IWCE 2022: Public-safety digital security and the threat of cyberattacks

A few decades ago, government security managers were tasked with overseeing physical features like fencing, CCTV cameras, doors and locks. Today, security stretches far beyond brick and mortar infrastructure—into the digital realm. With the meteoric rise in ransomware and cybercriminals for hire in recent years, threats are omnipresent online. Many American dispatch centers and public safety organizations aren’t prepared, according to experts on the subject speaking at last week’s 2022 International Wireless Communications Expo (IWCE) in Las Vegas. 

“Public safety is one of the most under-protected infrastructures in all of North America. We all protect our phones more than we protect 9-1-1, and it should not be that way,” said Paul Hill, a cybersecurity expert from Motorola speaking on a panel about the subject moderated by Dick Tenny, of the Cybersecurity and Infrastructure Security Agency. 

Hill was speaking alongside Lindsey Cerkovnik, vulnerability disclosure lead at CISA’s Industrial Control Systems and Chief John Harch, of the New York Police Department’s intelligence bureau, in a session titled “Ransomware and public safety comms: A municipal perspective.” 

In New York City, Harch described his organization’s journey to its current comprehensive approach to digitization and cybersecurity, citing a decision in 2014 to distribute a cellphone “to every uniformed police officer. The point of that was to give them access” to cameras, 911 scripts and prior reports tied to a specific address. 

“On my work phone, I can pull up any camera in the city. I can pull up license plate reads from anywhere in the city,” Harch said, highlighting just how far the department has come. Amid the push toward smarter policing, in 2017, he cited a cyberattack in Atlanta that “virtually shut them down. … Cops are writing everything by hand,” he said. 

This prompted his department to take a serious look at their cyber-defense measures and respond accordingly. 

“We started to look at what we did, as an agency. We were fortunate in that we had looked at this from a criminal perspective for a long time,” he said. Department-wide, there was an understanding that cyberthreats weren’t just a digital problem. “This, for New York City, is a public safety issue. That was our real focus. In New York City there are 25,000 911 calls a day. If my 911 system goes down, there’s real public harm.” 

Citing the Colonial Pipeline Cyberattack, Harch said his organization has seen a “significant step up in danger levels” over the last few years. To meet those threats head-on, New York City created the NYC Cyber Critical Services and Infrastructure (CCSI) Project, an office that facilitates networking between public and private organizations, alerting them to possible security threats. Participating organizations include energy operators, water facilities, hospitals, public safety, airlines, banks and technology companies. 

To read the complete article, visit American City & County.