Cybersecurity detection centers, extensive training recommended by NG911 working group

Establishing cybersecurity intrusion, detection and prevention systems—tentatively called Emergency Communications Cybersecurity Centers (EC3’s)—across the country and better educating teams at public-safety answering points (PSAPs)  are key pieces of the best approach to combat current and future cyber attacks on 911 data networks, a member of FCC’s Task Force on Optimal PSAP Architecture (TFOPA) said last week.

Last week, the task force’s cybersecurity working group presented its final report to the full committee, which is charged with recommending methods for funding, architecture and cybersecurity as PSAPs navigate through migration to next-generation 911 NG911. TFOPA members procedurally approved the working group’s report, and all three working groups will combine their reports for a final vote in January.

In developing approaches to better secure public-safety data networks, the working group discovered that education and outreach would be the initial step towards better cybersecurity strategy, said Jay English, chairman of the working group and director of Communications Center and 911 Services for the Association of Public-Safety Communications Officials (APCO). When PSAP directors were asked about their cybersecurity strategy, many did not have one, he said.

“A majority would refer you to their IT folks—that is, if they have IT folks—or the rest would say ‘We’re doing the best we can” and others would say, ‘We have no Internet access, because right now there is not a thorough, in-depth understanding of the practice or the frameworks,’” English said during the meeting, which was webcast. “That is simply because PSAPs are busy doing what they do every day, [so] this has not needed to be something on their radar.

“As we transition into a new environment that is all IP-based, it most certainly changes how we have to approach cybersecurity in defending our enterprises.”

A primary part of that change is improving PSAPs’ “enterprise-level” access control, which is a combination of physical and logical security like continuity, disaster plans and network-entry access points, English said. Policies and best practices for identifying and correcting risk factors have been established at the federal level by such entities as Department of Homeland Security (DHS), National Institute of Standards and Technology (NIST) Cybersecurity Framework and Identity, Credentialing and Access Management (ICAM) for First Responders. Those federal cybersecurity guides outline best practices such as more stringent credentialing and passwords on CAD and 911 systems.

“It is not an attempt to say down to state and local [PSAPs], ‘Though shalt follow these policies,” English said. “It is simply an exhibit of existing, logical, sensible, working frameworks that public safety can use to make informed decisions as they move forward on their own independent cybersecurity plans.”

Some of that framework includes a roadmap created by the National Initiative for Cybersecurity Education (NICE), which provides guidance on training and skills-matching of current PSAP staff to cybersecurity duties.

Beyond training and improving the access control systems, the EC3’s were pinpointed by the cybersecurity working group as a shared, enterprise approach to combatting the cyber threats facing PSAPs across the country.

“The criminals are faster, more agile, and—in some cases—better than we are, but that does not have to be the case…We have to be able to anticipate the next move and be able to block it [or] at least immediately intersect it and take action,” English said. “To that end, the working group is proposing the new element known as the Emergency Communications Cybersecurity Center.  It is an integrated intrusion, detection and prevention system.”