Attack indicators for NG-911 networks

The Next-Generation 911 (NG-911) Initiative is a research-and-development project funded by the U.S. Department of Transportation’s Research and Innovative Technology Administration. Its goal is to define the framework for deploying IP-based emergency communications technology across the nation so that internetworking can occur between public-safety answering points (PSAPs).

Further, NG-911 expands the reach of these local networks to regional, state and federal agencies, enabling information regarding emergencies to be disseminated at multiple levels, ensuring the most appropriate and efficient response. Although commercial and public networks, such as the Internet, remain outside of the realm of traditional emergency services communications networks, they play an integral role in providing the access methods used to reach NG-911 systems.

As a result of their use, agencies will become much more exposed to malicious intrusions, which could results in data loss, system downtime, and—even worse—delayed emergency response. However, the numerous significant benefits to networking these multiple levels of emergency responders and services far outweigh the security risks that can, for the most part, be mitigated.

The intent of this article is to inform administrators and users of current 911 systems of the menace that lurks just beyond the borders of their networks. Through the use of a hypothetical scenario, several types of NG-911 calls for service are explored, as are several different types of targeted cyber-attacks. Regarding the latter, attack indicators, processes and the tools needed to identify and stymie these exploitations also are discussed.