Keith Buzzard, Chief Security Architect
In an age of fake news, as individuals we are being encouraged to check the sources of information that we use. One of the primary sources that we are often told can be trusted, is our own government, especially on political topics. In this instance, a governmental emergency early warning network was compromised by hackers in Australia.
Australian emergency warning service The Early Warning Network, was recently hacked by an unknown group of attackers, who used the service to distribute a message to registered individuals: “EWN has been hacked. Your personal data is not safe. Trying to fix the security issues,”.
If this sounds like something out of the plot of a film, that’s because it’s not far off: In Die Hard 4 terrorist hackers released news about a fake attack on the Whitehouse, causing widespread panic and concern.
Why does it matter?
Luckily, in this instance, the hackers didn’t attempt to send out a fake emergency alert. However, emergency systems are designed to facilitate mass communication—particularly in situations where other sources of information may not be available for fact checking—so, misuse is a major concern.
In short, an emergency system that no one trusts is useless.
What can we learn?
With information so easily obtainable online, it is important for trusted primary sources to stand out above the rest of the noise and maintain that trust.
This situation demonstrates one of the key risks of backup and emergency systems; they must be easy to use, resilient, and secure enough to avoid misuse by unauthorised parties. This will ensure the trust factor does not deteriorate.
Of course, such competing factors can often compromise each other without careful design.
All too often, security is solely focused only on confidentiality (keeping things secret), but it is important to remember that integrity (ensuring that information is correct) is equally a security concern. As governments and companies move more services—and methods of information dissemination online—they need to take great care to ensure the integrity of the data they release. Failure to do so, can result in reputational risks primarily but, in the long term, a breakdown of trust between official information and the intended recipients may cost lives.