hackers disabled that water plant or took out the power grid?
Now turn that same question inward. What if they struck against you?
Consider cybercrime, one of the fastest-growing forms of social malice. Victims in the news typically include banks, online commerce and political targets. But hackers have taken aim against government institutions as well, and it’s not a far leap from there to imagine an attack against first responders themselves. It’s no sci-fi scenario to posit an attack against a 911 system, an emergency response center or police resources.
In fact, the threat is very real, and today’s emergency managers are tasked with ensuring not just that their systems are rock-solid, but also that their response plans are in place.
The Ohio Emergency Management Agency gives credence to the possibility that its own systems could someday come under cyberattack. The agency actively plans for such an incursion and thinks hard about remediation, said spokesperson Tamara McBride.
“We’re sitting down with our cyberworkgroup and discussing just that question. We’re very focused on the consequences of those threats,” she said. Suppose the department’s own communications systems were sabotaged, leaving no ready route to connect with citizens. “Do we go door to door? Do we go up the street with a bullhorn or reach out to ham radio volunteers? Those are all the things that are on the table.”
Maybe the bullhorn sounds excessive, but a range of experts say it would be hard to be too prepared for an attack that went to the core of emergency operations.
First of all, let’s admit there’s a threat. Starting at the top of the pyramid, the number of significant cybersecurity events against the U.S. government increased 680 percent over a five-year period, from 5,503 in 2006 to 42,887 in 2011, according to the U.S. Government Accountability Office.
So there’s clearly vulnerability within government. But does that trickle down to the state and local levels, specifically to emergency operations?
In Spartanburg County, S.C., a recent cyberattack flooded nonemergency phone lines, pushing calls over onto the 911 system, potentially jamming the emergency system and slowing dispatchers’ ability to respond to crisis calls.
Indianapolis Public Safety Director Troy Riggs paints an even grimmer picture. Speaking with local reporters after a forum on cybercrime, he offered a scenario in which an attack on first responder systems coincided with a terror attack. Essentially the idea is to detonate a bomb, then flood 911 call systems or cripple essential computers to stop responders from heading to the scene. It’s a techno-driven version of a common terror scenario in which a second bomb goes off just as ambulances arrive to treat the victims of a first explosion.