Study: Responding to Cybersecurity Challenges: Securing Vulnerable U.S. Emergency Alert Systems
Problem:Using Shodan, this article evaluates the availability of EAS management websites in six southeastern states. We found 18 EAS management websites that were accessible via the Internet. We searched for published policies that clearly describe how people outside of the organization can report potential vulnerabilities. We found no vulnerability disclosure policies for the 18 systems identified. We offer multiple technical controls to protect EAS management websites.
Take away:EASs need clearly written policies and procedures to manage cybersecurity risks. EASs need to update critical infrastructure to ensure the distribution of valid and reliable information to the populations at risk. System resilience provides a line of defense against cybersecurity threats for EASs in the U.S. The process of notifying relevant groups of emergencies is a complex problem that needs to be investigated further.