Photo: Yuri Samoilov
At 11:48pm on April 7, 2017, every tornado siren in Dallas went off at the same time. The sky was clear, but the shrieks from 156 sirens wrenched residents from their slumber. As the sirens blared on for 95 minutes, terrified callers flooded 911 phone lines, leaving people experiencing real emergencies waiting for someone to respond. The city was forced to shut down the entire emergency alarm system for days.
What happened? What left city officials scrambling and Dallas citizens tired and bewildered? Hackers. A hacker managed to determine the radio code used to turn on the alarms and then used that code and outside equipment to activate the alarms.
The citizens of Dallas experienced a literal wake-up call in April, but hackers have been setting off metaphorical alarms for years. Despite these attacks, few governments, companies, or individuals are prepared to respond to the increasingly diverse threats a hack can pose. Targets can include physical systems, such as alarm sirens or utilities, or data, like the personal information of customers or citizens.
Hacking emails can be particularly profitable. For example, perhaps you have a Yahoo account you’ve forgotten about and haven’t used it in ages. It’s still there, and it may have been hacked. In 2013, hackers stole private information about more than 1 billion Yahoo users and no one noticed until 2016. Hackers had more than two full years to use this information without any interference. Since many people reuse passwords, or use similar passwords for multiple websites, the extent of the hack’s damage could have been much greater. For example, hackers could easily have gained access to other websites, like bank accounts.
If losing money isn’t bad enough, how about heat and electricity during the winter? On December 23, 2014, Russian hackers allegedly hacked the Ukrainian power grid and shut off power to more than 230,000 people. At the same time, pro-Russian separatists took control of the Crimea, the northern-most part of Ukraine. Hacking of this nature can be a powerful way to disable enemies. It also makes it easier to accomplish other objectives, like launching a military offensive. In the Ukraine, workers could manually control the power breakers, which helped them turn the power back on. But the United States is more vulnerable to such an attack because power stations in the U.S. often lack manual controls. If the automatic systems were damaged, it would be much harder to turn the power back on.
This is just a small sample of the havoc hackers can wreak, given the opportunity. For all of us who would like to get a good night’s sleep, keep our passwords and personal information safe, and keep our electricity on, the question is – what can we do about it? An honest answer is that there isn’t a way to eliminate all hacking opportunities, but we can make it much harder.
One of the most important things to do is to cultivate a security mindset and think like a hacker. When you put private information online, ask yourself, “If I wanted to steal this, what would I do?” Then ask, “How can I make it harder to do that?” That might mean picking a different password, taking advantage of extra security measures, or updating your systems more frequently. We should encourage our local governments to do the same. Government officials should get serious about cybersecurity and be proactive about possible weaknesses. One solution is to hire benign hackers who can identify potential ways malevolent hackers could compromise important infrastructure. This allows the government to shore up these areas before a real attack happens.
A gap in cybersecurity led to a loud, sleepless night for Dallas residents, and a cold, dark night for the people of Ukraine. We must learn from these experiences. If we don’t listen to the cybersecurity warning sirens now, we may be faced with a devastating cyberattack that turns out the lights on our safety.