[EAS] Next Generation
Mike McCarthy
towers at mre.com
Thu Nov 13 10:43:43 CST 2014
Where ever there is a certain type of entry point to a given LP, a local
area and anything downstream monitoring them is exposed. I highly doubt a
hacker could seize an entire state, however, unless it's a coordinated
attack.
I won't go into any of the vulnerabilities as I think we can all identify
them. Until openly acessible OTA relay methods are taken out of the relay
skeleton, there will be risks associated with regional compulsory events.
This of course, presumes no level of message authentication is in place
other than the time/date and maessage type, such as the case today.
State and multi-state attacks are generally beyond all but the most
diligent, knowledgable, and resourceful deviants. Never the less, all it
takes is one.....
Looking ahead, the likelihood an attacker would possess the means to
include a timely Red Envelope code would be considerably more complicated
and require a very timely effort. To further secure the code, the code
would/should not normally be visible to the casual user reviewing the
logs. The endecs updated firmware would contain something in their
firmware to see, decode and store that week's code with the previous
week's codes in background.
Of course, the Red Envelope overlay would involve some number of rules
changes, an ASTM standards modification for the EAN message code, firmware
modifications and updating, and systemic soft implimentation both at FEMA
and through all the various state and local plans which participate in the
overall messaging effort. But the key attribute is this method can be done
using present hardware and distribution methods and require no (or very
few) hardware changes.
The key point is simplicity to impliment. Anything which requires changes
in delivery method or other core infrastructure will likely fall on deaf
ears. The RWT Red Envelop can be done with everything already in place and
maintain complete automation.
With that said, let's move on....
Cheers...
MM
On Wed, November 12, 2014 8:23 am, ray at electronicstheory.com wrote:
If I can do it, then any malicious hacker can also do
> it, and it is simply a matter of time before they do.
More information about the EAS
mailing list