FirstNet plans to release cybersecurity information this fall, Kennedy says

WASHINGTON, D.C.—FirstNet officials will provide information about the organization’s cybersecurity strategy this fall, beginning with its Industry Day next week, FirstNet President TJ Kennedy said this week during a panel session at the APCO 2015 show.

When FirstNet released its draft request for proposal (RFP) documents in April, it did not include a section on cybersecurity but promised to provide information later in the year. Kennedy said that cybersecurity will be a topic of discussion during FirstNet’s Industry Day event next Thursday.

“You’ll be seeing much more coming out in the near future,” Kennedy said during the APCO session. “We’ll be talking a little bit more about it at Industry Day [on Aug. 27], and there will be more to come this fall.”

With a number of high-profile data breaches in both the corporate and government arenas being reported in recent years, cybersecurity is a hot topic for all enterprises, but particularly those dealing with sensitive information. With FirstNet being tasked to build a broadband network to support first-responder access to critical health, building and criminal records, organization officials have acknowledged that they expect the system to be a prime target for the hacking community. Knowing this as the network is being designed should benefit FirstNet, Kennedy said.

“As we build a public-safety network, certainly cybersecurity is at the top of our minds,” he said. “We have the unique opportunity to build in cyber from the beginning, and we can build it with some new technology, which often is not the case [when dealing with legacy networks].

“So, we have a very unique opportunity to get this right. We also have the unique opportunity to put things in throughout the networks to really do it well.”

Earlier this year, FirstNet announced the hiring of Glenn Zimmerman as its senior security architect, and Zimmerman has hired some staff for his team, which will focus on the issue. In addition, Kennedy noted in a recent public meeting that the U.S. Department of Homeland Security indicated that it is willing to provide FirstNet with additional resources to help address cybersecurity for the fledgling organization.

FirstNet’s challenge is to do cybersecurity really well—no easy feat within the federal government, as the massive data breach in the Office of Personnel Management (OPM) indicates—without making it so complicated and burdensome that first responders are unable to focus on their primary missions, Kennedy said.

“We need to make sure that we think about human factors in the public-safety environment and making sure that cybersecurity is very, very usable,” Kennedy said. “In my days as a state trooper, I can’t imagine being in a highway-patrol Mustang and trying to worry about 12-digit, upper-case/lower-case, special-character password.

“We can’t do that. We need to make sure that we’re leveraging authentication and data access management in a public-safety environment, where folks like firefighters who wear gloves can do their job, where paramedics who are wearing gloves can do their job, where police officers who need to execute what they’re doing while driving a vehicle can do their job.”

Helping FirstNet in this area is the Public Safety Advisory Committee (PSAC), which is chaired by Harlin McEwen. Last year, the PSAC submitted a report to FirstNet outlining the importance of considering human factors unique to public safety when proposing various communications solutions, including those impacting cybersecurity.