APCO speaker outlines potential PSAP cybersecurity strategies in heightened threat environment
Recent instances of telephony denial of service (TDoS) attacks offer a glimpse of how cyber attacks could completely cripple public-safety answering points (PSAPs) in the dire moments of taking life or death calls, Jay English, director of Comm Center and 911 Services for the Association of Public-Safety Communications Officials (APCO) International, said yesterday during APCO’s Emerging Technology Forum in Atlanta.
“We’re talking about destroying a data network,” English said during the session on cybersecurity and public-safety communications. “What if they [hackers] destroyed a segment of that network, like that segment that lets your CAD system talk to anything? What if you could take a 911 call, but you couldn’t do anything with it? It scares the living you-know-what out of me.
“Networks are not secure. IP networks are a reality—whether you have next-gen 911, whether you have a transitional system, whether you have a legacy system, you’re still vulnerable.”
English, a former PSAP director and police officer, posed several scenarios to the audience of communications professionals and 911-technology industry providers that highlighted the many vectors that exist for potential cyber attacks. PSAP directors’ first step in thwarting those attacks is recognizing what those threats are, such as physical destruction of communications systems, corruption of information, removal of information, disclosure of sensitive or confidential information and—the most detrimental—interruption of communications.
English said those threats are inevitable, but PSAP directors can mitigate them by ensuring that all systems—from radio to commercial mobile alert systems (CMAS) to CAD systems—are “resilient, redundant, reliant.”
A FirstNet concept of categorizing threats as identifying trusted zones—IP traffic activity that is relatively secure—and trusted vulnerable zones—IP traffic activity with potential vulnerabilities—can help monitor and control traffic in and out of communications systems, English said.
“We have to build this into the DNA of everything we do,” he said. “The threat is real, but we can overcome it, if we’re smart and take action early, rather than late.”
