Hacked Tornado Sirens Taken Offline In Two Texas Cities Ahead of Major Storm (zdnet.com)
An anonymous reader quotes a report from ZDNet: A hacker set off the tornado emergency sirens in the middle of the night last week across two North Texas towns. Following the unauthorized intrusion, city authorities had to shut down their emergency warning system a day before major storms and potential tornados were set to hit the area. The false alarm caused quite the panic in the two towns, as locals were already on the edge of their seats regarding incoming storms. The city had run tests of the tornado alarm sirens a week before, but the tests were set during the middle of the day and had long concluded. The two hacked systems were taken offline the next morning, and remained offline ever since.
Bad weather, including storms and potential tornadoes, was announced for all last week in the North Texas area. A severe thunderstorm hit the two cities the following night, on March 13. Thunderstorms are known to produce brief tornadoes, but luck had it that no tornado formed and hit the towns that day. Tornadoes are frequent in Texas, as the state is located in Tornado Alley, and tornado season, a period of the year between March and May when most tornadoes happen, had officially begun. Nevertheless, a tornado didn't form on March 13, and, luckily, the sirens weren't needed.
Bad weather, including storms and potential tornadoes, was announced for all last week in the North Texas area. A severe thunderstorm hit the two cities the following night, on March 13. Thunderstorms are known to produce brief tornadoes, but luck had it that no tornado formed and hit the towns that day. Tornadoes are frequent in Texas, as the state is located in Tornado Alley, and tornado season, a period of the year between March and May when most tornadoes happen, had officially begun. Nevertheless, a tornado didn't form on March 13, and, luckily, the sirens weren't needed.
The problem is that these systems are old and crap, and can't be secured.
THIS is utter bullshit. They CAN be secured. I can secure those devices pretty damn easy a couple different ways, and all it takes is sufficient levels of funding to provide the kind of security needed.
Here are a few ways one can secure them.
1) Don't have them publicly accessible internet. (VPN, Private Network, P2P network to a secured facility)
2) Access control systems in place, with randomly changing passwords, with keys only available to a few.
3) Pen Test the systems on a regular basis, shore up weaknesses.
4) Pay for competent IT people.
All of those have varying levels of costs and one must measure the costs against the chances of being compromised.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.