Global cyberattack provides a stark reminder of potential vulnerabilities, need for secure systems
FirstNet officials repeatedly have stated that they believe FirstNet has a big advantage in this area, because its nationwide network will be built with security as a priority from the outset, not just as an afterthought that is considered when the system is completed. Hopefully, this perceived advantage can be realized, because security on this much-anticipated system is paramount.
A key component will be to establish clear security expectations for the public-safety entities that subscribe to FirstNet.
Let’s consider a very basic scenario: the transport of a file from Point A (say, a 911 or fusion center) to Point B (a public-safety officer at headquarters or in the field). Now, assume that the file at Point A contains important evidence—a picture of the key suspect—but originated from a device that has been infected, probably without the knowledge of the user.
Does a “secure” FirstNet system mean the network will:
- Transport the file from Point A to Point B without being impacted while in transit—in other words, if the file is infected with a virus or malware at a Point A, it becomes a problem for Point B?
- Block the file from being delivered at all to Point B for security reasons, although Point B would be notified that Point A tried to send a file?
- Provide some sort of notification that the file from Point A may have a security issue and provide guidance for the best way to open it safely?
- Effectively “clean” the infected file while in transit from Point A to Point B, so it is not a security issue for Point B?
In various conferences and conversations with a myriad public-safety and security officials during the past few years, I have heard each of these ideas mentioned. My impression is that the “cleaning” option is not technically realistic, although it probably would be ideal for public safety. But even that option is not a “slam dunk” choice for first responders, if there is a chance that any evidence could be lost as part of the cleaning process.
Meanwhile, the other three options all have their own issues.
Simply receiving the infected file and opening it could create a long-term security issue at Point B—and eventually other networks, as viruses and malware typically try to spread. Blocking the file probably is not is not acceptable from an operational standpoint, especially during an emergency. And taking additional time to open a file in a special “safe” mode—if such an option is available—is not ideal, particularly during an emergency, when every second counts.
I don’t have a good answer, but it will be interesting to see how FirstNet and its contractor, AT&T, address the security questions. No matter what the ultimate solution is, clearly outlining the network’s capabilities to public safety is critical, so each entity can make complementary security plans on its own.
If FirstNet and AT&T are able to devise a good solution, my hunch is that the network will become extremely popular with first-responder entities and likely will be integrated into a security platform for next-generation 911. Meanwhile, the techniques employed likely will find their way into other critical-infrastructure sectors, because the reality is that none of them can really afford a major security problem—particularly one that is avoidable.