https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
  • IWCE
    • Back
    • Conference
    • Special Events
    • Exhibitor Listings
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

View From The Top


Commentary

Why every PSAP needs to be vigilant about cybersecurity

Why every PSAP needs to be vigilant about cybersecurity

  • Written by Gilles Ferland
  • 2nd November 2018

Public-safety answering points (PSAPs) are now well aware of the real-life stories behind the industry’s new concern: cybersecurity. As a quick reminder, here are a few examples that reiterate this significant threat:

March 2018—A ransomware attack compromises Baltimore’s Computer-Aided Dispatch (CAD), causing a shutdown of the digital dispatch and recording systems.

December 2017—A California man is arrested after he attempts to swat his online video game opponent but uses the wrong address. Instead of his opponent’s house, police are dispatched to an address in Kansas, where an innocent resident is shot during the confusion.

August 2017—Hackers use brute-force password cracking to gain access to the Schuyler County 911 Dispatch Center located at the Sheriff’s Department in Watkins Glen, N.Y., temporarily crippling the PSAP and its ability to dispatch deputies.

The vulnerabilities

Incidents like these are part of the conversation, as most PSAPs now either have or are planning their move to an IP-based call-answering and call-handling system. These next-generation 911 (NG911) systems come with improved features and functionality, such as unprecedented call control, the ability to pinpoint a caller’s exact location, text-to-911, one-button transfer and conferencing, and access to video, data, and photos.

But the benefits of NG911 systems come with a responsibility, because IP-based technology can leave these systems open to cyberattacks. Therefore, PSAPs should establish and maintain a similarly vigilant approach to cybersecurity safeguards and protocols that enterprises and the general public have been using for years to protect their IP-based devices and networks.

NG911 systems have unique vulnerabilities that require specific lines of defense. Unlike legacy systems that were built on proprietary software and hardware and operated on closed networks, NG911 systems are built on open standards. Networks are open, interconnected, and interoperable with a variety of other systems and devices, such as a PSAP’s computer-aided dispatch (CAD) solution, radio, and recorder. The systems are engineered to interface with the Internet and cellular phones, enabling connections to different agencies and jurisdictions.

The threats

The first line of defense against a cyberattack is understanding the variety of threats that can affect critical systems, most of which are outlined in the table below.

Swatting The main cyberthreat to PSAPs. Criminals manipulate 911 calls to indicate the call is originating from a location where a very serious criminal act has occurred or is occurring, prompting PSAPs to dispatch a Special Weapons and Tactics (SWAT) team to the call location.
Ransomware attacks Hackers use software to block access to computer systems, then demand a ransom be paid to “free” the system. One of the more serious cyberthreats to PSAPs.
Denial-of-service (DoS) attacks Hackers gain unauthorized network access then overload the network with requests for access, making the network run extremely slowly or overwhelming it completely so it is unable to process valid requests from PSAP systems.
Unauthorized network access Attackers gain network access using stolen credentials and/or devices to compromise system availability and use computer resources.
Unauthorized data access Attackers access sensitive databases to steal, modify, or corrupt the data (data breaches).
Telephony denial-of-service (TDoS) attacks Attackers use Voice over IP (VoIP) systems to overload phone systems with bogus 911 calls, overloading PSAP phone systems to the point where they are incapable of receiving or placing calls.
Man-in-the-middle attack Attackers use the wireless link between the user device and the cell tower to steal data or monitor conversations.
Malware attacks Attackers download code (including botnets, viruses, spyware, trojans, and rootkits) to a computer for a variety of malicious purposes.
Spear-phishing attacks Attackers hijack or mimic the email or social media accounts of a trusted sender to persuade people to share confidential information.
Spoofing attacks Attackers use unauthorized devices to masquerade as an authorized device to access confidential systems and data.
Insider threats Attackers are employees or other authorized personnel who steal, corrupt or destroy data.

 

Understanding the nature of the most common threats and knowing which vulnerabilities hackers seek to exploit is crucial for PSAPs. Awareness is the first step towards making the most informed decisions about how to protect a PSAP. With the right intelligence, PSAPs can put the proper safeguards in place—along with regular maintenance, monitoring, and auditing—that can help mitigate an attack.

The safeguards

In addition to knowing the threats, there are several actions a PSAP can take to protect itself:

  • Ensure the IP-based network is secure. This is especially important for PSAPs on an ESInet.
  • Ensure that any software updates and patches are implemented in a rigorous, controlled manner.
  • Establish rules around connecting portable storage devices via USB or other ports.
  • Partner with an NG911 vendor for managed services that include ongoing protection, maintenance, and security alerts.
  • Ensure that all factory-installed protection systems are maintained and that the latest updates are tested and verified before they are installed. These should include real-time anti-virus and anti-malware detection and removal engines, phishing protection, spam guard, identity theft protection, and USB immunizer.
  • Establish standard operating procedures (SOPs) that ensure the PSAP will continue operations, if it does get hit by a cyberattack. This may include an off-site backup location that uses different servers and workstations than those at the primary site.
  • Perform regular maintenance and auditing of a secondary site to ensure it is ready to operate at all times.
  • Plan for recovery after an attack. A disaster-recovery service should include full copies or snapshots of system data and configuration details to protect the emergency-call-management infrastructure.
  • Perform periodic testing of all cybersecurity systems, as well as disaster-operations and recovery plans.

Eventually, all PSAPs will make the switch to IP-based NG911 call-answering and call-handling systems. PSAPs will upgrade to keep up with the changing demands of the public and to improve their ability to respond to emergency calls. Cybersecurity should be a part of all migration plans.

The keys to cybersecurity for PSAPs are knowing the threats, mitigating those risks by putting the proper strategies and solutions into place, and—should the worst occur—having a plan for maintaining operations and recovering data.

Gilles Ferland, vice president product management at Solacom, is a 30-year veteran in research and innovation in 911 call-handling and management solutions. Ferland can be contacted at gferland@solacom.com.

 

Tags: homepage-featured-4 Commentary Newsletters Cybersecurity Dispatch/Call-taking Incident Command/Situational Awareness Interoperability Commentary News Commentary NG-911 Policy PSAP Commentary Public Safety Public Safety Commentary Security Standards State & Local Government System Operation View From The Top Commentary

Related


  • Axon, Cradlepoint team to support Burbank police broadband applications
    Police personnel in Burbank, Calif., are using Axon video solutions and Cradlepoint broadband connectivity to provide reliable, secure access to footage depicting the situations that officers encounter, according to officials for both vendors. Vehicles used by the City of Burbank’s police department are equipped with Axon’s Fleet 2 in-car video system, Axon Body 3 body […]
  • Newscan: Biden appoints Jessica Rosenworcel as acting FCC chair
    Newscan: Biden appoints Jessica Rosenworcel as acting FCC chair
    Web Roundup Items from other news organizations Biden appoints Jessica Rosenworcel as acting FCC chair FCC C-band auction’s first phase tops charts with $80.9 billion Judge refuses to reinstate Partler’s Amazon account FBI director says more than 200 suspects identified in U.S. Capitol riots Malwarebytes said it was hacked by the same group that breached […]
  • Professor calls for 5G moratorium over health fears; Omdia begs to differ
    t’s not what mobile network operators, suppliers and go-ahead governments want to hear. An essay by Professor John William Frank, published by the Journal of Epidemiology & Community Health, calls for a moratorium on further 5G rollout. Why? He wants further investigation into the next-gen tech’s “potentially harmful biological effects from radio frequency electromagnetic field […]
  • Jetting to the stars, using containers for development
    For an organization that sends rockets into space, stagnancy isn’t an option. Jetting to the stars requires technology, agility and a penchant for change. But much like for-profit environments, the U.S. Department of Defense struggles to move at the pace of business as it travels through the galaxy. It needs software development practices and platforms […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Five 5G takeaways from Samsung's new phones
  • Biden relief plan includes $350 million for local and state government
  • Businesses struggle with cloud availability as attackers take aim
  • Public safety needs a better way to triage emergency calls

Commentary


Public safety needs a better way to triage emergency calls

13th January 2021

In challenging year, working with public safety to move FirstNet forward

30th December 2020

Communications solutions must evolve quickly to meet needs of a changing world

31st October 2020
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

RT @IWCEexpo: 📆 Mark Your Calendars: IWCE will be returning to Las Vegas this September and registration is slated to open in April 📆 Wa…

15th January 2021
UrgentComm

RT @IWCEexpo: ⚡FLASH SALE: Don't miss this exclusive offer! Passes to #IBFVirtual are now 50% off with code TWITTER50. Take advantage of th…

6th November 2020
UrgentComm

Get ready for part 2 of "Ensuring Public Safety Emergency Communications" next week! @PCTEL_inc will explore… twitter.com/i/web/status/1…

3rd November 2020
UrgentComm

Over the past few months, we’ve seen the world transform, and it's clear that cities will be affected in the long-t… twitter.com/i/web/status/1…

27th October 2020
UrgentComm

Florida state & local agencies subscribing to the Statewide Law Enforcement Radio System (SLERS) will be able to co… twitter.com/i/web/status/1…

26th October 2020
UrgentComm

Tune in to @slacorp CEO Josh Lober as he explains how the company has fully integrated its #PTT application to work… twitter.com/i/web/status/1…

26th October 2020
UrgentComm

.@SierraWireless announced the commercial availability of the AirLink MG90 platform, which they tout as the first m… twitter.com/i/web/status/1…

26th October 2020
UrgentComm

Attorneys for #Hytera and #MotorolaSolutions this week submitted final written arguments, apparently clearing a pat… twitter.com/i/web/status/1…

22nd October 2020

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X