Senators Bill Nelson (D-Florida) and Amy Klobuchar (D-Minnesota), in a few weeks, will introduce a federally funded bill that will upgrade current 911 systems to Next Generation 911 (NG911) models. NG911 systems can receive text messages, photos, videos and other information from smartphones, tablets, and other devices as emergency communication.
The bill will leave the control of 911 systems at state and local levels; develop uniform technical standards nationwide; provide increased federal administrative and procurement support for 911 systems by creating an “NG911 implementation coordination office;” and provide cybersecurity training to 911 personnel. Additionally, states will get more federal funding through 911 grant programs at the Departments of Commerce and Transportation. A recent draft of the bill shows that the date for full implementation of NG911 is yet to be determined.
The bill is a response to increasing vulnerability of 911 systems across the country to cyber-attacks. Four months ago, Meetkumar Desai, an eighteen-year-old iPhone app developer in Phoenix launched a self-described malware “prank” that phished iPhone users and caused their phones to repeatedly call 911. AZ Central reported that the malware generated a volume of calls enormous enough to shut down 911 services across Maricopa County. A news release from the County Sheriff’s Office states that Desai worked with an online friend to orchestrate the attack in an attempt to “make a non-harmful, but annoying bug that he believed was ‘funny’.”
Desai’s telephony denial-of-service (TDoS) attack endangered emergency call centers in twelve states, including Arizona, Washington and California. They were “in immediate danger of losing service to their switches,” officials said. Desai, currently out of jail, faces two felony charges in a hearing that comes up on March 30.
Statescoop reports that there is a surge in TDoS attacks against usually unprotected 911 centers and similar public safety systems. A 2015 Federal Communications Commission report shows that thirty-eight states “spent no 911 funds in 2014 on 911-related cybersecurity programs,” but a 2016 report of the commission noted drastic improvement in most states: “Thirty-six states, the District of Columbia, and Puerto Rico reported spending 911/E911 funds on NG911 programs in calendar year 2015.”
Research to secure 911 centers from TDoS attacks have cost millions of dollars in the last two years. SecureLogix, a Texas-based telephone-security company, looks at automatically spoofed calls and differentiates them from real calls. Research at the University of Houston with support from the Department of Homeland Security is focused specifically on NG911’s ability to defeat TDoS. A handful of 911 call centers across the country are currently piloting some of the new solutions.
Larry Shi, assistant professor of Computer Science at the University of Houston said in 2015 when he began research on TDoS, “this could become a life or death matter for callers in medical distress or reporting a fire. Whether it’s a person experiencing a heart attack or an explosion at one of Houston’s many chemical plants, every minute is critical in mitigating damage and reducing issues. We aim to address this now before it becomes a problem as well as a develop solutions to be better prepared in case a cyber attack.”