When 911 Goes Down: Why Voice Network Security Must Be a Priority When there's a DDoS attack against your voice network, are you ready to fight against it?
An estimated 240 million calls are made to 911 in the US each year. With the US population estimated at more than 328 million people as of November 2018, this means each US resident makes, on average, more than one 911 call per year. 911 is a critical communications service that ensures the safety and individual welfare of our nation's people.
So, what happens when the system goes down?
Unfortunately, answers can include delays in emergency responses, reputational damage to your brand or enterprise by being associated with an outage, and even loss of life or property. We have seen very recent examples of how disruption in 911 services can impact municipalities. For example, days after Atlanta was struck by a widespread ransomware attack, news broke of a hacking attack on Baltimore's computer-assisted dispatch system, which is used to support and direct 911 and other emergency calls. For three days, dispatchers were forced to track emergency calls manually as the system was rebuilt — severely crippling their ability to handle life-and-death situations.
In 2017, cybersecurity firm SecuLore Solutions reported that there had been 184 cyberattacks on public safety agencies and local governments within the previous two years. 911 centers had been directly or indirectly attacked in almost a quarter of those cases, most of which involved distributed denial-of-service (DDoS) attacks.
Unfortunately, these kinds of DDoS attacks will continue unless we make it a priority to improve the security of voice systems, which remain dangerously vulnerable. This is true not just for America's emergency response networks, but also for voice networks across a variety of organizations and industries.
The Evolving DDoS Landscape
In today's business world, every industry sector now relies on Internet connectivity and 24/7 access to online services to successfully conduct sales, stay productive, and communicate with customers. With each DDoS incident costing $981,000 on average, no organization can afford to have its systems offline.
This is a far cry from the early days of DDoS, when a 13-year-old student discovered he could force all 31 users of the University of Illinois Urbana-Champaign's CERL instruction system to power off at once. DDoS was primarily used as a pranking tool until 2007, when Estonian banks, media outlets, and government bodies were taken down by unprecedented levels of Internet traffic, which sparked nationwide riots.
Today, DDoS techniques have evolved to use Internet of Things devices, botnets, self-learning algorithms, and multivector techniques to amplify attacks that can take down critical infrastructure or shut down an organization's entire operations. Last year, GitHub experienced the largest-ever DDoS attack, which relied on UDP-based memcached traffic to boost its power. And just last month, GitHub experienced a DDoS attack that was four times larger.
As these attacks become bigger, more sophisticated, and more frequent, security measures have also evolved. Organizations have made dramatic improvements in implementing IP data-focused security strategies; however, IP voice and video haven't received the same attention, despite being equally vulnerable. Regulated industries like financial services, insurance, education, and healthcare are particularly susceptible — in 2012, a string of DDoS attacks severely disrupted the online and mobile banking services of several major US banks for extended periods of time. Similarly, consider financial trading — since some transactions are still done over the phone, those jobs would effectively grind to a halt if a DDoS attack successfully took down their voice network.
As more voice travels over IP networks and as more voice-activated technologies are adopted, the more DDoS poses a significant threat to critical infrastructure, businesses, and entire industries. According to a recent IDC survey, more than 50% of IT security decision-makers say their organization has been the victim of a DDoS attack as many as 10 times in the past year.
Say Goodbye to DDoS Attacks
For the best protection from DDoS attacks, organizations should consider implementing a comprehensive security strategy that includes multiple layers and technologies. Like any security strategy, there is no panacea, but by combining the following solutions with other security best practices, organizations will be able to better mitigate the damages of DDoS attacks:
- Traditional firewalls: While traditional firewalls likely won't protect against a large-scale DDoS attack, they are foundational in helping organizations protect data across enterprise networks and for protection against moderate DDoS attacks.
- Session border controllers (SBCs): What traditional firewalls do for data, SBCs do for voice and video data, which is increasingly shared over IP networks and provided by online services. SBCs can also act as session managers, providing policy enforcement, load balancing and network/traffic analysis. (Note: Ribbon Communications is one of a number of companies that provide SBCs.)
- Web application firewalls: As we've seen with many DDoS attacks, the target is often a particular website or online service. And for many companies these days, website uptime is mission-critical. Web application firewalls extend the power of traditional firewalls to corporate websites.
Further, when these technologies are paired with big data analytics and machine learning, organizations can better predict normative endpoint and network behavior. In turn, they can more easily identify suspicious and anomalous actions, like the repetitive calling patterns representative of telephony DoS attacks or toll fraud.
DDoS attacks will continue to be a threat for organizations to contend with. Cybercriminals will always look toward new attack vectors, such as voice networks, to find the one weak spot in even the most stalwart of defenses. If organizations don't take the steps necessary to make voice systems more secure, critical infrastructure, contact centers, healthcare providers, financial services and educational institutions will certainly fall victim. After all, it only takes one overlooked vulnerability to let attackers in.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
As Vice President of Product Management, Mykola Konrad leads Ribbon Communications' global SBC, Analytics, and Security product portfolio. Mykola has 25 years of technology development and product management experience, most recently serving as Vice President of Marketing at ... View Full Bio