Responding to Cybersecurity Challenges: Securing Vulnerable U.S. Emergency Alert Systems

Emergency alert systems (EASs) in the United States (US) form part of the nation’s critical infrastructure. These systems rely on aging platforms and suffer from a fragmented interconnected network of partnerships. Some EASs have an easily identifiable vulnerability: one can access their management website via the Internet. Authorities must secure these systems quickly. Other concerns also exist, such as the lack of policies for reporting vulnerabilities. To begin to assess EASs in the US, we used Shodan to evaluate the availability of these websites in six southeastern states. We found 18 such websites that one could access via the Internet and that required only requiring user credentials to login into. Next, we searched for published policies on reporting vulnerabilities; we found no vulnerability-disclosure policies for any system we identified. To identify, prioritize, and address EAS vulnerabilities, we present a list of technical and management strategies to reduce cybersecurity threats. We recommend integrated policies and procedures at all levels of the public-private-government partnerships and system resilience as lines of defense against cybersecurity threats. By implementing these strategies, EASs in the US will be positioned to update critical infrastructure, notify groups of emergencies, and ensure the distribution of valid and reliable information to at-risk populations

A Note on Broadcast Encryption Key Management with Applications to Large Scale Emergency Alert Systems

Emergency alerting capability is crucial for the prompt response to natural disasters and terrorist attacks. The emerging network infrastructure and secure broadcast techniques enable prompt and secure delivery of emergency notification messages. With the ubiquitous deployment of alert systems, scalability and heterogeneity pose new challenges for the design of secure broadcast schemes. In this paper we discuss the key generation problem with the goal of minimizing the total number of keys which need to be generated by the alert center and distributed to the users. Two encryption schemes, zero message scheme and extended header scheme, are modeled formally. For both schemes we show the equivalence of the general optimal key generation (OKG) problem and the bipartite clique cover (BCC) problem, and show that OKG problem is NP-Hard. The result is then generalized to the case with resource constraints, and we provide a heuristic algorithm for solving the restricted BCC (and OKG) problem