Call. Text. Chat. Stream. These methods are how we normally communicate with each other on a daily basis. It’s so commonplace that in some areas, people are able to contact 911 via text and video message.
This is called Next Generation 911, a method meant to make it easier, and in some cases safer, for people to call for help by using digital and internet connections rather than analog.
This next generation solution also has its own next generation concern: what if you couldn’t get through to emergency services because of a cyberattack? Researchers at the Critical Infrastructure Resilience Institute within the University of Illinois Urbana-Champaign's The Grainger College of Engineering have received nearly $2.8 million from the Department of Homeland Security to establish tests to evaluate the cybersecurity and identify potential vulnerabilities of these systems.
NG911 is an Internet Protocol (IP) platform that utilizes software. However, not all NG911 systems are the same or come from the same vendor, meaning there currently isn’t an industry standard to test their interoperability or security. CIRI Director and principal investigator David Nicol said researchers will have to evaluate the cybersecurity of these systems more in depth than one would for ‘general’ software.
“We need to be cognizant of the space of all the threats we will need to prioritize in the evaluation, and also prioritize both in terms of what is the most threatening with the highest consequences and also in terms of what’s unique about the NG911 space,” said Nicol.
Researchers will need to develop and implement tests based around common cyberattack scenarios and other threats to critical infrastructure. Many often think of ransomware when it comes to cyberattacks. For example, the ransomware attack on the Colonial Pipeline in May 2021 made international headlines. However, Nicol explained a different kind of attack that could also wreak havoc on emergency response systems: denial-of-service attacks, also known as DDoS attacks.
“If you’re losing video streaming to 911 while trying to call about a fire, and that report can’t be made because of a denial-of-service attack on the ability to deliver video, that’s different than having your Netflix stop for a while,” said Nicol. “It’s irritating, but it’s not life threatening. The consequences of potentially the same kind of attack are quite different.”
These tests will be carried out at a NG911 testbed at Texas A&M University. Research is expected to begin in early 2025.
David Nicol is the Herman M. Dieckamp Endowed Chair in Engineering at the University of Illinois at Urbana‐Champaign, and a member of the Department of Electrical and Computer Engineering. He also serves as the Director of the Information Trust Institute (iti.illinois.edu), and the Research Director of the Advanced Digital Sciences Center (Singapore). He is also PI for the DHS‐funded Critical Infrastructure Resilience Institute.