Emergency Alert Or R U Kidding?

Emergency Alert Or R U Kidding?

BBC News Technology (9 July 2013) reports on how the U.S. Emergency Alert System (EAS) was hacked.

The EAS is a program of the Federal Emergency Management Agency (FEMA) and was set up “to allow the president to talk to the entire country within 10 minutes of a disaster.” It also provides the public with alerts on local weather emergencies, such as tornados and flash floods.

EAS replaced the Emergency Broadcast System (EBS) in 1997 and with it came security weaknesses.

Earlier this year, those vulnerabilities were tested and exploited when the Montana Television Network was hacked with an alert of a zombie attack.

And it provided advice on how to survive–“Do not approach or apprehend these bodies as they are considered extremely dangerous.”

This is reminiscent of the hoax in 1938 when over the radio came a warning that a meteorite had smashed into New Jersey and aliens were attacking New York–an adaptation of H.G. Wells “War of the Worlds.”

Well yesterday it was aliens, today it’s zombies, and tomorrow it could be an phony announcement of an invasion by country XYZ or perhaps a imminent detonation of a thermonuclear warhead somewhere over the continental U.S.

Imagine the panic, confusion, and potential loss of life and property from the ensuing chaos.

It goes without saying that this is not a way to inspire confidence by the citizens in case of a true national emergency.

If we cannot count on the systems meant to survive an emergency then how can we be expected to survive the emergency itself?

The EAS may interrupt your regularly scheduled programming with those loud and annoying tests, but what can really ruin you day is a cyber attack on the system that broadcasts something much nastier and more ominous–and you don’t really know whether it’s the real thing or just another hack. 😉

(Source Photo: here with attribution to UWW ResNet)

>Spy Phones and Enterprise Architecture

>

Enterprise architecture is running into many situations these days with new and exciting technologies that raise the hairs on the back of your neck in terms of privacy and security concerns.

One such technology is phones that provide GPS tracking on YOUR location to others and vice versa.

The Wall Street Journal, 28 March 2008, reports “would you want other people to know, all day long, exactly where you are, right down to the street corner or restaurant? Unsettling as that may sound to some, wireless carriers are betting that many of their customers do, and they’re rolling out services to make it possible.”

One example, “Sprint Nextel Corp. has signed up hundreds of thousands of customers for a feature that shows them where their friends are with colored marks on a map viewable of their cellphone screens.

Making this people-tracking possible is that cellphones today come embedded with Global Positioning System technology.” GPS was developed by DoD using a network of earth satellites that “determine an object’s [or person’s] location based on how long it takes for a signal to reach the object from satellites.”

GPS enables not only mapping features like driving instructions, but also “tracking of cellphone users’ whereabouts in real time.”

The drawback with this high potential technology is that the location-tracking may be “abused by stalkers, sexual predators, advertisers, or prosecutors.”

Sam Altman, the CEO of Loopt (the location tracking service that Sprint Nextel and Verizon Wireless will be using) states: “it’s one of those things, the more you think about it, the more ways you can figure out a creep could abuse it.”

A related issue is “under what circumstances carriers or service providers like Loopt will have to turn over realtime location information in criminal proceedings.” Will this require a simple subpoena or a more stringent order based on probable cause?

Sprint is concerned enough about the security and privacy issues that it requires customers sign a disclaimer that states that “Sprint is not responsible for the Loopt service” and customers disclose their location “at your own risk.” Similarly, Loopt has “several pages of disclaimers and privacy notices.”

“The Federal Communications Commission back in 2002 considered issuing regulations for commercial location services, but decided it was too early to delve into the issue. The agency says it hasn’t any plans to restart those proceedings.”

While vendors are building in a number of protections, such as limiting the users who can view your whereabouts or features that allow users to give false locations, there continue to be concerns about potential for misuse and abuse.

The result is that with promising technologies such as location-tracking and the counterbalancing issues of security and privacy, enterprise architects will continue to be challenged on recommending these as part of an organization’s target architecture and transition plan.