ABC News April 17, 2024

Emergency services a likely target for cyberattacks, warns DHS

WATCH: Cyberattack on major health insurer

Calling 911 is meant to save lives. But the emergency service, and others like it, are also viewed as ripe targets for criminally minded cyber-attackers, according to a new federal assessment – and any vulnerability in those critical networks can expose victims to a multitude of dangerous ripple effects.

The analysis, compiled by the Department of Homeland Security (DHS) and obtained by ABC News, outlines concerns that the Emergency Service Sector can be exploited and mined for sensitive data, in turn hampering medical and law enforcement services and posing an ongoing threat to personal information and public safety.

"Cybercriminal exploitation of data stolen during ransomware attacks against the Emergency Service Sector (ESS) likely poses a persistent criminal threat due to the exposure and availability of victims’ personal information," according to the April 10 bulletin.

Ransomware attacks have “disrupted the networks of police department and 911 call center operations,” the bulletin continued, putting computer-aided dispatching services out of commission and forcing emergency services “to revert to manual dispatching to sustain their operations.”

Once stolen, potentially sensitive personal information and police records can be leaked, sold or otherwise used by the attackers “to facilitate additional crimes — including extortion, identity theft, and swatting,” the DHS bulletin said.

Alex Edelman/AFP via Getty Images, FILE
A dispatcher with Anne Arundel County Fire Department answers a 911 emergency call from their department dispatch center, April 14, 2020, in Glen Burnie, Md.
MORE: The top threats facing the 2024 election

“Whereas cyberattacks were once considered to be a technology issue, today they’re considered a threat to the very operations of law enforcement and other public safety agencies,” said John Cohen, the former intelligence chief at the Department of Homeland Security, now an ABC News contributor.

“Imagine the impact on local public safety if jail management systems were inoperable because of a cyberattack, that police communication capabilities were disrupted, that the public was unable to contact local police in an emergency, that detectives and investigators were unable to access sensitive case data,” Cohen added. “If a foreign terrorist group, or a nation state, can tie up law enforcement responses by targeting their 911 call center, or police departments can't gain access to investigative or other important information – that will hamper their emergency response, and aid a threat actor in achieving their operational objectives.”

And because of how fundamental and highly sensitive emergency systems are, and the availability of personally identifiable information they include, they may strike cyber criminals as particularly attractive targets to extort, the DHS bulletin said, due to "the possible perception that ESS entities are motivated to pay ransoms to ensure continuity of services."

“For a police department, or fire department, or any emergency service to be hijacked in any way, it’s a big problem for public safety and, additionally, you have to have a lot of resources devoted to addressing it. And it can also prevent us from doing investigations,” said Robert Boyce, an ABC News contributor and retired chief of detectives in the New York Police Department.

The new federal analysis punctuates an already volatile moment in America, as partisan tensions seethe ahead of a high-stakes presidential election, multiple wars are being waged abroad, and political violence has already broken out overseas.

Meanwhile, domestic extremists that remain emboldened to attack are also adopting more blended ideological grievances, intelligence analysts have found, making it increasingly difficult for authorities to identify the motivations behind attacks.

Brett Coomer/Houston Chronicle via Getty Images
Communications officers work in the Harris County 911 Call Center, May 18, 2021, in Houston.

“As we’re going into election season, there is increasing concern that local communities will experience a combination of cyber information operations and physical attacks simultaneously. The physical activities, to disrupt the election process, and the cyber activities to disrupt the ability of local officials to respond,” Cohen said.

MORE: It's become more difficult to identify motivations behind mass casualty attacks: DHS

In the 21st century, such threat actors are aided by a mushrooming array of technological advances that offer new, creative tools – like cyberattacks.

In January, a cyberattack hit the department of emergency communications in Bucks County, Pennsylvania, outside of Philadelphia, affecting its computer-aided 911 system – forcing dispatchers to use pen and paper to take information from callers, according to ABC station WPVI.

The same month, the computer system in Fulton County, Georgia, was hacked, paralyzing many government services and causing aftereffects that persisted for weeks.

State, local, tribal and territorial governments “manage the majority of ESS networks and are among the groups ransomware actors most often victimize, yet most do not have the resources to independently improve their cybersecurity posture," according to the DHS bulletin.

Joseph Prezioso/AFP via Getty Images
Officer Jose Rodriguez, 32 (R), responds to a call on his radio while inside the dispatch room at the police station in Chelsea, Mass., May 13, 2022.

Further, emergency services “often rely” on state, local, tribal and territorial government networks that “use legacy information and operational technology systems – the replacement of which can be prohibitively expensive or disruptive to operations—and lack sufficiently trained and resourced information technology and cybersecurity personnel,” the bulletin said. It urged a “collaborative, cross-jurisdictional approach to cybersecurity and prioritizing cyber hygiene best practices” to shore up the vital networks against “unsophisticated network intrusions.”

“Good preparation is good prevention,” Cohen told ABC News. “The threat environment is volatile and complex, and the level of preparation that’s taking place at the state and local levels far exceeds anything that I've seen in my 40-plus years.”