Investigation underway into DeSoto, Lancaster emergency siren hacking

City officials in Lancaster and DeSoto face a lot of questions about the network of warning sirens that was hacked early Tuesday -- but they're not willing to talk about it.

Officials would only say they’re still working to get the system operational again, but severe weather Wednesday morning slowed them down.

The sirens were set off about 2:30 a.m. Tuesday in the cities, startling and scaring residents who worried severe weather was about to strike. It remains unclear how the hackers were able to strike the warning system. Officials would only say an investigation is ongoing.

But the hack is similar to April 2017, when all 156 Dallas warning sirens sounded. Panicked people flooded the 911 call center. The hacker was determined to be someone in the area, potentially with remote access.

Dr. Kevin Hamlen, a University of Texas at Dallas cyber security professor, says attacks on critical infrastructure are increasing nationwide and more can be done to safeguard systems.

The City of Dallas conducted a security audit and reportedly encrypted its siren system to address the issue after it was hacked. Hamlen hopes neighboring cities would have learned from what happened in Dallas.

“The big question on my mind is whether the same mitigations that Dallas employed were also employed at these other cities that were hacked,” Hamlen said.

Catching up to the hackers is challenging, Hamlen added, but it's not necessarily the priority with emergency warning systems.

“It can often be very difficult, especially in these siren systems where the primary communication is radio. So it’s not as though you have an internet trace you can necessarily track back to who did it. It could have been anyone sending a fake signal to these sirens if they had the appropriate inside knowledge of how they work,” Hamlen said.