Preventing a devastating, OPM-like hack of FirstNet

By Patrick Flynn

Some have called the recent OPM hack the greatest compromise of our national security to date. The breach resulted in the stolen data affecting nearly 20 million government workers and their personally identifiable information, such as Social Security numbers, names, dates and places of birth. Subsequent findings revealed that hackers also got their hands on information related to background security-clearance checks and fingerprints—the  type of information that could potentially be used to blackmail individuals, if it fell into the wrong hands.

The U.S. soon will deploy a nationwide, ubiquitous mobile broadband network for public safety, the First Responder Network Authority (FirstNet). FirstNet, for all intents and purposes, will be the first high-speed, nationwide wireless broadband network dedicated solely to public safety.

Developed in conjunction with recommendations from states, public-safety communities and the 9/11 Commission, FirstNet will serve as the single, interoperable platform that will allow for transmission of emergency and daily public-safety communications. This platform will fulfill a crucial need of the public-safety community by allowing first responders and other emergency personnel to access and exchange critical information when it’s needed most, without interference from others.

While FirstNet will be an incredible boon to public safety officials, we can’t lose sight of the security part of the mission. The network is meant to serve safety and security personnel, and it should stand to reason that the network itself has to be extremely secure.  If not,  we’re opening the door to an OPM-style hack and worse, with even more devastating results and—far beyond the pilfering of personally identifiable information—potentially loss of life.

For instance, say cyber criminals were able to get into the network and intercept critical communications between first responders and federal or state law enforcement agencies—or alter the map of an escape route that had been transmitted by FEMA during a disaster? Moreover, what if a FirstNet-enabled device fell into the wrong hands? There has to be planning not only to secure the network but also to ensure identification and access management as it pertains to the network.

So what’s the solution to these potential threats? We need to build security into FirstNet from the very beginning; if we’re going to build a network for public safety, it’s imperative we make sure network and device security is the primary consideration during the design phase.

Not only will building in security at the beginning make the security better and more robust, but it could also drive down the cost. Investments in safety and security on the front end can potentially save millions of dollars on the back end. And what’s more, law enforcement and other first responders can have actionable information at their fingertips quickly, efficiently and securely.

FirstNet is poised to be a game changer in the public-safety communities, but we can’t lose sight of the importance of applying the appropriate security architecture to the overall network design.  That’s why we’re encouraged by what we’re seeing from FirstNet as it prepares to release its Cybersecurity Public Notice. This validates the organization's vision of a secure, end-to-end design, which greatly lessens the odds of an OPM-like breach.

Patrick Flynn is the director of homeland/national security programs at Intel Security.