https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

View From The Top


Commentary

Where should a public-safety answering point (PSAP) begin to address cybersecurity?

Where should a public-safety answering point (PSAP) begin to address cybersecurity?

As public-safety answering points (PSAPs) transition to all-IP architectures as part of the migration to next-generation 911, cybersecurity is a natural concern. Luckily, next-gen 911 standards established by the National Emergency Number Association (NENA) provide valuable guidance on this critical topic.
  • Written by
  • 23rd June 2015

​By Erik Wallace

As more people move toward cutting the cord, the call to action for public-safety answering points (PSAPs) being ready to handle the continued influx of mobile communications to 911 is getting louder. While PSAPs still work great with landline calls and do a fine job serving those people who most often need help—the elderly—they are not ready to handle those who are migrating to mobile devices.

In particular, the more than 40% of U.S. households that only have wireless phones (according to National Center for Health Statistics) are at a distinct disadvantage, as most PSAPs have been designed to respond to an infrastructure built upon 1960s and 1970s technology, which is not equipped to handle texts, pictures, video or to provide accurate location information from a mobile (or voice over IP, better known as VoIP) phone. 

Luckily, the new next-generation 911 (NG9-1-1) standards established by the National Emergency Number Association (NENA) provide guidance to handle this mobile migration.

The first step is to switch to an IP-based PSAP network. The new, NG9-1-1 system can handle the most common, “modern” ways of communicating: mobile (and VoIP) phone calls and SMS text traffic (pictures and video are coming quickly). The ability for a 911 user to send a geo-stamped picture of the situation from the accident scene has many benefits, not the least of which is the PSAP’s ability to forward that image to first responders, when possible.

Of course, the biggest drawback to an IP-based system is the network’s inherent vulnerability to attacks and data breaches. In fact, at next week’s NENA 2015 conference, cybersecurity is a hot issue.

Recent cybersecurity attacks are cause for concern, especially when it comes to a system that is designed to help people in life-or-death situations. As such, the ability of some guy to launch a denial-of-service attack on a PSAP from his mom’s basement is a thought that will keep 911 directors up at night, if the right mechanisms are not in place.

But where do you start? How do you ensure that your PSAP can withstand cybersecurity attacks? The answers to these questions lie in the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which has been designed specifically to help managers of critical infrastructure, such as PSAPs, by developing a risk-management-based approach to cybersecurity. This means that IT managers have a logical, yet holistic, system for answering the most common cybersecurity questions:

  • What are the cybersecurity threats to my systems, assets, data, and capabilities?
  • What safeguards should I implement to ensure delivery of 24/7, mission-critical emergency services?
  • Can I identify the occurrence of a cybersecurity threat?
  • How do I deal with a cybersecurity event after it is detected?
  • How do I restore services and foster continued network resiliency after a cybersecurity incident?

The NIST Framework has four “Core Elements” that address each of the questions above. The core elements (listed in order of size from largest to smallest) are: Functions, Categories, Subcategories, and Informative References.

The beauty of the NIST framework is its ability to work with an IT system of any size. And, it’s technology neutral. Further, the NIST framework is suitable for IT networks at any maturity level. So, there’s no more guesswork; the heavy lifting already has been done for you.

Specifically, the five main Functions of the NIST Framework Core are:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

Each of the five functions addresses one of those common cybersecurity questions. More importantly, IT managers now have a systematic, risk-analysis-based system that shows where to focus time and resources in cybersecurity for the best and fastest results.

Here’s where it gets a bit tricky, though. Each of the five functions is broken down into categories and subcategories. Eventually, you’re going to come face-to-face with a wide range of references, each of which has guidance that can be used to improve your PSAP’s IT processes and procedures. But note that the NIST framework is more of a guideline than a rule.

If your PSAP already has a process in place to deal with a specific element of cybersecurity (and, that process is working well), great! You should share those best practices with your PSAP’s IT supply chain and other stakeholders.

If not, then the “Informative References” Core Elements will spare you from having to comb ISACA’s Cobit 5, ISO 27001, or the NIST 800 series for the answer to any specific question. Additionally, working with a partner that is buttoned up on cybersecurity issues, knows where vulnerabilities are, and how to address them is a key way to ensure the safety of your PSAP, while guarding your systems operations from interruption and intrusion.

When choosing a partner to safeguard your systems against attack, find one that offers a comprehensive plan for detection, prevention, mitigation, and response to cyber events. With the right tools in place, cybersecurity can be limited to just a threat and not become a reality.

As Director, Commercial Cyber Services for the Cyber Intelligence Group at TeleCommunication Systems, Inc. (TCS), Erik Wallace is responsible for the Services sector of TCS’ Art of Exploitation® (AoE™) Portfolio, which is an integrated suite of cybersecurity services and training solutions that safeguard critical business assets against cyber threats.He is also the Managing Principal of the TCS Software Security Team, which guides TCS internal software development teams in best practices for secure software development and is a key leader in the sales, engineering, and development of many TCS applications.

Tags: Data Network Security Applications Commentary Cybersecurity NG-911 Security Software View From The Top Commentary

Most Recent


  • Verizon
    Verizon, Axon demonstrate benefits of 5G network slicing to support public-safety video
    Verizon and Axon Enterprises this week announced a successful demonstration of 5G network slicing that allowed its network to sustain connectivity performance levels for mission-critical video through Axon Fleet 3 and Axon Respond services. Network slicing is one of the most-anticipated features of the 5G standard for the critical-communications industry, because it allows a network […]
  • Cyberattack closes emergency rooms in three states
    Ardent Health says it was the target of a cyberattack over Thanksgiving, in an incident that shut down the hospital operator’s emergency rooms in three states. The hospital operator, which oversees 30 hospitals in the U.S., said the attack was detected on the morning of Nov. 23 and was identified as a ransomware attack impacting […]
  • General Electric, DARPA hack claims raise national-security concerns
    General Electric and the Defense Advanced Research Projects Agency (DARPA) have reportedly been breached, according to claims on the Dark Web that the organizations’ highly sensitive stolen data is up for sale. A screen capture from the Dark Web ad shows a threat actor named IntelBroker selling access credentials, DARPA-related military information, SQL files, and more. GE confirmed to […]
  • More 2G and 3G shutdowns loom in the U.S.
    UScellular and Cellcom recently set dates to shutter their aging wireless networks. The smaller network operators are following in the footsteps of their bigger, nationwide rivals, which are making similar moves. On its website, UScellular said it would shutter its 3G CDMA network on January 14, 2024. “Major wireless carriers have already shut down their […]

Related Content

Commentary


Land mobile radio (LMR) systems are just as vulnerable to cyberattacks as any other networks used in the public-safety sector. Here’s what to do about it.

  • 1
7th November 2023

September 3GPP Plenary meetings feature Release 18 progress, Release 19 beginnings

13th October 2023

Better technology can help solve the public-safety staffing crisis

26th June 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.