Next-Generation 911 is At Risk of DDoS Attacks
Over time, organizations have increasingly transitioned to Internet-based solutions to meet business needs. The Internet provides a good alternative for many standard business practices, and the rise of ecommerce means that an organization no longer needs to have a physical location or send out a catalog in order to engage with customers and make sales.
The 911 system within the United States is following this same trend toward Internet-based solutions. Many states are working on transitioning over to next-generation 911 systems, which replace traditional 911 systems and dramatically expand their functionality.
However, these next-generation 911 systems are far from perfect. Research has demonstrated that the new systems are vulnerable to Distributed Denial of Service (DDoS) attacks, which could jeopardize the ability of people in need of emergency services to access the help that they require.
The Growing Threat of DDoS
DDoS attacks are a significant threat to organizations in any industry. A DDoS attack is relatively simple for an attacker to perform since it does not require knowledge or exploitation of any vulnerabilities in the target system.
DDoS attacks take advantage of the fact that every system has a maximum amount of data that it can receive, process, or transmit at a time. By identifying this bottleneck within a system and exceeding its maximum capacity, an attacker can degrade or destroy the system’s ability to process legitimate requests.
The primary challenge for DDoS attackers is that of creating enough malicious or spam traffic to overwhelm a system. In a DDoS attack, this is accomplished through the use of compromised machines within a botnet. Each bot sends some traffic to the target, enabling them to exceed the capacity of any system without requiring specialized or advanced equipment.
With the rise of the Internet of Things (IoT) and the cloud, DDoS attacks have become cheaper and easier to perform. IoT devices have notoriously bad security, making them easy for a cybercriminal to compromise and add to a botnet. With cloud computing, cybercriminals can easily lease enough computing and networking resources to perform their attack. As a result, DDoS attacks pose a serious threat to any organization.
Introduction to Next-Generation 911 Systems
Traditional 911 systems have a number of limitations. They are only capable of handling voice calls and work over older and less scalable infrastructure. These limitations are less than ideal since a person in need may be in a situation where making a call is unsafe, and, during an emergency, the need for emergency services may exceed the capacity of a local call center.
Next-generation 911 systems transition the existing infrastructure over to Voice over IP (VoIP) connections. Additionally, these systems are capable of receiving text messages, images, and video from callers, making them a much more versatile solution and capable of responding to a greater range of situations.
The new infrastructure also makes the system capable of performing load balancing more efficiently across multiple call centers. This helps to ensure that, even in times of high volume, callers are able to reach help. These centers could then dispatch law enforcement or other emergency help to the caller’s location.
Next-Generation 911 is Vulnerable to DDoS
Despite all of the advantages associated with next-generation 911 systems, they still have significant issues. A simulation of the state of North Carolina’s 911 infrastructure revealed that the system is extremely vulnerable to DDoS attacks. According to the research, a botnet made up of 6,000 bots could block calls from 20% of landlines within the state and half of mobile phone users. With 200,000 bots, an attacker could threaten the availability of next-generation 911 systems across the nation.
A DDoS attack consisting of 200,000 bots is completely feasible. The Mirai botnet was estimated to contain over 800,000 bots at its peak, and modern botnets are even larger. An attack against the US’s next-generation 911 infrastructure by a botnet of this size could cripple its ability to receive and respond to legitimate requests for aid.
A DDoS attack’s ability to degrade the next-generation 911 system’s ability to receive and process legitimate calls means that many callers may simply give up trying to reach help. At best, a 6,000-bot botnet would create a “despair rate” of 15%. However, this does not account for the fact that these systems must also communicate with local emergency services. Taking this into account, the estimated despair rate reaches 56%, which is worse than traditional 911 systems.
Protecting Against DDoS Attacks
The vulnerability of the next-generation 911 system to DDoS attacks is a significant weakness. However, protecting it against these attacks is a challenge. A false positive detection, where a call is marked as malicious and blocked but is legitimate, means that someone in need cannot reach emergency services. In contrast, a malicious call marked as legitimate could take up valuable resources that are needed elsewhere.
Protecting the next-generation 911 systems against DDoS attacks will require anti-DDoS solutions capable of accurately differentiating bot-driven traffic from legitimate user interactions. Such systems already exist for protecting organizations’ computer systems and web presences against automated attacks, and they may be adaptable to meet the security needs of next-generation 911 systems.