Tunnel vision
Virtual private networks, or VPNs, provide the security of private networks without the cost by using encryption to disguise data through its transmission via a public network, including the Internet. It’s a two-fold process: Each IP packet is encrypted, then “wrapped” in another IP packet to disguise it further. At the receiving end, the packet is “unwrapped” — first it is extracted from the incoming packet, then it is decrypted. The process creates a so-called VPN tunnel, which prevents an intruder from seeing the data stream.
The VPN concept appeals to public-safety agencies for many reasons. It is secure, it provides instant interoperability on a network-to-network level between connected agencies, and it allows its users to transport information — voice, video or data — over the Internet, as well as over cellular, land mobile radio, satellite and Wi-Fi networks.
That’s not all: VPNs also make it easy for multiple agencies to share the same network space without getting in each other’s way. “You don’t want the police data traffic to be interfered with,” said Brooks Gianakos, systems engineer for New England Communications Systems, a Motorola dealer in Windsor, Conn. “It is important to have each agency’s data segregated from each other.”
Another benefit of VPNs is that they can extend an agency’s coverage area to encompass the entire globe. “In the past, public-safety traffic was carried over dedicated T-1 lines, which took time and money to set up to extend coverage,” said Sean Fitzpatrick, manager of network engineering for Tyco Electronics M/A-COM.
“With a VPN, you can easily reach anywhere via the Internet or other public connections,” he said. “Say the chief is out of state on business — if a major fire breaks out, he can connect directly to the incident commander via a VPN, which connects his computer to the department’s radio system.”
Of course, in instances where the data is being carried solely over private public-safety networks, VPNs are not required. In the same vein, it is possible to transport encrypted data over a public network securely without a VPN, as long as the encryption is sufficiently robust to deter unauthorized hacking. But the advantage of using a VPN is that it offers a secure tunnel to send data from point to point in the public domain.
And there may not be many drawbacks. “There is some signal [delay] using a VPN, but at a rate of just 3 to 5 milliseconds, it isn’t an issue for data or even voice traffic,” Fitzpatrick said.
However, there is one caveat: A VPN does not replace an agency’s existing radio system. Rather, it connects to that system, encoding its voice and data communications into IP packets that can be transported to other agencies and approved users.
Some public-safety agencies are dipping their toes into the VPN waters where others are jumping in with both feet. The City of Carlsbad, N.M., is an example of the former. The city uses a radio-over-IP (RoIP) system developed by Catalyst Communications Systems to interconnect five different VHF systems: police, city fire, county fire, state fire and EMS. RoIP is the public-safety version of voice over IP (VoIP) — translating and encrypting voice and traffic into packets for transport over an IP network — and is a prerequisite for establishing a VPN.
Nearly all of the 110 users on the system use the unencrypted internal network, but three — the police chief, assistant police chief and assistant fire chief — connect via a VPN, according to Mitt Rogers, an electronics technician for the city. “They want the capability to monitor the radio traffic from home, after normal duty hours,” Rogers said.
Meanwhile, the Florida Highway Patrol has built a Mobile Command/Dispatch Center (MCDC) that uses Catalyst’s RoIP technology. Housed inside a converted motor home, the MCDC can be sent to hurricane and other disaster sites to provide on-site command and dispatch functions. It also lets first responders at the scene connect to the Statewide Law Enforcement Radio System (SLERS). VPNs have become integral to the process, according to Lt. Russ Bass of the Florida Highway Patrol.
“Our MCDC can provide on-site vehicles and users with secure IP communications using VPNs,” Bass said. “We can connect to SLERS and the outside world by whatever means are available: cellular, two-way radio or satellite in remote areas. VPNs provide secure communications channels in these situations, and we have never had any problems with them.”
Motorola’s Multi-Net Mobility product suite now allows public-safety vehicles to establish VPN connections back to dispatch via available Wi-Fi hot spots. “It maintains secure connectivity while users roam between wireless networks,” said Girish Rishi, Motorola’s vice president and general manager of applications and data solutions.
One useful aspect of the platform is that it keeps desktop applications open while the user’s mobile computer is switching from one network to another. “You do not have to re-establish the VPN every time your computer connects to a new network,” Rishi said. “Better yet, as [the] software detects a faster network connection becoming available, it automatically switches your traffic to it.”
As attractive as VPNs might seem for public-safety communications, they are not a one-size-fits-all solution. In some instances, they may not be considered necessary for departments using RoIP technology that encrypts the data before it is transported. In other cases, signal delays might prove longer than the norm due to network connection issues, which could garble or interrupt voice communications, a no-no for first-responder communications.
Also, RoIP systems can be difficult to reinitiate when the power goes off compared with conventional LMR systems. “The question about RoIP is its reliability, which is a function of the equipment you have in place, the power backups and the robustness of the networks you are using,” said Charles Werner, chief of the Charlottesville (Va.) Fire Department. “This is why we rely on RoIP as an enhancement to our primary radio network, rather than as the primary network itself,” he said. The City of Charlottesville uses a Catalyst RoIP system to interconnect more than 20 public-safety radio networks.
However, even with such limitations, VPN technology promises to be an extremely useful addition to public-safety communications. It allows agencies with incompatible radio systems to interoperate with each other on the network level, while letting them continue using their legacy radios in the field. VPNs also provide safe, secure ways for users to take advantage of public communications networks (cellular, Internet, Wi-Fi) when necessary, and it does this as effectively for public-safety agencies as it does for business users. Finally, VPNs extend the reach of an agency’s communications coverage, e.g., an officer outside his own coverage area could still communicate with dispatch using another agency’s portable radio, as long as this second agency is connected to the officer’s own network via a VPN.
The bottom line: VPNs make sense for public-safety communications, not sometime in the future, but today.