Security and Wireless Emergency Alerts
June 2014 • Podcast
Christopher Alberts, Carol Woody Interviewer Suzanne Miller
In this podcast Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks.
Someone can create a fake alert but make it look legitimate. There are real challenges with that in terms of the mechanisms that are controlling authenticity.
Software Engineering Institute
The Wireless Emergency Alerts (WEA) service depends on information technology (IT)—computer systems and networks—to convey potentially life-saving information to the public in a timely manner. However, like other cyber-enabled services, the WEA service is susceptible to risks that may enable an attacker to disseminate unauthorized alerts or to delay, modify, or destroy valid alerts. Successful attacks on the alerting process may result in property destruction, financial loss, infrastructure disruption, injury, or death. Such attacks may damage WEA credibility to the extent that users ignore future alerts or disable alerting on their mobile devices. In this podcast, Carol Woody and Christopher Alberts discuss guidelines that they developed to ensure that the WEA service remains robust and resilient against cyber attacks.
About the Speaker
Christopher Alberts is a principal engineer in the CERT Division at the SEI where he leads applied research and development projects in software assurance and cyber security. His research interests include risk analysis, measurement, and assessment. He has also co-authored two books, Managing Information Security Risks: The OCTAVE Approach and the Continuous Risk Management Guidebook.
Carol Woody has been a senior member of the technical staff since 2001 and currently serves as the technical manager for the Cybersecurity Engineering team in the SEI’s CERT Division. Woody’s research focuses on building capabilities for defining, acquiring, developing, measuring, managing and sustaining secure software for highly complex network systems as well as systems of systems.