A new problem to hack away at
Public-safety agencies have been planning to upgrade 911 services by switching from legacy systems to an IP-centric environment. The move will open up new avenues for citizens and public safety to share emergency information, such as the ability for citizens to send text messages or videos to 911 dispatchers. But it also invites security breaches. In fact, a recent survey by L.R. Kimball found that of those who recently moved to an NG-911 environment, 62% reported cyber-security issues in the past 24 months after they adopted NG-911 systems and 54% of those agencies experienced system downtime as a result.
I spoke to Jeremy Smith, the firm’s consultant and the National Emergency Number Association cyber-security working group’s co-chair, about NG 911’s cyber-security vulnerabilities. I could only get Smith to talk in generalities, as he was concerned about “letting the bad guys know how bad it is,” he said.
But what I did extract was Smith’s philosophy on the state of our nation’s 911 system: The U.S. 911 system in antiquated. The legacy 911 system’s been great in the past, but it simply hasn’t evolved to support today’s technological innovations — including sending text messages and video. The next inevitable step is to upgrade to NG 911 so first-responders are armed with situational intelligence, and the community is better served.
Yet such fantastic features come with unintended consequences, like security breaches. NG911 is not immune. For next-gen technology to work, networks must be connected via IP-enabled networks instead of traditional phone networks. The IP system interconnects 911 call centers, when before they may have been disparate. Such connectivity opens up systems for widespread viruses, compared to when each 911 center was its own island. They were not connected and that was the built-in cyber security, Smith explained. For example, if in the past a Chinese hacker wanted to tap into the Chicago Police Department, he had to come to the United States and physically plug into that network. Now, he can send the virus from anywhere in the world.
Unfortunately, the call-center islands must disappear to move into the NG-911 environment. That means networks will be susceptible to the same threat that every other network in the universe is susceptible to — viruses, hackers, cyber criminals — except such networks are bigger targets.
It’s well-known that most hackers pride themselves on tapping into government databases and corporate IP files. Those with malicious intent could target 911, disabling our nation’s first responders.
“If they could get 911, that’s a big hit,” Smith said. “So 911 is a very attractive target.”
Smith warned that if systems aren’t up to par and are infected with a computer virus, there could be dire consequences. He said maybe a dispatcher won’t be able to take a phone call, and the caller may lose his life.
This is a liability our public-safety agents cannot afford. That’s why it’s essential that all agencies review and implement cyber-security safeguards into NG 911 — specifically those released by NENA. Such standards will help centers move in the right direction.
However, additional security features means additional unplanned expenses — and many departments are strapped for cash. Smith said he understands it will add expenses to a NG911 budget. However, if call centers are not built with such securities they will be vulnerable to attack.
“It’s pretty obvious the result of that will not be pleasant,” he said.
What do you think? Tell us in the comment box below.
