911 dispatch centers can take multiple steps to combat cyberattacks
There are more than 6,000 dispatch points throughout the United States, and this vital emergency service is now under constant threat, because hackers are infiltrating dispatch centers and rerouting calls away from dispatchers.
Malware and spear-phishing attacks impact emergency service dispatch centers without warning. There’s no siren going off to alert a dispatcher about a problem at their workstation, so it might seem impossible to fight back.
But 911 dispatch centers can manage these threats by developing and adhering to smart cybersecurity procedures. They need to adopt protective measures, and leverage industry resources, to address their needs. Municipalities that take these issues seriously can protect their IT infrastructure and ensure that they continue to address public-safety needs every minute of every day.
Anatomy of a Hack
Picture this: Accidental 911 calls flood emergency centers across America after a hacker sends a spam link to thousands of mobile phones. If anyone clicks the link, their device starts dialing 911 repeatedly. So many calls are received that emergency dispatchers can’t tell which ones are legitimate, and the onslaught makes it impossible to answer every call.
This example isn’t the plot of the latest Hollywood thriller—it happened in October 2016. More recently, cities in Maryland and Texas fell victim to similar hacks. More than 40 cyberattacks have targeted 911 call centers in the last three years.
Hackers send fake password-reset requests that, if opened, grant access to entire emergency-response systems. They can also take advantage of bring-your-own-device (BYOD) policies that are sometimes lax. A personal cell phone, laptop, or thumb drive that isn’t adequately protected can infect an entire network, if hackers gain access.
As such, 911 dispatch supervisors and other public safety executives need to change their approach to security. The days of the “walled garden” where access to content is controlled in a closed environment are long gone. Today, multiple departments share access to information to enable better collaboration and improve response times. It’s essential to watch for threats and quickly stop any attackers who breach defenses.
Thankfully, emergency-response organizations don’t have to fight these battles on their own. They can use tech tools to patch systems, assess risks, and train their staff to turn the tables on hackers.
Head to the Cloud—and Beyond
Many 911 call centers have limited resources, so they must perform their own IT maintenance. The problem is that many of these offices work with vulnerable legacy software housed on outdated servers. Fortunately, emergency departments can resolve these issues without adding new on-premise equipment.
Cloud-based solutions can securely store the applications and data needed for dispatch centers and multiple emergency response departments. Experienced cloud providers adhere to the FBI’s Criminal Justice Information Services Division (CJIS) compliance standards to ensure the best security measures are in place. Besides enabling better collaboration between municipal departments, cloud-based solutions offer automated maintenance updates. Automation dramatically alleviates a lot of the IT workload. Cloud-based solutions also offer pay-as-you-go models that eliminate costly hardware purchases and reduces total cost of ownership.
However, regardless of the deployment option an agency chooses, employees should defend their workplaces and learn to recognize online attacks.
A Culture of Security
Each 911 dispatch center needs a clearly defined cybersecurity policy that involves regular risk assessments. Leading industry groups like the National Emergency Number Association (NENA) and the Association of Public Safety Communications Officials (APCO) can provide valuable resources, training, and assistance.
Dispatch managers can also adapt general frameworks from the International Organization for Standardization (ISO) to fit their 911 call-center demands. Given the fact that each municipality operates differently, emergency departments should also contract a security firm to audit the agency’s systems and make recommendations.
Once all cybersecurity policies and procedures are in place, employees need regular training to put them into practice to keep threats at bay. All 911 dispatchers need to learn how to recognize and stop cyber threats. They also should collaborate to stay informed and keep everyone on the offensive. Team leaders need to reinforce these ideas regularly and evolve rules to fit the ever-changing digital world. They should focus on prevention and ensure the IT infrastructure protects the entire supply chain.
Hacks and data breaches have become a fact of life, but 911 call centers can’t afford to lose service for even a second. Dispatch-center managers need to secure assets using cloud-based tools and automation while training staff on how to recognize cyberattacks. Emergency responders who safeguard online resources can focus on their life-saving work without worrying about cyber threats.
Dan Retzer is senior vice president of global product development for Hexagon Safety & Infrastructure.