CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States
The Wireless Emergency Alerts WEA service is a collaborative partnership that enables local, tribal, state, territorial, and federal public safety officials to disseminate geographically targeted emergency alerts to users of capable mobile devices in an affected geographic area. The end-to-end WEA alerting pipeline comprises the following four major elements 1 alert originators, 2Integrated Public Alert and Warning System Open Platform for Emergency Networks IPAWSOPEN,3 commercial mobile service providers CMSPs, and 4 alert recipients. This report presents the results of a study of the CMSP element of the WEA pipeline conducted by researcher sat the Software Engineering Institute SEI. The goal of the study is to provide members of the CMSP community with practical guidance that they can use to better manage their cybersecurity risk exposure. To conduct the study, the SEI research team used the Security Engineering Risk Analysis SERA Method to assess high-priority cybersecurity risks in the CMSP WEA infrastructure. The research team used the results of the risk analysis to develop a set of cybersecurity guidelines tailored to the needs of CMSPs.