Responding to Cybersecurity Challenges: Securing Vulnerable U.S. Emergency Alert Systems

Emergency alert systems (EASs) in the United States (US) form part of the nation’s critical infrastructure. These systems rely on aging platforms and suffer from a fragmented interconnected network of partnerships. Some EASs have an easily identifiable vulnerability: one can access their management website via the Internet. Authorities must secure these systems quickly. Other concerns also exist, such as the lack of policies for reporting vulnerabilities. To begin to assess EASs in the US, we used Shodan to evaluate the availability of these websites in six southeastern states. We found 18 such websites that one could access via the Internet and that required only requiring user credentials to login into. Next, we searched for published policies on reporting vulnerabilities; we found no vulnerability-disclosure policies for any system we identified. To identify, prioritize, and address EAS vulnerabilities, we present a list of technical and management strategies to reduce cybersecurity threats. We recommend integrated policies and procedures at all levels of the public-private-government partnerships and system resilience as lines of defense against cybersecurity threats. By implementing these strategies, EASs in the US will be positioned to update critical infrastructure, notify groups of emergencies, and ensure the distribution of valid and reliable information to at-risk populations.