America's 911 Systems Under Siege: The Growing Cyber Threat to Emergency Services

How cybercriminals are targeting the nation's most critical lifeline, leaving communities vulnerable when they need help most

When Morgan County, Alabama residents dialed 911 on May 14, 2025, their calls still went through. But behind the scenes, hackers had infiltrated the emergency dispatch center's administrative systems, forcing IT officials to sever network connections and revert to manual processes to prevent the attack from spreading. It was just the latest in a growing wave of cyber assaults targeting America's emergency response infrastructure—attacks that experts warn could have deadly consequences.

The incident in Morgan County represents a troubling trend that has accelerated dramatically in recent years. As 911 systems nationwide modernize and become more connected to digital networks, they've also become prime targets for cybercriminals seeking to exploit vulnerabilities in critical infrastructure. The result is a perfect storm of aging technology, insufficient cybersecurity resources, and increasingly sophisticated attackers that threatens to undermine the very foundation of America's emergency response capabilities.

Targeting America’s Lifeline: The Growing Threat to 911 Systems

Introduction The United States’ 911 emergency response system, a critical lifeline for citizens, has increasingly become a target for cyber adversaries. On August 27, 2024, multiple states, including California, Texas, Alabama, Kentucky, Ohio, Florida, and Georgia, reported widespread 911 system outages. The outages were linked to problems with AT&T,

Breached CompanyBreached Company

A System in Crisis

The scope of the problem is staggering. According to recent industry data, nearly 90% of emergency communication centers across the United States experienced at least one system outage in the past year caused by aging equipment or cyberattacks. More than half reported frequent outages due to system overloads or hardware failures that can leave dispatchers unable to respond effectively to emergency calls.

"What these professionals are experiencing isn't just stress—it's systemic fatigue," said Brian Fontes, CEO of the National Emergency Number Association (NENA). "This year's findings are a wake-up call: Real investments are needed to ensure 9-1-1 professionals are supported, protected, and equipped to better serve their communities."

The vulnerability of 911 systems has been building for years. Between 2016 and 2018 alone, cybersecurity firm SecuLore Solutions documented 184 cyberattacks on public safety agencies and local governments, with 911 centers directly or indirectly attacked in 42 of those cases. Two dozen involved ransomware attacks, where hackers use malicious software to seize control of computer systems and hold them hostage for payment.

Decoding Cyber Threats in Smart Cities and Critical Infrastructure

Introduction Welcome to another insightful article where we unravel the complex world of cybersecurity. Today, we’re focusing on an area that’s becoming increasingly vulnerable to cyber threats—Smart Cities and their critical infrastructure, including EMS/911 services and water treatment facilities. As cities become smarter, the need for robust cybersecurity

My Privacy BlogMy Privacy Blog

The Anatomy of an Attack

The methods used to target 911 systems fall into several categories, each with potentially devastating consequences:

The Impact and Costs of Ransomware Attacks: A Deep Dive into the City of Dallas Incident

Ransomware attacks have become one of the most pressing cybersecurity threats in recent years. Municipalities, in particular, have found themselves in the crosshairs of cybercriminals due to their often outdated IT infrastructures and the critical nature of the services they provide. The City of Dallas, a bustling metropolis with a

Breached CompanyBreached Company

Ransomware Attacks

These represent perhaps the most serious threat to emergency services. In a typical ransomware attack, cybercriminals infiltrate a network and encrypt critical files and systems, demanding payment to restore access. For 911 centers, this can mean losing access to computer-aided dispatch (CAD) systems that automatically route calls, track emergency vehicles, and maintain critical databases.

The impact extends far beyond technological inconvenience. When Atlanta's municipal systems were hit by ransomware in 2018, the attack affected at least five of 13 city departments, knocking out services and forcing some operations to revert to paper records for ten days. Similar attacks have forced 911 centers to manually write down emergency calls—essentially pushing emergency response back decades in terms of efficiency and effectiveness.

Smart City Cybersecurity Assessment | CyberSafe.City

Comprehensive security assessment for smart city technologies. Evaluate risks, get recommendations, and protect your urban infrastructure.

CyberSafe.City

Telephony Denial of Service (TDoS) Attacks

These attacks flood 911 call centers with automated bogus calls, effectively jamming the lines and preventing legitimate emergency calls from getting through. The consequences can be life-threatening: a 2017 investigation noted the case of a six-month-old Dallas boy who died after his babysitter's 911 calls were delayed during an apparent denial-of-service attack.

One of the first major TDoS attacks occurred in October 2016, when 18-year-old Meetkumar Desai of Arizona distributed a computer bug on Twitter that overwhelmed 911 centers in 12 states. While Desai claimed his attack was meant as a prank, it demonstrated the ease with which malicious actors could disrupt emergency services.

Data Theft and Exploitation

Beyond immediate operational disruptions, cyberattacks on 911 systems can expose sensitive personal information. Emergency call databases contain detailed personal data, location information, and sensitive details about ongoing investigations. According to Department of Homeland Security assessments, stolen data can be used "to facilitate additional crimes—including extortion, identity theft, and swatting."

2025: A Year of Escalating Threats

The cyber threats to 911 systems have only intensified in 2025, with several high-profile incidents highlighting the ongoing vulnerabilities:

Morgan County, Alabama: A Textbook Case

The May 14, 2025 attack on Morgan County 911 serves as a sobering example of how modern cyber threats can impact emergency services. While the county's 911 call-taking and radio communications remained operational, the attack compromised administrative systems and forced officials to disconnect the 911 center from other county networks as a precautionary measure.

Director Jeanie Pharis explained that the attack affected "some of the connections that we have with agencies that are able to remote in so that their mobile computers can see the computer dispatching system." The county was forced to rebuild administrative functions while implementing enhanced security measures—a process that left systems vulnerable for days.

Major 911 Cyber Incidents in 2025

Pennsylvania Statewide 911 Outage (July 2025) The intermittent statewide 911 outage Pennsylvania experienced earlier this month, which lasted for hours and forced residents to call non-emergency numbers to reach dispatchers, was caused by a “defect in the operating system,” not a cyberattack, according to findings from a preliminary report the

Secure IoT HouseSecure IoT House

Pennsylvania's Statewide Outage: A Different Kind of Wake-Up Call

While not the result of a cyberattack, Pennsylvania's statewide 911 outage in July 2025 demonstrated just how fragile these critical systems can be. The hours-long disruption, caused by a "defect in the operating system," forced residents across the entire state to call non-emergency numbers to reach dispatchers. The incident served as a stark reminder that 911 systems face threats from multiple vectors—not just malicious actors, but also aging infrastructure and technological failures.

The Fulton County Fallout

The ransomware attack on Fulton County, Georgia, which began in January 2024 but continued to impact operations well into 2025, illustrated the long-term consequences of successful cyber intrusions. The LockBit 3.0 ransomware group's attack on Georgia's most populous county paralyzed government services for weeks, affecting everything from court filings to tax processing.

While the county's 911 system remained operational, the attack demonstrated how interconnected modern government systems have become. Police departments couldn't issue reports, courts reverted to backup processes, and the county ultimately had to invest $10.2 million in a complete technology overhaul to restore full functionality and prevent future attacks.

The Perfect Storm: Why 911 Systems Are So Vulnerable

Several factors combine to make 911 systems particularly attractive targets for cybercriminals:

Aging Infrastructure

Many 911 centers operate on technology that's decades old. Some systems are seven versions behind current technology standards, running on infrastructure that was designed in an era when cybersecurity was an afterthought. These legacy systems often lack modern security features and may not receive regular updates or patches.

Major US Cities and Counties Hit by Cyber Attacks in 2025

Confirmed Ransomware/Cyber Attacks: 1. Abilene, Texas On the morning of April 18, 2025, City of Abilene officials detected that City servers were unresponsive. Around 4 a.m., the City’s Information Technology department investigated the outage, and after determining a foreign actor had compromised the City’s computer systems, the full

Secure IoT HouseSecure IoT House

Resource Constraints

State, local, tribal, and territorial governments manage the majority of emergency service networks, yet most lack the resources to independently improve their cybersecurity posture. Unlike major corporations that can invest millions in cybersecurity infrastructure, many 911 centers operate on shoestring budgets with minimal IT support.

Increased Connectivity

The transition to Next Generation 911 (NG911) systems, while offering enhanced capabilities like the ability to receive text messages, images, and video from callers, has also introduced new vulnerabilities. These modern systems are more connected to the internet and other networks, creating additional entry points for attackers.

Critical Nature of Services

From a criminal perspective, 911 systems represent high-value targets precisely because of their critical importance. Attackers know that emergency services will face enormous pressure to restore operations quickly, potentially making them more likely to pay ransoms or accept other demands.

The Human Cost

The impact of cyber attacks on 911 systems extends far beyond technological disruption. When emergency call centers are compromised, the consequences can be measured in human lives and community safety.

During cyberattacks, dispatch centers often must revert to manual processes that can significantly slow response times. Dispatchers may lose access to critical databases containing information about previous calls to a location, known hazards, or suspects with outstanding warrants. GPS tracking of emergency vehicles may be disabled, making it harder to coordinate responses and ensure officer safety.

"Imagine the impact on local public safety if jail management systems were inoperable because of a cyberattack, that police communication capabilities were disrupted, that the public was unable to contact local police in an emergency," said John Cohen, former intelligence chief at the Department of Homeland Security. "If a foreign terrorist group, or a nation state, can tie up law enforcement responses by targeting their 911 call center, or police departments can't gain access to investigative or other important information—that will hamper their emergency response."

The Secure House: A Comprehensive Deep Dive into the State of IoT Security

Section I: The Hyper-Connected World: Understanding the Internet of Things The dawn of the 21st century has been defined by a quiet but profound revolution: the integration of the internet into the very fabric of our physical world. This transformation, known as the Internet of Things (IoT), refers to the

Secure IoT HouseSecure IoT House

Federal Recognition of the Threat

The federal government has begun to take notice of the growing threat to emergency services. The Department of Homeland Security has issued bulletins warning that cybercriminal exploitation of data stolen during ransomware attacks against the Emergency Service Sector "likely poses a persistent criminal threat to public safety operations and personal privacy."

The assessment noted that ransomware attacks have "disrupted the networks of police department and 911 call center operations," putting computer-aided dispatching services out of commission and forcing emergency services "to revert to manual dispatching to sustain their operations."

The Federal Communications Commission has also launched investigations into 911 outages, with Chairwoman Jessica Rosenworcel stating, "When you call 911 in an emergency, it is vital that call goes through. The FCC has already begun investigating the 911 multi-state outages that occurred last night to get to the bottom of the cause and impact."

The Hyper-Connected Battlefield: A CISO’s Guide to Securing the Next Generation of Smart Environments

Executive Summary This report provides a strategic overview of the paradigm shift in Internet of Things (IoT) security. The proliferation of connected devices across corporate, industrial, public, and consumer sectors has irrevocably dissolved the traditional network perimeter, rendering legacy security models that rely on a trusted internal network obsolete. The

Secure IoT OfficeSecure IoT Office

The AI Revolution and Outsourcing Trend: New Opportunities and Risks

As 911 systems grapple with cybersecurity threats, the industry is simultaneously undergoing a technological transformation that introduces both promising solutions and new vulnerabilities. According to recent industry surveys, 75% of emergency professionals say they're open to using artificial intelligence to "manage call surges, detect high-risk situations, or streamline workflows." AI-powered systems are being deployed to automatically prioritize calls, predict resource needs, and even provide real-time language translation services.

However, this technological evolution coincides with a concerning trend toward outsourcing and remote dispatching services. Faced with severe staffing shortages and budget constraints, an increasing number of smaller municipalities are contracting their 911 services to regional centers or private companies, some of which operate call centers hundreds or even thousands of miles away from the communities they serve. While this approach can provide cost savings and ensure 24/7 coverage for resource-strapped towns, it also introduces new cybersecurity risks and potential points of failure. Remote dispatching operations may lack intimate knowledge of local geography, resources, and hazards, while offshore or distant call centers create additional network vulnerabilities and complicate incident response coordination. The combination of AI integration and geographic distribution of emergency services creates a complex web of digital dependencies that cybercriminals can potentially exploit, making robust cybersecurity frameworks even more critical as the industry embraces these technological and operational changes.

The Path Forward: Building Resilient Emergency Services

Addressing the cybersecurity crisis facing 911 systems will require a multi-faceted approach involving federal, state, and local coordination:

The Sensor City: How Smart Devices Are Transforming Urban Life—and What It Costs Privacy

iFrom intelligent street lights that monitor everything from air quality to pedestrian traffic, to AI-powered surveillance systems that can identify faces in crowds, cities worldwide are deploying an unprecedented network of connected devices. But as urban centers become smarter, citizens are asking: at what cost to our privacy? In Amsterdam,

Secure IoT OfficeSecure IoT Office

Modernization and Investment

The first step is modernizing aging infrastructure. Many 911 centers need complete technology overhauls, replacing decades-old systems with modern, secure platforms. This requires significant investment, both in hardware and software, as well as ongoing maintenance and security updates.

Cybersecurity Workforce Development

Emergency services need dedicated cybersecurity professionals, but attracting top talent to public sector jobs with limited budgets remains challenging. Some experts suggest creating apprenticeship programs or veteran-transition initiatives that offer cybersecurity training as a pathway to more lucrative private-sector careers while providing temporary expertise to 911 centers.

Enhanced Training and Preparedness

All 911 center staff need cybersecurity awareness training to recognize potential threats like phishing emails or suspicious network activity. Centers also need comprehensive incident response plans that allow them to maintain emergency services even when primary systems are compromised.

Federal Support and Coordination

The federal government could play a larger role in providing cybersecurity resources, funding, and expertise to local emergency services. This might include grants for security upgrades, shared threat intelligence, and rapid response teams that can assist during cyber incidents.

Regional Cooperation

911 centers could benefit from regional partnerships that allow them to share resources, backup systems, and expertise. When one center is attacked, neighboring facilities could provide redundant services while the affected system recovers.

A Race Against Time

The cybersecurity threat to America's 911 systems represents more than just a technological challenge—it's a fundamental threat to public safety and national security. As cybercriminals become more sophisticated and emergency services become increasingly digital, the window for addressing these vulnerabilities is rapidly closing.

"There's no question: the fragility of current emergency communications infrastructure is putting lives at risk," said Amir Elichai, CEO of emergency technology company Carbyne. "What's clear from this year's report is that 9-1-1 professionals are doing everything they can—but they need modern, resilient systems to back them up."

The incidents in Morgan County, Pennsylvania, and Fulton County serve as warning shots—reminders that America's emergency response capabilities are only as strong as their weakest cybersecurity link. With nearly 90% of emergency communication centers experiencing outages in the past year, the time for incremental improvements has passed.

The question is no longer whether America's 911 systems will face more sophisticated cyberattacks, but whether the nation will take the necessary steps to protect these critical lifelines before it's too late. In a world where seconds can mean the difference between life and death, the cost of inaction could be measured not just in dollars, but in lives.

As cybercriminals continue to target the very systems Americans depend on in their darkest moments, building resilient, secure emergency services isn't just a technological imperative—it's a moral one. The 911 operators who answer our calls in crisis deserve the tools and protection they need to do their jobs safely and effectively. And every American deserves the confidence that when they dial those three critical numbers, help will be on the way—no matter what digital threats may be lurking in the shadows.