The Dallas Morning News
Radio or phone signals set off sirens, city says
Incident caused by culprit broadcasting tones, not cyberattack, officials say
City officials don’t know who triggered Dallas’ outdoor warning sirens late Friday, but they do know how it was done — by broadcasting a few tones, via either radio or telephone signal.
In other words, there was no computer hack.
“It’s a radio system, not a computer issue,” Dallas City Manager T.C. Broadnax said Monday morning.
The city’s outdoor warning sirens had to be manually shut down and turned back on late Sunday, with “immediate fixes” intended to prevent the type of incident that woke up — and shook up — much of the city Friday night, according to Broadnax.
“As we brought the system back up, some encryption was
added as part of our process to prevent this type of error from occurring going forward,” he said.
City officials said late Monday that the system was purchased a decade ago and that encryption was not part of the original deal with the vendor for one simple reason: No one at City Hall knew something like this was possible.
“No one had ever seen anything like this,” said Sana Syed, the city’s spokeswoman. “No one had ever seen anyone able to break into the entire system and impact every signal.”
Syed said that within 48 hours of Friday’s incident, “the system was not only encrypted, but other safeguards were taken.”
The city is not providing further details on those security upgrades. But the fix could be relatively short-term anyway, as city officials investigate replacing the system that triggers the sirens.
Dallas’ emergency warning sirens, like many across the country, are radio-controlled and activated via encoded transmitters that act like pagers, sending tones to receivers attached to each siren. In Dallas’ case, security experts say, it appears that someone took control of the frequency and transmitted the tones that turned on all 156 sirens across the city.
Broadnax said he was “leery about [sharing] how these systems work,” citing security concerns. He would confirm only that “it’s a tonaltype system.”
In Moore, Okla. — a town in Tornado Alley that relies on sirens for weather emergencies — a base radio station is set up in a secure location. An employee activates the system, and the radio sends out an encoded message via the airwaves. The sirens then receive the message, decode it and start to wail, said Gayland Kitch, director of emergency management for Moore.
It’s likely that whoever activated Dallas’ 156 sirens did so by compromising the city’s infrastructure and gaining access to the codes, said Jeff Schilling, who has a background in military communications and is now chief security officer of Armor, a cloud security company based in Richardson.
“If I were doing the investigation, the first thing I would be looking for is former and current employees who have extensive knowledge of how the system works, or contractors or maintenance people who have worked on the system,” Schilling said. “It’s very unlikely that someone did this with their own radio gear.”
On Saturday, city officials said they believed the incident originated locally. Broadnax said the Dallas Police Department is leading the investigation and that the FBI and Federal Communications Commission, which governs — and recently narrowed — the public safety frequency, have been brought in to assist.
“We are not sure what specifically the FCC is going to do and can do in terms of their resources in how they address this case,” he said. “But we are working with the FBI to see if we can find the individuals who committed this crime, and as the mayor indicated, to make every effort to prosecute them to the fullest extent of the law.”
In September, City Auditor Craig Kinton told the council his office planned to review how vulnerable the city is to outside interference as part of this fiscal year’s audit plan. Broadnax said Monday that it’s likely the city will hire an outside consultant to assess all of its security measures, from the water department to 911.
An action item will be presented to and discussed with the City Council on Wednesday.
Friday night’s incident also alerted city officials to another problem: its inability to tell residents when they shouldn’t panic. The sirens began blaring around 11:40 p.m., and it took the city more than an hour to issue a statement, which it did via social media. Initially, the city said it believed a “malfunction” triggered the sirens.
Some 4,400 calls poured into the city’s already understaffed 911 call center, resulting in significant delays.
Broadnax, whose first day as city manager was Feb. 1, said the incident made it clear the city needs “more comprehensive protocols” when dealing with these types of situations.