Hackers can wreak havoc on public safety communications networks. Fortunately, there is a lot that agencies can do to increase the difficulty of hacking their networks to lessen, and even prevent, the effects of cyberattacks.
While it is next to impossible to prevent cyberattacks entirely, taking these steps will make it more difficult for hackers to execute them and will lessen their impact on public safety communications networks when they do occur.
A communications network is a lot like the human body. Both are intricate compilations of individual components capable of vital tasks by themselves but when interconnected act holistically to deliver powerful performance. For example, a Next-Generation 911 (NG911) system — consisting of an emergency services Internet Protocol (IP) network (ESInet), next-generation core services (NGCS), compliant call-handling equipment (CHE) and fiber optics — is analogous to the body’s cardiovascular system replete with the heart, lungs, kidneys and vascular system. Everything works together to deliver the needed performance. Just as the body has numerous systems that enable it to function as intended, so too does a public safety agency.
The body’s various systems and those of a public safety agency are similar in a couple of other ways as well. First, a lot can go wrong with each individual component and when it does, the results can be catastrophic for the system. Second, regular screenings often can prevent problems from occurring, and when they do occur, help to mitigate them quickly so that the damage is lessened.
This article examines what can go wrong with public safety communications networks from a cybersecurity perspective. More importantly, it offers suggestions regarding what agencies should be doing proactively to guard against the threats and to resolve them quickly should they occur.
Just as the human body is susceptible to viral and bacterial infections, computer networks are prone to cyberattacks. This is particularly true of IP-based networks, and no sector is immune, including public safety — perhaps especially public safety. The Federal Bureau of Investigation (FBI) advises that it no longer is a question of if, but rather when, any individual public safety communications network is going to be attacked.
It wasn’t always this way. In the beginning, corporations were the primary targets of hackers seeking to steal trade secrets or other vital information. When public safety agencies ended up in the crosshairs, the goal was mischief — think denial-of-service attacks — or, more simply, a way for hackers to demonstrate their prowess. In the last few years, however, things have taken a more sinister turn.
Today, ransomware is the biggest threat to the public safety community. The FBI says that ransomware has become the largest threat for public safety, and the reason is that it has become a big business for the hacker community. The cybersecurity firm Bitdefender reported that about $2 billion was paid out in 2017. Since early 2017, more than 400 cyberattacks against public safety agencies have been documented, with fewer than 50 percent of attacks being reported.
Ransomware is a specific type of malware that hackers use to exploit a system vulnerability and then launch a program that encrypts the organization’s data files, essentially locking them and rendering them unusable. Then the hacker demands a ransom — hence the name — to provide the crypto key that unlocks the files. Also, in a large percentage of cases, even after paying the ransom the crypto keys are never returned to the ransomware victim. Cybersecurity Ventures predicts that businesses worldwide will suffer a ransomware attack every 14 seconds. Public safety agencies are especially vulnerable because of the data they leverage — when this data is compromised, mission-critical systems, e.g., 911 call-handling and computer-aided dispatch — can be rendered inoperable, which would have a severely negative impact on emergency response, perhaps bringing it to a halt, at least temporarily. After some of the most notable ransomware attacks, in places such as Baltimore and Atlanta, full restoration took several months to complete. This is the ultimate nightmare scenario for a sector whose business is saving lives.
Even worse news is that the law enforcement community — including the FBI — is powerless to stop the attacks, in part because of a lack of resources but also because the hacker community is enormous, ever-growing and stretches around the globe. It also is getting better at what it does, virtually by the day. Hackers today utilize innovative techniques to worm their way past firewalls, and once inside the network they navigate laterally, sometimes for months, until they discover vulnerabilities to exploit.
Fortunately, there is a lot that public safety agencies can do on their own to increase the difficulty of hacking their networks and lessen the effects of cyberattacks, if not entirely prevent them.
Five years ago, the Federal Communications Commission (FCC) created the Task Force on Optimal PSAP Architecture (TFOPA), which was staffed by public safety professionals to build the requirements for NG911, including network and cybersecurity, for the public safety community. Its primary goal was to determine the best path forward for implementing NG911 nationwide. In the process, however, TFOPA also identified a six-step approach for protecting such networks. It’s an approach that every public safety organization should be following to protect their communications networks, NG911 or otherwise. The six steps are as follows:
All of the above is intended to keep bad actors out of a public safety agency’s communications networks. A comparison can be made to home security. Burglars always look for the easiest target, so installing multiple deadbolt locks and actually locking them — while also installing a security system — keeps one from being the easiest target. But the truth is, if the burglar really wants to gain entry, he’s going to use a pry bar and break the door jamb. It works the same way in cybersecurity — hackers typically take the path of least resistance, but if they want to penetrate a specific network, they’re going to do so — it’s just a matter of time. That’s why a critical step to supplement the TFOPA-suggested steps described above is to develop a continuity of operations plan (COOP) and a disaster recovery (DR) plan.
Key elements of a COOP/DR plan include the following:
Like the cybersecurity and network management plan, the COOP and DR plans need to be reviewed at least once a year at a minimum, quarterly if possible.
Cyberattacks are a serious threat to any public safety communications network, a threat that grows by the day. Steps based on industry standards and best practices — such as those suggested by TFOPA and others, such as the Association of Public-Safety Communications Officials (APCO), National Emergency Number Association (NENA), National Institute of Standards and Technology (NIST) and the Information Technology Infrastructure Library (ITIL) — need to be taken to make it as difficult as possible for hackers to penetrate and then navigate through the network.
In addition, plans must be developed to restore operations quickly and effectively, because a very real possibility exists that an attack will occur even if strong network management and cybersecurity plans are in place.
All of this activity depends on a culture shift within the agency such that all personnel, from top to bottom, are cyberaware and capable of executing on the various policies and procedures that are implemented to establish a strong cybersecurity posture.
Mission Critical Partners is a professional services and network and IT support firm that helps clients enhance and evolve their public safety systems and operations through extensive experience, knowledge and resources. By providing insight and support every step of the way, we help our clients to transform their mission-critical operations, maximize the value of their investments, and ensure optimal performance and success. For more information, visit MissionCriticalPartners.com
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.
This content is made possible by our sponsors; it is not written by and does not necessarily reflect the views of e.Republic’s editorial staff.