Cyber attacks continue to threaten public safety organizations — and some believe better information sharing could help the agencies prepare against and stave off such threats.
That’s something Motorola Solutions has been hoping to tackle via an information sharing and analysis organization (ISAO) it launched last year.
The Public Safety Threat Alliance (PSTA) has now reached more than 600 members since its 2022 debut. Membership in the ISAO is free, and it aims to alert public safety organizations to pending threats and inform them on how to bolster their cyber postures.
Now, one year in, the ISAO is working to expand its international membership, grow its information sources and provide new supports, said Jay Kaine, PSTA director and director of the Cyber Fusion Center at Motorola Solutions.
HOW BAD IS THE PROBLEM?
Local public safety organizations are an ideal target for cyber extortionists, Kaine said. Their intolerance for disruption and their access to the municipal budget gives them both the funds and motive to pay up. Plus, they’re small enough that attacks are unlikely to provoke a significant federal response.
Kaine said this year has seen a rise in attacks impacting 911 centers and computer-aided dispatch.
Most attacks against public safety organizations are from profit-seeking ransomware actors, he said, although Russia’s invasion of Ukraine also prompted a swell of hacktivism. A Motorola report found pro-Russian hacktivism groups formed after the invasion drove hacktivism against public safety agencies up 179 percent in 2022 compared to 2021.
SO WHAT CAN AN ISAO DO?
The PSTA shares threat intelligence and advice from various sources. That includes insights Motorola gets from its security management platform, penetration testing and risk assessments. The PSTA also hopes to bring in other public safety and telecom companies to also contribute intelligence.
The ISAO additionally encourages — but doesn’t require — members to share information about the threats they encounter, to better forewarn peers.
“What we want to be able to do is get to a point that we've built up essentially this neighborhood watch for public safety,” Kaine said. “So that if we get an attack in a small rural county, say in Washington state — because as we know [with] the Internet, you're just an IP away from getting hit; it's a global threat — and we can help our members in the U.K. or, say, in western Australia, inoculate themselves and at least be prepared for what might be coming their way in this space.”
Some agencies still may be wary about sharing information, however, and the ISAO tries to set minds at ease about the security and privacy of details they disclose. That includes enabling anonymous information sharing through an encrypted portal and having members indicate the sensitivity level of information using the Traffic Light Protocol.
Public safety organizations range widely in cyber maturity, from more robust regional fusion centers to small rural agencies that have only one person handling IT alongside other duties.
To meet those varied needs, the PSTA provides simple cyber posture improvement tips helpful to less mature organizations, while also making available more in-depth details for organizations able to use them. The latter could include an automated STIX/TAXII feed providing real-time threat information, which the PSTA aims to introduce early next year.
Some of the other resources include quarterly webinars and daily spot reports.
Tabletop exercises are coming next year, too. PSTA looks to hold its first in Dallas in April 2024. This initial exercise will focus on walking through high-level strategies in face of an attack and will include federal and state partners.
To date, most PSTA participants are U.S.-based, and the ISAO is looking at increasing international reach. Kaine said he hopes to see the PSTA build membership in Australia, Canada, Latin America, NATO countries and the U.K.
