https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Protecting NG-911 in five steps

  • Written by
  • 8th November 2012
Implementing IP can be a scary proposition — here's how to make it less so.

What is in this article?

  • Protecting NG-911 in five steps
  • The remaining steps
Photo illustration of domed protection

Protecting NG-911 in five steps

Emergency services are moving from a closed analog environment to an interconnected Internet Protocol (IP) network environment, also known as next-generation 911 (NG-911). Steps must be taken to move security to a level that protects networks, equipment and data in this new environment. The steps along the path to secure NG-911 environments — are addressed in the National Emergency Number Association (NENA) Next Generation Security (NG-SEC) standard. There are other standards that could be used, such as the National Institute of Standards and Technology (NIST) Special Publication 800-53, or the Criminal Justice Information Services (CJIS) Security Policy version 5.0; however, NENA's NG-SEC is stated in terms written specifically for the NG-911 environment.

It is important to note that the CJIS Security Policy is a mandate for systems processing criminal justice information. This is also an excellent resource to secure the remainder of your network.

Whether you ultimately choose to utilize NENA, NIST, CJIS or another security standard, typically they have commonalities that call for:

  • Planning
  • Policies
  • Training
  • Monitoring
  • Auditing

Moving from a traditional telephony Centralized Automatic Message Accounting (CAMA) environment to an Emergency Services Internet Network (ESInet) with full IP connectivity is a major change. Phone "phreaks" (analog hackers) are replaced with distributed denial-of-service attacks and techno-savvy hackers longing to gain much more than free long-distance service.

There was also a time when you knew the exact location of a caller, because it was the same as their telephone billing address. Today, we are dependent on GPS coordinates to locate a growing majority of callers. What do we need to do today to keep pace with these changes requiring IP connections? Buy new equipment and software, and hope for the best? The first is true; as for the latter, we can do more than hope — we can plan.

Let's examine the essential elements of the planning stage, which is Step 1.

Security — Decide the best means to address security in your environment. What are your requirements and mandates? Who is responsible for the overall security? You must articulate a security plan that establishes the vision and tone for securing your network. This is a formal document announcing your security framework, and further instructions exist (or will exist) in the form of policies and procedures.

Assess — Know your environment, including all call-taker workstations, servers, printers (check — yours might have an IP address), wireless access, radios, service providers, ANI/ALI databases and GIS databases. You need an inventory of everything and everybody who touches your network, whether directly or through another system. List your current policies and procedures. Determine what you already have in place.

Compliance Roadmap — Now that you know what you have, compare this to the requirements of your chosen security standard. Note the requirements that you do not have. The differences represent the gaps. Each of the missing requirements on your gap analysis needs a remediation plan. This may take the form of a compliance roadmap, which is a list of activities that will bring your network into compliance with your chosen standard. Activities addressed in a compliance roadmap often include:

A compliance plan should include a rough order-of-magnitude estimate of the costs associated with activities, as well as a timeline for completion. The timeline demonstrates the opportunity to distribute costs and the workload over five years (more or less as time and funds permit). If your IP network connectivity will be established soon, consider compressing your timeline and choosing the activities that you are able to accomplish quickly, or those that offer the most security. Mitigation strategies should be put in place to provide a viable plan to correct your remaining gaps and achieve complete security compliance.

Activities addressed in a security-compliance roadmap often include:

  • Regulatory review

    • Legislative and administrative documents
    • Request updates, if needed
  • Creation of security policies
  • Updating of procurement contracts to include security compliance for:

    • Equipment
    • Network providers
    • Service providers
  • Deployment of secure systems

    • Establish configuration management
    • Update deployed systems
  • Creation of an education and awareness program
  • Creation of a system to monitor security

    • Establish a security maintenance program
    • Establish an auditing program
1 | 2 |
The remaining steps
Tags: Data Network PSAP Cybersecurity NG-911 Public Safety Security Article

One comment

  1. Avatar jhogan 4th December 2013 @ 5:34 pm
    Reply

    Good sound advice.
    Good sound advice.

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Photo illustration of domed protection
  • Photo illustration of domed protection
  • Photo illustration of domed protection
  • Photo illustration of domed protection

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Sesame Solar leverages mobile solar, hydrogen to power efforts beyond the grid dlvr.it/ST8m3K

1st July 2022
UrgentComm

Newscan: On front lines, communications breakdowns prove costly for Ukraine dlvr.it/ST7fnC

30th June 2022
UrgentComm

China-backed APT pwns building-automation systems with ProxyLogon dlvr.it/ST6q7m

30th June 2022
UrgentComm

Samsung fills its 2G hole in new challenge to Ericsson and Nokia dlvr.it/ST6hBK

30th June 2022
UrgentComm

Militarized drone swarms coming dlvr.it/ST6dNz

30th June 2022
UrgentComm

Take American City & County’s budgeting survey dlvr.it/ST6Yxb

30th June 2022
UrgentComm

Final cases made about Airwave, ESN, before CMA issues provisional decision on Motorola Solutions dlvr.it/ST4Q6X

29th June 2022
UrgentComm

Polaris Wireless: Manlio Allegra talks 911 Z-axis tech, future IoT opportunities dlvr.it/ST1384

28th June 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X