Cyber Incident Victim: Baltimore's Automated Dispatch System
Date:
Mar 2018
Location:
United States of America
Summary
A cyberattack disrupted Baltimore's automated emergency dispatch system, causing a 17-hour shutdown that forced responders to manually process calls for both 911 and 311 services. The compromise affected the Computer Aided Dispatch system's messaging functions, which normally routes emergencies to the closest available units. Officials isolated the breached server to contain the threat, restoring automated operations after transitioning to manual call handling during the outage. The FBI joined the investigation, though no details about attackers or potential data exposure were disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 17, 2018, Baltimore's emergency dispatch systems experienced a significant cyberattack that disrupted critical public safety operations. At approximately 8:30 AM, unknown threat actors compromised the city's Computer Aided Dispatch (CAD) system, which automated call routing for both 911 emergency services and 311 non-emergency services. The breach specifically targeted messaging functions within the CAD infrastructure, forcing dispatchers to abandon automated processes within hours of the attack's initiation. This system normally prioritized efficiency by automatically directing emergency calls to the nearest available responders, significantly reducing response times compared to manual handling. Officials from the Mayor's Office of Information Technology confirmed the security incident required immediate containment measures, including isolating and taking offline the affected server to prevent further spread of the compromise. The disruption lasted approximately 17 hours, during which call center staff operated in manual mode – requiring emergency details to be relayed verbally rather than through electronic systems. No evidence of data theft or exposure was disclosed by city authorities following the incident. Technical personnel restored full CAD functionality by 2:00 AM on March 18, allowing normal operations to resume. The FBI joined local investigators to examine the breach, though no attribution or specific attack methodology was publicly released.
The operational impact necessitated emergency responders across Baltimore to rely on labor-intensive manual processes throughout the disruption period. This transition slowed call handling and dispatch operations, though services remained continuously available through staff adaptations. Mayor Catherine Pugh's administration publicly acknowledged the severity of the incident through official communications with The Baltimore Sun, characterizing it as a "limited breach" that nevertheless compromised essential infrastructure. The CAD system outage affected both emergency and non-emergency response coordination citywide, though no specific examples of delayed emergency responses were documented in available reports. Information Technology Chief Frank Johnson emphasized that containment actions successfully mitigated the threat once the compromised server was disconnected from operational networks. While the attack's origin and motives remained undisclosed, the incident highlighted vulnerabilities in critical dispatch infrastructure. Restoration efforts focused on returning automated routing capabilities without publicly detailing remediation steps taken to secure the system against future compromises. Investigation into the breach continued with federal law enforcement involvement, though subsequent findings were not disclosed in immediate aftermath reports.