https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

News


News

Experts: Cybersecurity is becoming a bigger problem for mission-critical entities (with related video)

Experts: Cybersecurity is becoming a bigger problem for mission-critical entities (with related video)

Today's IP-based systems are "exponentially" increasing the opportunities for hackers, because there are many more breach points, L.R. Kimball's J. Kevin McGeary said.
  • Written by
  • 17th August 2011

There once was a time when only enterprises needed to worry about cybersecurity attacks from hackers, but evidence is mounting that public-safety and critical-infrastructure entities now are in the crosshairs, according to experts who spoke on the topic last week at the Association of Public Safety Communications Officials' conference in Philadelphia.

Jeremy Smith and J. Kevin McGeary are senior consultants with L.R. Kimball's cybersecurity practice. They provided details on the Stuxnet worm that attacks computers utilizing Windows operating systems or Siemens industrial software. SCADA systems particularly are vulnerable, and the worm allows data to be stolen.

McGeary described the worm — which first appeared in 2009 and was used most notably in an attack on Iran's nuclear program that resulted in about 30,000 computers being affected — as "groundbreaking" for a couple of reasons. The first is that it is capable of mutating. The second is even more frightening.

"It's one the first known examples of an actual attack that is suspected to have been done by a nation state," McGeary said. "In other words, cyber-warfare, if you will.

"This was not an attack on some of the normal enterprise computing systems, like e-mail that we all read about almost every day. This was a specific, directed attack on the kind of systems — in this case, running a plant — that are analogous to the mission-critical networks and systems that [public safety] is working with and building every day."

McGeary and Smith cited other examples. For example, in February 2011, a computer virus shut down an Australian ambulance company's CAD system. In May 2009, the city of Dallas suffered a similar attack on its CAD system, one month after the Texas Department of Public Safety contracted a computer virus that shut down its statewide computer system.

Any IP-based network is vulnerable to an attack, but the convergence of subsystems — a trend that is proliferating throughout public safety — will make such networks even more vulnerable, McGeary said.

"As we begin to connect all these pieces, it's not enough to protect any one of them," McGeary said. "You have to protect the network itself."

McGeary stressed that he isn't against convergence, which is a useful approach for any enterprise because it allows information to flow from end to end. But he quickly conjured a familiar adage, that the chain is only as strong as its weakest link. "What you haven't protected becomes the entry point," he said.

Providing such protection is much more challenging today than it was in the past, according to McGeary.

"In the past, legacy systems were hardware-based systems that didn't have a lot of intelligence or information to control," he said. "For example, in a 911 network, there tended to be a hard-wire link between the PSAP and the central office, and there was relatively limited information being exchanged. There wasn't a lot to attack."

In contrast, today's IP-based systems — many of which are interconnected — are "exponentially" increasing the opportunities for hackers, because there are many more breach points, McGeary said.

All of that said, it's not just IP-based systems that are vulnerable. McGeary cited a recent University of Pennsylvania study that identified security weaknesses in Project 25 radio systems.

So, what can a public-safety agency, or other critical-infrastructure entity, such as a power utility or transportation department, do to protect itself? The first step is to understand that security is all about availability — more specifically limiting it, according to Smith.

"It's about making sure that the mission-critical resources that your people need to do their jobs are made available only to the right people," he said. "If I had to sum up security in one word, it would be 'availability.'"

Consequently, encryption, firewalls, virtual private networks and anti-virus software should be the foundation of any agency's defense. But physical security often is forgotten in the zeal to protect the network, which can be a big mistake. For a public-safety agency, that means sites — particularly those located in the middle of nowhere, such as on a mountaintop — must be protected, as they can provide a point of entry into the network.

In addition, agencies must implement security protocols to protect themselves when employees connect their personal devices to the network, which can lead to inadvertent attacks.

"A basic example would be someone who downloaded some music onto a thumbdrive and then plugged it into a computer somewhere on your network, and it turns out that the file is infected," McGeary said.

Also common is a virus attack unleashed unwittingly by a service technician who has plugged his computer — infected without his knowledge — into an agency's network to perform a diagnostic check.

Then there are breaches that make security professionals shake their heads in wonderment.

"One of the things we like to do when we conduct a penetration test on an organization is to drop thumbsticks in the organization's parking lot," Smith said. "Those thumbsticks have a dummy virus on them, and when people pick them up and stick them into their computers, we know we have a training issue to address."

Smith also told of one PSAP where all 15 dispatchers were using the same password, regardless of what shift they were on.

"That obviously creates all sorts of issues," he said. "I was actually stunned by that."

In these trying budgetary times, it might be tempting for an agency to push cybersecurity to the back burner. Smith cautioned against such an impulse.

"I'm a big believer that some security is better than no security," he said.

The very first step should be a gap analysis, Smith added.

"If you don't know where you are, it's going to be difficult for you to get to where you want to go," he said.

Related story:

  • Public safety can benefit when bad hackers go good
Tags: Data Network Security News Security Software News

Most Recent


  • AT&T becoming a “public-safety company” with FirstNet, NG911 work, exec says
    AT&T has long been one of the greatest consumer communications brands in the world, but the carrier is beginning to become “a public-safety company” through its first-responder-centric efforts in the development of FirstNet and next-generation 911 (NG911) networks, according to Scott Agnew, the new COO of AT&T’s FirstNet team. Two weeks ago, AT&T executives revealed […]
  • U.S. government plans to block all tech exports to Huawei–reports
    The Biden administration is weighing a plan to block the export of all US-sourced technologies to Huawei – the latest escalation in Washington’s years-long campaign to throttle the Chinese firm. The new bans, first reported by Financial Times (paywall applies), would likely fall most heavily on firms such as Intel and Qualcomm that sell Huawei server and […]
  • Command-injection bug in Cisco industrial gear opens devices to complete takeover
    A security vulnerability has been found in Cisco gear used in data centers, large enterprises, industrial factories, power plants, manufacturing centers, and smart city power grids that could allow cyberattackers unfettered access to these devices and broader networks. In a report published on Feb. 1, researchers from Trellix revealed the bug, one of two vulnerabilities discovered that […]
  • AR-based next-gen maps aim to rebalance detail and simplicity
    Every sat-nav user is familiar with the chagrin of missing their turn because the map’s lines and circles don’t resemble the real world. Yandex is blaming maps, not users, for these errors. At its annual conference in December, the company presented its re-designed maps boasting natural-looking 3D objects such as trees, bus stops, colored buildings, […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Driverless-tech liability is all in the wording
  • Is an attacker living off your land?
  • New ThroughTek IoT supply-chain vulnerability announced
  • What “smart city” means for 2021: How digital twins, AI and other innovations drive smart transformation

Commentary


How 5G is making cities safer, smarter, and more efficient

26th January 2023

3GPP moves Release 18 freeze date to March 2024

18th January 2023

Do smart cities make safer cities?

  • 1
6th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

AT&T becoming a “public-safety company” with FirstNet, NG911 work, exec says dlvr.it/Sj8FXL

9th February 2023
UrgentComm

Command-injection bug in Cisco industrial gear opens devices to complete takeover dlvr.it/Sj6X3l

8th February 2023
UrgentComm

AR-based next-gen maps aim to rebalance detail and simplicity dlvr.it/Sj4gdM

7th February 2023
UrgentComm

Vodafone UK starts ‘risky’ shift to 5G standalone dlvr.it/Sj4dPJ

7th February 2023
UrgentComm

ChatGPT may be fastest-growing app of all time, UBS Says dlvr.it/Sj4NfL

7th February 2023
UrgentComm

Public-safety coalition renews efforts to secure federal NG911 funding dlvr.it/ShwGfn

4th February 2023
UrgentComm

Newscan: Cyberattacks on DoE national labs draw lawmaker scrutiny dlvr.it/Shvpw3

3rd February 2023
UrgentComm

The shine begins to wear off 5G private wireless dlvr.it/Shth0P

3rd February 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.