Next-gen 911 may be vulnerable to security breaches
L.R. Kimball — a Pennsylvania-based architecture, engineering and telecommunications firm — recently released its findings on cyber-security threats faced by next-generation 911 systems in conjunction with the National Emergency Number Association’s NG-911 cyber-security standards (NG-SEC). The NG-SEC is the first comprehensive and robust framework for securing entities when they move into the NG-911 environment, said Jeremy Smith, L.R. Kimball’s senior cyber-security consultant.
Smith co-chairs NENA’s NG-911 Security Working Group, which created a public/private partnership to develop NG-SEC and was asked by the group to survey NG-911 users to determine the amount of security breaches each one experienced. They found that 62% of public-safety officials reported cyber-security issues in the 24 months after they adopted NG-911 systems and 54% of those agencies experienced system downtime as a result.
As a result, public-safety entities — and the vendors who serve them — must adhere to NG-SEC, Smith said. The standards indentify the basic requirements, procedures and practices to ensure security and affect the entire NG-911 community: public-safety answering points, NG-911 ESINet, service providers, vendors and contractors.
In addition, the standards will protect NG-911 systems at a time when the need for security is at its highest. Legacy 911 systems were for the most part not connected together, so hackers had to physically be present on the scene to affect the network.
“Those standalone networks provided some degree of security for would-be hackers and the like,” Smith said.
However, with the advent of NG-911, the need to interconnect networks of varying security postures becomes a requirement, Smith said. To convert to an NG-911 system, the public-safety industry must move toward an interconnected, IP-enabled environment. As a result, call centers are vulnerable and must ensure their systems are in compliance with NENA’s cyber-security standards in the beginning of a NG-911 system buildout — even if funds are short.
“In the past, 911 centers have never had to fund cyber security,” he said. “But if we don’t build these security mechanisms into it, we are going to have problems. So get it into budget cycle and figure out how to fund it.”