Discussion of TDoS Attacks Against 911 in The Cyber Shield

I don't know how widely "The Cyber Shield" is distributed. I believe we get it because some of our folks have security clearances (so if true, lots of people get it). Anyway, there is some info about our recent article in Government Computer News (GCN). I copied the info and provided a link to the bulletin below:

DHS working to protect emergency call centers against denial-of-service attacks

GCN, 24 Oct 2016: The distributed denial of service attack on managed DNS provider Dyn that made portions of the internet unreachable on Oct. 21 is just the latest example of the disruption caused by a system that finds itself overwhelmed with requests. Experts are still dialing for dollars when it comes to ideas for how to mitigate the risk, or even the impact, of a potential telephony denial-of-service attack on the 911 emergency services system. Read more. Is an attack on emergency services just one call away? A recent study revealed how easy it would be for bad actors to overload and disable infrastructure for the 911 emergency services in the United States. Read more. Similar to DDoS attacks, telephony denial-of-service attacks – where bad actors flood the system with illegitimate calls to knock out access to emergency services or other critical communication -- are reportedly on the rise. Tech-savvy criminals, hacktivists and even malicious nation-states see the phone system as a critical way to strong-arm federal or local authorities to pay them ransom, pay attention to their cause or just wreak havoc. With more government services facing potential cyber threats by telephone as well as online, the Department of Homeland Security has a cluster of efforts underway to lower the risk and the impact of potential telephone system-based attacks. Such attacks can swamp a 911 call center, causing a potentially life-threatening risk. In a TDoS attack an overwhelming number of calls are sent to the 911 system, and “the high number of bogus calls effectively ties up system resources so that actual 911 calls may not get through,” DHS Science and Technology Directorate Program Manager Daniel Massey said. “As attacks become larger and more sophisticated, it is very important that systems for defense also improve to meet this threat,” he added. “Our project can play a significant role in helping defend against future attacks.” In fact, DHS has a number of efforts underway to try and stem the tide of TDoS attacks, according to Mark D. Collier, CTO of SecureLogix Corp., a San Antonio, Texas-based telephony technology vendor working with DHS. Their core project together seeks ways to detect spoofing -- or differentiating fake calls from legitimate ones -- and aims to apply this to potential TDoS attacks, Colliers said. In another project, in conjunction with the University of Houston, SecureLogix and DHS are investigating how the move to Next Generation 911 might impact TDoS attacks, particularly in relation to emergency services. “When you’re dealing with 911, this could be a real emergency situation,” Collier said. “We want to make sure that we are never dropping the right call.” Collier said the pilots his company is working on include at least two city 911 call centers and a major dispatch line for police and fire fighters. Larry Shi, principal investigator for the University of Houston, said that different government agencies including the FBI and

DHS have noticed the “growing number of TDoS attacks against both commercial call centers and emergency communication systems. Without proprietary protection, these attacks against 911 call centers can easily make the service unavailable which may cause serious consequences, like loss of lives.” The results of the pilot deployments should help demonstrate the effectiveness of the solution identify issues that may still need to be resolved and show how the results can be widely applicable to 911 systems around the country, as well as other critical systems that are vulnerable to telephony attacks. To read more click HERE

Here is a link to the bulletin document:

Download 20161102