Department of Technology Announces Vulnerability Discovered in Radio Frequency System

Working with system vendor and security researchers, Department of Emergency Management and Department of Technology crews test a patch expected to solve the vulnerability in system used by organizations nationwide.

April 6, 2018, San Francisco, CA – Today, the Department of Technology reported an incident to the Homeland Security Information Network concerning a security flaw found in radio-frequency networks used around the nation to control warning systems, including one in use in the City and County of San Francisco. If exploited, the vulnerability could affect the City’s Outdoor Public Warning System, popularly known as the Tuesday noon siren, a public safety asset operated by the Department of Emergency Management.

“We worked proactively with our vendor to patch the vulnerability. Initial testing shows the firmware upgrade minimized the threat. Nevertheless, we will continue testing,” said Linda Gerull, Executive Director of the Department of Technology.

“This upgrade increases the security of a piece of the public safety system in use Citywide,” Gerull said.

The Department of Technology was first made aware of the flaw in February. The firmware upgrade installed by Department of Technology staff adds an increased level of encryption to data sent and received across the system.

“We can confirm that the Department of Technology successfully upgraded the Public Outdoor Warning System to mitigate current known vulnerabilities, in its RF transmission,” said Garry Drummond, Founder and CEO of 802 Secure, an internet of things security company.

802 Secure, assisted the department by acting as a third-party auditor in testing the patch. 802 Secure reviewed and validated the firmware upgrade sent the City by the vendor of the Public Outdoor Warning System.

“Leveraging technology to support public safety is a top priority, we take it very seriously,” said Gerull.

In hopes of fortifying public warning systems elsewhere, City officials are sharing the news of this system upgrade with civic technologists and local, state and federal officials. The system San Francisco uses is also used across the country. It is considered the more secure solution, of the market options currently available.

The public should remain aware of the Tuesday noon siren weekly test and be advised that in a real emergency the alarms will sound continuously for 5 minutes. More information on the sirens can be found on the Department of Emergency Management’s website. The public is encouraged to report any malfunctioning sirens and the location of those sirens to San Francisco 311, by dialing 311 from a telephone
or sending a tweet to @sf311.


###


The Department of Technology is an internal-service organization that provides technology and telecommunications solutions to various departments in the City and County of San Francisco. It aims to increasing public access to city services and improve the public’s experience with government. The department also maintains San Francisco’s public wi-fi network #SFWiFi available in 33 parks and public spaces. tech.sfgov.org
802 Secure is developing signal intelligent technology for securing the Internet of Things; detecting and assessing new wireless risks across the broader RF spectrum using software defined radios and big data analytics. 802 Secure has developed a leading world class product, AirShield, to monitor IoT assets, identify risks and threats, and ensure performance and reliability 24x7 of the IoT environment (www.802secure.com)