FirstNet sets bar high for cybersecurity while pursuing ambitious timeline
In public safety, security is paramount in all environments, whether the subject is a person, a venue, a government jurisdiction or internal communications. Safety is the mission, and ensuring that none of these environments are compromised are key objectives to achieving the mission.
With this in mind, it goes without saying that FirstNet’s proposed nationwide broadband network for public safety needs to be secure, because it will become a prime target for hackers the minute it becomes operational. After all, the FirstNet system is being established to transmit highly sensitive, very personal information about individuals and entities that—innocently or not—are involved in the kind of unwanted incidents that necessitate first responders.
In fact, the security of the network is akin to table stakes in a poker game. FirstNet will not be welcomed in the public-safety game, if its network is not deemed secure by its user base.
Unfortunately for FirstNet, providing cybersecurity is much more difficult than providing some cash and throwing chips in the middle of the table. High-profile data breaches are reported regularly, and who knows how many more are not publicized because the victimized entity does not want to share the information or because it does not know—after all, speakers at last month’s APCO conference noted that hackers typically infiltrate an IT system for hundreds of days before being noticed.
That’s why it was great to hear FirstNet Chairwoman Sue Swenson and other board members prioritize cybersecurity when recommending approval of the upcoming budget. Similarly, FirstNet President TJ Kennedy addressed the importance of cybersecurity for FirstNet, with one very important caveat: security efforts cannot disrupt first responders’ efforts to achieve their core missions, whether it is to enforce the law, put out a fire, treat a patient or execute other critical tasks.
“We need to make sure that we think about human factors in the public-safety environment and making sure that cybersecurity is very, very usable,” Kennedy said. “In my days as a state trooper, I can’t imagine being in a highway-patrol Mustang and trying to worry about 12-digit, upper-case/lower-case, special-character password.”
Of course, Kennedy is right, but the implications underline just what a daunting task that Glenn Zimmerman—the FirstNet senior security architect—faces as FirstNet prepares to release its final request for proposal (RFP) within four months. Not only does the FirstNet system need to be rock-solid secure, it has to do this in a manner that allows authentication and security procedures to be done quickly and easily, because every second counts in an emergency-response effort.
Given the fact that entities—both in government and in the private sector—that have much greater resources than FirstNet and personnel that have plenty of time to enter security codes have been victimized infamously by hackers, ensuring cybersecurity is a very steep hill to climb.
Making the task more difficult is the timeline. FirstNet officials repeatedly have reiterated that the organization will issue its final RFP by the end of the year, and last week’s Industry Day event included multiple statements that they are on schedule to meet this goal.