This material is based on work funded and supported by Department of Homeland Security and is also available at FirstResponder.gov in the Technology Documents Library.
The Wireless Emergency Alerts (WEA) service depends on computer systems and networks to convey potentially life-saving information to the public in a timely manner. However, like other cyber-enabled services, it is susceptible to risks that may enable attackers to disseminate unauthorized alerts or to delay, modify, or destroy valid alerts. Successful attacks may result in property destruction, financial loss, injury, or death and may damage WEA credibility to the extent that users ignore future alerts or disable alerting. This report describes a four-stage cybersecurity risk management (CSRM) strategy that alert originators can use throughout WEA adoption, operations, and sustainment, as well as a set of governance activities for developing a plan to execute the CSRM. In Stage 1, alert originators document mission threads, describing the process for generating WEA messages. In Stage 2, they examine the mission threads to identify threats and vulnerabilities. In Stage 3, they use the identified threats and vulnerabilities to assess and prioritize risks according to their likely impact on WEA operations. Finally, in Stage 4, they use the results of risk assessment to define cybersecurity roles and assign risk-mitigation actions. The four stages are repeated periodically and as procedures, threats, technology, and staff assignments change.