And it happened on a Tuesday. Before noon.
The day that a city-wide flash flood warning is issued for San Francisco might be a good day to have a functional public emergency alert system, huh?
Last year I did some digging into the history and future of the sirens but was not able to find any straight answers about the multiple security vulnerabilities that allegedly led to the shutdown, or what the actual plan is for bringing the new system online.
Scroll to the bottom for the questions that an actual journalist should be demanding answers to.
Seriously, I wish someone who does this for a living would press SFDEM for answers, because the real reason we don't have a siren system any more is almost certainly some Mohammed Nuru level of corruption and coverup.
Previously, previously, previously, previously, previously, previously, previously, previously, previously.
Part of the delay was waiting for the new P25 digital system to go online, which happened last year, but what I'm hearing is that the siren vendor wasn't able to integrate with the new digital system. Which seems really stupid, they could even just use a Unication P25 pager (which supports encryption) to feed voice to and turn on the sirens.
The original system (in use in the late 90s) used a 4 or 5 digit DTMF sequence to turn on and off the sirens, transmitted on a normal FM voice frequency. So trivial to "hack". I'm not sure what specifically they did when they upgraded to the electronic sires with voice support, I think it was still similar, but maybe (I'm guessing) used one of the DCS or CDCSS systems (digitally coded squelch) which are still pretty trivial to brute-force as they were designed for stopping interference, not security.
This just reminds me that to get a government contract, your core competency is getting government contracts; not the technology.
I read somewhere that the reason the only food service in airports is from national chains mostly comes down to the fact that no smaller company can afford to employ the requisite army of federal contract specialists.
True! I know that some of the "local" restaurants in SFO are actually operated/staffed by ARA (or whoever is the big SFO retail food contractor) under direction of the local restaurants.
Yeah, I was guessing those few were probably ghost kitchens, or a branding-only deal.
Food service, as in the retail outlets in the terminal? Why on earth would they need a federal contract?
Airports, it may surprise you to learn, are heavily regulated by the Federal Government.
“… to get a government contract, your core competency is getting government contracts; not the technology.”
The flipside is a government official’s core competency is to select a contractor that checks all of the boxes (most of which aren’t specific to the project), sign off on the docs, and write a check. When a project fails, the finger pointing starts with the contractor showing that they did indeed deliver what the (flawed and incomplete) contract specified. And the government official can just plead ignorance of the tech details.
That gap between client and contractor is wide enough to sweep an entire career of incompetence into.
The root issue is that government agencies can’t justify keeping domain experts on the payroll who can keep the contractor honest. So why not handle this like organizations handle legal needs and keep a list of tech experts on retainer? Bring them in only when needed.
There’s another hazard out there: long term maintenance. So many systems get deployed and then decay into irrelevance. My guess is a large number of these maintenance failures are caused simply by losing a password.
This is serious hot fudge and whipped cream covered irony.