From Dark Reading
By Mykola Konrad, VP of Product Management, Ribbon Communications
An estimated 240 million calls are made to 911 in the U.S. each year. With the population estimated at more than 328 million people, this means each U.S. resident makes, on average, more than one 911 call per year.
So, what happens when the system goes down?
Unfortunately, answers can include delays in emergency responses, reputational damage to your brand or enterprise by being associated with an outage, and even loss of life or property. We have seen very recent examples of how disruption in 911 services can impact municipalities. For example, days after Atlanta was struck by a widespread ransomware attack, news broke of a hacking attack on Baltimore’s computer-assisted dispatch system, which is used to support and direct 911 and other emergency calls. For three days, dispatchers were forced to track emergency calls manually as the system was rebuilt — severely crippling their ability to handle life-and-death situations.
In 2017, cybersecurity firm SecuLore Solutions reported that there had been 184 cyberattacks on public safety agencies and local governments within the previous two years. 911 centers had been directly or indirectly attacked in almost a quarter of those cases, most of which involved distributed denial-of-service (DDoS) attacks.
Unfortunately, these kinds of distributed denial-of-service (DDoS) attacks will continue unless we make it a priority to improve the security of voice systems, which remain dangerously vulnerable. This is true not just for America’s emergency response networks, but also for voice networks across a variety of organizations and industries.
In today’s business world, every industry sector now relies on Internet connectivity and around-the-clock access to online services to successfully conduct sales, stay productive and communicate with customers. With each DDoS incident costing an average $981,000, no organization can afford to have its systems offline.
This is a far cry from the early days of DDoS, when a 13-year-old student discovered he could force all 31 users of the University of Illinois Urbana-Champaign’s CERL instruction system to power off at once. DDoS was primarily used as a pranking tool until 2007, when Estonian banks, media outlets and government bodies were taken down by unprecedented levels of Internet traffic, which sparked nationwide riots.
Today, DDoS techniques have evolved to use internet-of-things devices, botnets, self-learning algorithms and multivector techniques to amplify attacks that can take down critical infrastructure or shut down an organization’s entire operations. Last year, GitHub experienced the largest-ever DDoS attack, which relied on UDP-based memcached traffic to boost its power. And just last month, GitHub experienced a DDoS attack that was four times larger.
As these attacks become bigger, more sophisticated and more frequent, security measures have also evolved. Organizations have made dramatic improvements in implementing IP data-focused security strategies; however, IP voice and video haven’t received the same attention, despite being equally vulnerable. Regulated industries like financial services, insurance, education, and health care are particularly susceptible — in 2012, a string of DDoS attacks severely disrupted the online and mobile banking services of several major U.S. banks for extended periods of time. Similarly, consider financial trading — since some transactions are still done over the phone, those jobs would effectively …