FirstNet could provide blueprint for enhancing advance threat defense for public safety, expert says

Public-safety entities often have mitigated Internet security issues with a trial-and-error approach, but FirstNet has the opportunity to change that approach to an orchestrated defense that will better equip the mission-critical ecosystem in an environment where cyber attacks are imminent, a global security expert said during the recent Association of Public-Safety Communications Officials (APCO) Emerging Technology Forum in Atlanta.

“It’s a real challenge we have to attack, not just in the law-enforcement community, but everywhere,” said David O’Berry, worldwide technical strategist, Office of the CTO, Intel Security Group. “The law-enforcement community has kind of done things maybe in the middle of the pack or afterward, but, with FirstNet, this is the chance to set the tone for the entire world.”

During the “FirstNet: Securing the Network at Public Safety Grade” session, O’Berry discussed the need for public-safety data security to be handled at the most basic level—from body-worn cameras to LTE devices—because the “attack surface” continues to expand as the number of Internet-connected devices increases.

As devices have evolved, the number of known pieces of malware has grown from 1 million in 2007 to 150 million this year, O’Berry said. As an example of the ubiquity of data security breaches, O’Berry cited a recent ransomware incident that paralyzed the computer system at the sheriff’s office in Lincoln County, Maine, after an accidental virus was downloaded on the system. The sheriff’s office had to pay a $300 ransom to de-freeze its system.

The cybersecurity breach illustrated the importance of public-safety entities taking a proactive approach to data security, such as having a backup system and placing a greater emphasis on detection, instead of correction, O’Berry said.

“We have to get out and fix these things in real time,” he said. “There is no central mechanism for updating all these viruses. How can you create a mesh that can assist in this environment?”

FirstNet could offer public-safety entities a blueprint on how best to coordinate advance-threat defense, including a cyber event process of sending real-time system alerts concerning malware, bots and viruses, hunting file behavior and killing the malicious process, he said.

Though the final decisions on the cybersecurity plans for the broadband network have not been released yet, creating a public-safety broadband network accessible to thousands of public-safety entities across the country will require an orchestrated defense with redundant systems, O’Berry said.

“We’re talking about today. We are not talking about [once] the attack surface and the number devices continue to scale incredibly up. We’re at a vertical wall as far as acceleration,” he said. “The approach has to change. Make [systems] dynamic. Make sure you’re moving the walls around—they can’t be a static defense. You can do that by leveraging all the information that’s out there in real time.”