FCC report on 911 outage reveals NG911 vulnerabilities

Yesterday, the FCC revealed the details ofa major 911 outage that occurred last April.

The details of that report document how a software defect blocked 911 calls to over 81 Public Safety Access Points (PSAPs) serving over 11 million people in seven states. Over 6,600 calls to 911 never reached a PSAP.

The report notes that the transition to next generation Voice over IP (VoIP) services was an important factor in why this outage impacted so many PSAPs across such a large area. 911 calls that originated on traditional Public Switched Telephone Networks (PSTN) using Time Division Multiplexing (TDM) signaling were converted to VoIP and managed by a centralized operation run by Intrado. A software error in a centralized routing server failed to route calls to PSAPs with centralized automatic massaging accounting (CAMA) trunking, a legacy TDM type of trunk.

The report documented several important findings:

  1. Next Generation 911 (NG911) services are new and complex. New businesses are entering the market to provide specialized services and to offer cost reduction through consolidation of operations. While these market forces for innovation and cost reduction are good, it creates a risk that responsibility for a 911 call may be spread among multiple service providers, which can introduce multiple points of failure and less end-to-end accountability for 911 services.
  2. Transition from legacy to NG911 service is very complex and requires improved system alarms and best practices for operation.
  3. Concentration of 911 assets. Originally 911 calls were handled locally. Now, 911 operations are increasingly centralized for improved efficiencies. This same trend makes the system more vulnerable to a catastrophic outage that could impact tens of millions of consumers. Improved failover between geographically redundant systems is required.
  4. Communication among 911 Ecosystem Participants. The report notes that better communication of alarms between the Local Exchange Carriers (LECs),the Intrado Network Operations Center (NOC) and PSAPs could have led to earlier detection and remedy of the failure.

One issue that is outside the scope of the report but is a growing national security concern, is the threat of a Telephony Denial of Service (TDoS) attack on PSAPs. A TDoS attack on a centralized 911 operation could easily block all 911 calls for tens of millions of Americans. TransNexus expects this public policy concern will eventually move the FCC to require service providers to implement safeguards that limit the impact of TDoS attacks on their customers and critical infrastructure such as 911 services.