The 9-1-1 Paradox

Georgejmclittle/Shutterstock.com

Emergency call lines in the United States rarely fail, yet they're more vulnerable than ever.

The warnings began trickling in around supper time on Wednesday night.

AT&T was experiencing what officials in several states described as a nationwide outage affecting 9-1-1 services. The problem was that some AT&T customers who dialed 9-1-1 in at least 18 states couldn’t reach emergency dispatchers—and instead would hear either a busy signal or a phone that kept ringing and ringing and ringing and ringing and ringing.

It was nearly three hours before public officials gave the all clear that the issue had been resolved.

AT&T declined repeated requests for information about the scope and cause of the outage, but local officials acknowledged potential problems in Alabama, Arkansas, California, Colorado, Florida, Indiana, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, North Carolina, Nevada, Pennsylvania, Tennessee, Texas, Virginia, West Virginia, and Washington, D.C.

Now, the Federal Communications Commission says it is investigating what happened.

The outage was stunning in part because of its scope, but also because of how reliable 9-1-1 services usually are. One massive failure, however, is all it takes to raise a host of serious questions about the integrity of a critical public-safety system in the United States.

“The reliability of the system is really astonishing given the age of some of the components,” said Trey Forgety, a cybersecurity expert and the director of government affairs for the National Emergency Number Association, a professional organization focused on policy, technology, and operations related to emergency communications in the United States.

The patchwork of switches, routers, and cables that are now involved in completing a 9-1-1 call includes bits of technology that are no longer manufactured. One widely used component was just discontinued last year, Forgety says.

“The switches that we call selective routers—those devices in some cases date back to the early 1980s,” Forgety told me. “These are things you can’t get parts for anymore. Some of these switches, if you ever lost one in its entirety—if you had a fire, or a flood, or a terrorist attack—they’re not actually replaceable.”

Outdated switches are unlikely to have played a role in the AT&T outage, however. The scuttlebutt among leaders in the emergency-response industry was that a scheduled or automatic network-configuration change by one of AT&T’s vendors was to blame. AT&T did not respond to a request to confirm this characterization of the outage.  

Today, just routing a 9-1-1 call involves multiple companies, which are often geographically remote from where the call is placed. Yet placing an emergency call is still “pretty darn reliable,” says Roger Hixson, NENA’s director of technical issues. “Practically everything is duplicated so that if one piece fails, the rest of the system can handle 9-1-1 calls pretty seamlessly,” he told me. “Very seldom do we have a case where there’s a failure that actually affects the ability of calls to get to 911 centers.”

Very seldom isn’t never. In 2006, a computer glitch caused an 9-1-1 outage that lasted for nearly seven hours in Pittsburgh. The death of at least one child was tied to the outage, during which time a father tried for 19 minutes to call for help when he found his infant son not breathing. More than 200 other calls to 9-1-1 went unanswered during the outage, according to news reports at the time.

The FCC said in 2014 it would prioritize reversing a growing “trend of large-scale ‘sunny day’ 911 outages,” a reference to system failures caused by software and database errors rather than bad weather, which was more of a problem in the days of analog telephone. “It’s more complex today than it used to be,” Hixson said.

The United States began implementing its universal emergency telephone line nearly 50 years ago. Incidentally, it was AT&T that first announced, in 1968, that it would use the digits 9-1-1 as the nation’s emergency code. 9-1-1 was selected because it was short, easy to remember, and not a sequence already in use.

But it was several decades before 9-1-1 was a near-nationwide service. Not even one-quarter of the U.S. population had access to the service by the mid-1970s. By the late 1980s, about half of Americans could dial 9-1-1 in an emergency. Today, about 96 percent of the United States is covered by 9-1-1, according to NENA.

While many more people can use 9-1-1 today, a system failure like the one that occurred on Wednesday night would have been practically unheard of even two decades ago. “It would have been difficult for anything to happen nationwide 20 years ago, because these systems are basically localized in parts of states,” Hixson said. “Now we have nationwide carriers. If they’re not careful about how they do certain things, or how much duplication redundancy they have, it becomes more difficult to manage.”

More difficult still because up to three-quarters of 9-1-1 calls now come from mobile devices, Hixson told me. New technology has introduced several new potential vulnerabilities. The paradox is that while 9-1-1 systems are likely more reliable than ever, there are more points at which things can go wrong.

Along with wireless network outages, there are distributed denial of service attacks to worry about—the kind of attack against a call center’s computer system that would flood dispatchers with fake calls, making all the phones ring at once. There’s also the possibility of an attack that would manipulate key information that goes out to emergency responders—a way of making them show up at the wrong house, for example.

“That’s a significant threat,” Forgety told me. “The worst one we can imagine is if some malicious actor wants to undertake an act of terrorism and hamper the local response to that [attack]—disrupting 9-1-1 communications entirely.”

Ironically enough, the aging systems first responders use to communicate with one another may offer a layer of protection in such a scenario. “Those radio systems typically use old-school technology,” Forgety said. Which makes them safe from computer-age attacks. Then again, he added, “nothing is impossible.”

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.