|
Emergency Broadcast Systems
This section of our technical library presents articles written about Emergency Alert Systems and Disaster Recovery definitions, terms and related information.
The 911Broadcast emergency notification and alert service can deliver a large number of phone calls using a network of phone systems employing digital phone lines simultaneously. Should a disaster such as a snow storm, wild fire or flood hit your area, 911Broadcast systems can alert your community quickly providing specific instructions if an evacuation is required.
This service is available using our emergency broadcasting systems. If a dangerous chemical spill occurs in your community, you can target specific areas to call. If a severe snow storm hits your area, your community can be notified of school closings or event cancellations.
How Secure Are Emergency Alert Systems?
Emergency alert systems including media broadcast interruptions may be subject to disruption by hackers.
In the article "Insecurity Plagues Emergency Alert System" by Kevin Poulsen of SecurityFocus, www.securityfocus.com he states the following:
"The FCC-mandated network that lets officials interrupt radio and television broadcasts in an emergency is wide open to electronic tampering, and the government has no plans to fix it.
A national alert system that gives the president the ability to take over the U.S. airwaves during a national crisis may inadvertently extend hackers the same courtesy, thanks to security holes that put radio stations, television broadcasters and cable TV companies at risk of being commandeered by anyone with a little technical know-how and some off-the-shelf electronic components.
At issue is the Emergency Alert System (EAS), a nationwide network launched in 1997 to replace the cold-war era Emergency Broadcast System known best for making the phrase "this is only a test" a cultural touchstone. Like that earlier system, the EAS is designed to allow the President to interrupt television and radio programming and speak directly to the American people in the event of an impending nuclear war, or a similarly extreme national emergency. The EAS has never been activated for that purpose -- it was not used on September 11th -- but state and local officials have found it a valuable channel for warning the public of regional emergencies, recently including the "Amber Alerts" credited with the recovery of several abducted children over the summer.
But even with Amber's successes, the EAS is increasingly under fire by critics who charge that its national mission is obsolete in an era of instant 24-hour news coverage, and that the technology underlying it is deeply flawed. One of the most stinging criticisms: that the EAS is wildly vulnerable to spoofing, potentially allowing a malefactor to launch their own message that in some scenarios could quickly spread from broadcaster to broadcaster like a virus.
'It's very, very simple to generate those messages, and there's literally no security.'
-- Richard Burgan
The system works this way: The Federal Emergency Management Agency (FEMA) activates the EAS for a national alert through 34 radio stations around the country that act as "primary entry points" (PEPs) for the system. Those stations, typically all-news AM stations with powerful transmitters, immediately interrupt their programming to broadcast the alert on the air.
The alert begins with a burst of data coded by a low-speed modem, repeated three times. It's followed by an eight-second alert tone, and then spoken emergency information and instructions -- or a presidential address -- before another burst of data terminates the message.
'No Security'
The data header is the key to the system -- it's what allows the same broadcast to simultaneously warn the public, and other broadcasters. To radio listeners, it sounds vaguely like the quacking of a duck, but encoded within it is a timestamp, a station identifier, a region code, an expiration time, and a three-letter event code identifying the type of alert.
EAS boxes at hundreds of radio and TV stations are tuned in to at least one of the PEPs, and to them the burst is a wake-up call. The equipment reads the header, determines what kind of alert is being sounded, and then the station interrupts its programming to retransmit it (with its own identifier) on the air, and starts carrying the audio live.
Thousands of other stations are tuned to those broadcasters, and they do the same, until the message has filtered all the way down the hierarchy, even reaching cable T.V. companies which are required to interrupt every channel for a national alert.
The problem, experts say, is that the EAS data headers include no authentication whatsoever. That means anyone capable of following the specifications and with the skill to build a low-power radio transmitter akin to a "Mr. Microphone" toy can get their own messages into the system -- commandeering a radio or television station with a custom broadcast of their own, which would in turn be picked up by a cascade of other stations. An attacker could even omit the end-of-message indicator, leaving some stations off the air until engineers figure out the snafu.
"It's very, very simple to generate those messages, and there's literally no security," says Richard Burgan, a Columbus, Ohio radio engineer who's studied the problem. "If you were to go to one of the stations... and get near their antenna and generate a false transmission, you could start an EAS message that would lock up all the stations down the line.... You wouldn't be able to get the whole state that way, but if you were to do a little research you could pick the right point to get the most."
Alternative Plans Proposed
So-called "replay attacks," in which a spoofer records and retransmits a genuine message, would likely be thwarted by the region code and expiration time in the header. But the only thing preventing someone from generating their own original message are the system's non-standard 500 baud modems. That's not much protection: the modem specs are published in the FCC regulations, and the technology is simple and slow enough to be easily emulated by any off-the-shelf PC with a sound card. A transmit-only modem could even be built from scratch with a few dollars in components, according to Burgan.
"The only thing that's mentioned in any document I have relating to security is that you have to transmit the message clearly three times," says Burgan. "And that's not security. I think they overlooked it entirely because it's too complicated to do." The FCC adapted the EAS from an older National Weather Service system used to issue severe weather warnings.
Large broadcasters have personnel assigned to handle EAS alerts manually, and the humans in the loop provide a common-sense bulwark against obviously false alerts. But many smaller stations and automated broadcasters turn their transmitters over to the EAS automatically upon receiving an alert. A false alert could trigger widespread panic, and undermine public confidence in genuine warnings.
Though it's not known to have ever been exploited, the spoofing risk is one of the factors quietly driving calls to reform the EAS. In a paper published earlier this year, Columbia University researchers Henning Schulzrinne and Knarig Arabshian proposed enhancing the system with an Internet-based emergency notification system, noting that under the current design "it would not be hard to drive by an EAS receiver with a small transmitter and make it distribute a false alarm."
Peter Ward, chairman of the Partnership for Public Warning, a nonprofit group formed this year to explore advanced warning systems, would phase out the EAS, and replace it with an all-digital network tied to cell phones, digital televisions and pagers, turning any networkable device into a "smart receiver that would know the wishes of the owner, and could provide them with the information they want to receive." He says the potential for spoofing is only one the EAS's problems, and one that's "not likely to be corrected soon."
FCC Silence
In fact, with weak security etched into FCC standards, the system effectively creates open backdoors into broadcast stations across the country that the broadcasters are forbidden by law to secure. Burgan says the government should shoehorn security into the existing system, possibly by digitally signing EAS headers. "It wouldn't have to be very complicated to make it highly secure," he says. So why didn't the FCC build in security in the first place? "It's a classic case of something that was designed by committee," he says.
Other experts say that's unfair. "I really think that the EAS has provided a great service, and it needed to be simple to go into these mom and pop radio stations, literally running their own business with a transmitter in the back field," says Mark Manuelian, engineering manager at WBZ Radio in Boston, one of the primary entry points for the system. "These things stand alone in little radio station that have no Internet access... That's something we don't think of where we are in big cities."
Manuelian says the FCC isn't to blame, because information security wasn't on anyone's mind when the they were working on the plan in 1995. "They were doing something that was better than was there before," he says. "Whether they were thinking ahead to the year 2002 -- I guess they weren't."
The FCC is mum on the question -- indeed, on the entire issue. John Winston, assistant chief of the enforcement bureau overseeing the system, says the commission doesn't comment on EAS security. They're more talkative on the system's popular new role in Amber Alerts, through which parts of the country not prone to tornados and floods are becoming acquainted with EAS for the first time.
Under Amber, in the minutes or hours immediately following a child abduction, state officials use EAS to broadcast critical information like a description of a suspect's vehicle to the public. (Highway signs also disseminate Amber Alerts, and are not a part of EAS). The programs are gaining in popularity: last week, New York became the 17th state to adopt a statewide Amber Alert plan, and Senators Kay Bailey Hutchison and Dianne Feinstein introduced a bill that would set up a nationwide Amber program.
Ward says the successful Amber programs demonstrate that the killer app for warning systems is local alerting, not the national duck-and-cover message that the EAS, and the Emergency Broadcast System it replaced, was built for. "In the cold war days when we were talking about missiles coming over the poles there was a much stronger fear that all the broadcast authorities might have disappeared, and we needed a way for the President to commandeer the surviving broadcasters."
Activating Your Emergency Broadcasts
DSC systems allow you to initiate an emergency broadcast using several methods. Because emergencies can arise at any hour of the day or night, we have provided these multiple techniques so that you are not required to staff a center 24 by 7.
- Emergency Control Center
- DSC provides an Emergency Control Center PC interface to our phone systems that manages one emergency phone dialer or an entire network of dialers. Our emergency control program runs either on your local dialer or on the network where your dialer resides. This program lets you download phone lists and emergency phone messages and initiate the emergeny broadcast.
This program likewise lets you configure your network or emergency dialers and produces reports on the performance of your system or network.
- Web Based Control Center
- Our web based emergency notification system lets you access a web page for managing and activating emergency broadcasts. After entering a secure user id and password, you can download phone lists and recorded emergency messages. Using a menu selection, you can select any phone list/message combination to be broadcast online and initiate the emergency alert.
- Phone Activated Emergency Dialing
- If you are not able to access the internet and use our web based emergency dialing interface, we allow you to initiate an emergency phone campaign using a simple touchphone into our phone system.
After properly validating your account id and password, the phone system lets you select a pre-recorded messsage (or record one while you are on the phone). It then prompts you to identify the list of phone numbers to be called (previously maintained under your account). Finally this phone program will let you listen to the message to be sent and inform you of the size of the list of numbers to be called as a final check. If everything is ok, then pressing a touchphone key activates the calling program.
- Computer Activated Dialing
- Our emergency notification network also supports computer and web connectivity using XML technology. Thus, emergency communication can be initiated from your website or computer by automatically sending our emergency phone system a message containing a list of one or more phone numbers and a message to be sent to these individuals. The message can be text (which is automatically converted to voice) or a voice file.
For further information, visit our Emergency XML messaging web page.
|