Attacks, Crashes Underscore Need for New 911 Systems

This article was originally published at Stateline, an initiative of The Pew Charitable Trusts, and was written by Tim Henderson.

A recent rash of disruptions in antiquated 911 emergency-response systems points up the urgent need for new technology to save lives in the wireless age. But few states or localities have the financial means to pay for it on their own.

Earlier this month, AT&T wireless customers nationwide found they couldn’t dial 911, prompting local emergency officials in more than a half dozen states — including Alabama, Colorado, Florida, Indiana, Oregon, Tennessee and Texas — to tell people to call an alternate number or text authorities in case of emergency. The company said it was a “service issue.” The Federal Communications Commission is investigating.

In Dallas this month, callers were unable to reach 911 during spikes in calls that put hundreds of people on hold. City officials blamed a combination of calls from T-Mobile customers and a shortage of people to handle calls. To combat the problem, officials have dedicated $2 million to upgrades, increased staffing and asked T-Mobile to disable a feature that calls 911 repeatedly if an initial call does not go through.

And in October, a malicious Twitter post with a link targeting faulty phone software caused people’s cellphones to repeatedly call 911 in cities around the country in what investigators now think was the largest cyberattack on the country’s emergency-response system, The Wall Street Journal reported.

During the attack, emergency call centers in at least a dozen states from California to Florida were overwhelmed by a storm of calls for 12 hours over two days. A Washington state teen was arrested and accused of sharing the link as a prank. Apple said it is “putting safeguards in place” to prevent similar incidents on its iPhones.

The attack illustrated how aging 911 systems are vulnerable to malicious hackers who may deliberately program multiple phones to crash emergency networks, either by infecting phones with malware or by buying a few thousand phones, according to a 2016 paper on U.S. call center security by Ben-Gurion University’s Cyber-Security Research Center in Israel.

And all of the incidents demonstrate the need for states and localities to switch to the newest “next-generation” internet-based technology that uses digital routing instead of old-fashioned phone lines with switches. Internet-based systems are better capable of handling cellphone traffic that is subject to accidental or malicious misuse.

An estimated 70 percent of emergency calls are now made via cellphone, but few states and localities have the technology to fend off abuse or buggy software that can cause cellphones to call 911 repeatedly and stall the entire system.

The newest internet-based technology “offers a wider suite of defensive tools” for call centers, said Trey Forgety, government affairs director for the National Emergency Number Association, which represents government agencies and private firms involved in the emergency system.

Calls thought to be malicious or repetitive could be flagged and diverted automatically to systems that could detect whether they are legitimate by using techniques such as requiring clicks or voice commands, Forgety said.

Millions of Dollars Needed

Most emergency officials know how vulnerable their systems are. But they worry about where they will get the money to upgrade them.

“It’s easy to crash some of the bigger systems like Denver and Dallas,” said Monica Million, operations manager at the Grand Junction Regional Communication Center in Colorado. “The next-generation protocol is a more secure pipeline with better monitoring software than we currently have. But most of us in the states don’t have the financial resources to make the transition ourselves.”

Million estimated Colorado would need $15 million to move the state into the newest next-generation technology.

The cost of making the switch will vary by jurisdiction, but major metropolitan governments can expect to spend between $5 million and $7 million, and potentially more depending on other equipment and network needs.

The National 911 Program, housed in the U.S. Department of Transportation, is studying the costs associated with the transition to help Congress develop a long-term funding plan. U.S. Sen. Bill Nelson, a Florida Democrat, has circulated a draft bill that would help with funding.

Continuous Upgrading

Fairfax County, Virginia, is one of the few localities to install a next-generation system after years of planning for the costs, said Steve Souder, who oversaw the transition last year as the county’s director of public safety before retiring. It’s part of a $4.3 million regional project to upgrade systems in the Northern Virginia suburbs outside Washington, D.C.    

The county was having trouble with 911 outages caused by cellphones, Souder said. Once the new infrastructure is in place, the county can finally “take defensive action against attacks with bogus calls or call storms,” he said.

Some of the states and localities that were among the first to move to an internet-based service are finding that the technology is evolving so fast they already need to upgrade.

In 2012, Washington became the first state to have a 911 service based on internet connectivity. But the technology isn’t advanced enough to keep pace with today’s mobile phone issues, as the October Twitter prank demonstrated. An Olympia call center was shut down for about 15 minutes by the storm of bogus calls.

Washington now plans to upgrade its technology so that it can “shed” excess calls to neighboring call centers at busy times, said Andy Leneweaver, the state’s deputy state 911 coordinator. The estimated initial cost of the upgrade is $5 million, but it will cost a total of $45 million over five years.

"It can’t prevent the problems," Leneweaver said, "but it can help mitigate them."