General Dynamics - Pathfinder Ad

9-1-1 Magazine: Managing Emergency Communications

Priority Dispatch

Navigator 2018

9-1-1MAGAZINE.com
TOPIC SPONSORS

 

Alastar

NG9-1-1

Stratus Technologies

CAD, NG911 & Records Management

VPI

Recording Systems

Adcomm

Facilities Planning and Design

First Contact 911

Training Trends & Tactics

Willdan

Interoperability

 

Holland Co     
Mobile Command Vehicles

 

 

Feeling Insecure? Protecting the PSAP in the 21st Century

Author: Barry Furey

Copyright: Copyright 9-1-1 Magazine, Feature Content

Date: 2017-05-17
Share |

In simpler times, protecting the Public Safety Answering Point was simpler, too. Many were built in non-descript bunkers that were products of the Cold War, or were conveniently tucked away in the basement of the police station or sheriff’s office.  Common sense was most likely the best practice: keep the doors locked, don’t admit strangers - that kind of thing. As is the case with many aspects of life, as time went by, complications set in. 

Some of our societal lessons concerning security have come to us at great cost. The first World Trade Center bombing taught us to eschew underground garages. The Murrah Building illuminated the danger in building too close to the street. The sickening of employees at a 9-1-1 center on Long Island reminded us to be careful where we put our air intakes, and to provide methods of shutting them off, if need be.

Many of these brick and mortar concerns have made their way into the standards that we now live by when designing or locating our physical facilities. However, even these guidelines – such as the National Fire Protection Association’s 1221: Standard for the Installation, Maintenance, and Use of Emergency Services Communications Systems have morphed over time to recognize that true PSAP security is not something that you only can see and feel.  Each successive edition appears to shift additional focus toward securing our data as well as our doors.

Not that protecting our privacy, so to speak, is anything new. Back in the dark ages I served on the New York Statewide Police Information Network (NYSPIN) Security and Confidentiality Advisory Committee. One of our jobs was to review unauthorized attempts at accessing public safety data. These mostly consisted of cases where someone misrepresented themselves as a law enforcement officer, and called a terminal agency by telephone in order to run a license plate.  I’m sure things like this still go on, but these methods are primitive by modern standards.

Fast forward to April of 2016, when police agencies in New England found their data held hostage by ransomware. And, on a larger scale you can create a list of businesses and organizations that are household names, and which have fallen prey to cybercrime.  Last year alone, hackers breached the accounts of Wendy’s, Linked-In, Verizon, Citibank, Cici’s Pizza, Drop Box, and Yahoo, among others. They also attacked the Department of Homeland Security, the Federal Bureau of Investigation, and the Democratic National Committee. Six months after the fact there is still an open question as to the impact of improper electronic influence in our national elections.  According to the Identity Theft Resource Center, a non-profit organization that tracks these things, there were almost 1,100 data breaches last year; an increase of 40% over 2015. No wonder Bloomberg.com called 2016 a “record year” for such intrusions.

If that is not off-putting enough, the past few weeks appear to have been a free-for-all for the digital ne’er do wells. From Dallas comes the report that warning sirens were sounded by an unknown party. Given the conditions under which these devices are typically used, the potential loss of control carries with it some serious operational and psychological implications.

Fast forward to the present and read all about the worldwide impact of the “Wanna Cry” ransomware attack, which many found to be aptly named. While no communications center was directly targeted or affected to my knowledge, it did raise havoc with healthcare in the United Kingdom. Despite the lack of PSAP involvement, the National Emergency Number Association (NENA), took it upon itself to issue a bulletin to its members concerning what it called “widespread cyber attacks” that included recommendations for mitigation. In an apparently unrelated matter, the Federal Communications Commission (FCC) announced that it, too, had become a victim of malicious activities that slowed down the ability of the public to submit comments to their website. In short, May was not a very merry month for a great many people.

In the midst of all of this, I finished reading a quantity of material regarding the vulnerabilities of smart phones and various applications, and was immediately reminded of last October, when a spurious Twitter link duped folks into calling 9-1-1. It occurs to me that we have always had enough people calling 9-1-1 who didn’t need to without such help, and have been similarly blessed with bad designs that compounded the problem by creating issues like “butt dialing.” Because technology, or the accompanying problems, never sleep, we can apparently now add the Apple watch to our list of “gee putting that emergency button right where you can easily hit it accidentally sounded like a good idea” list. Then pile the malcontents on top.

The reality here is that as our need for intelligent and interconnected customer premise equipment increases, so does our exposure to viruses, Trojans, malware, spyware, adware, ransomware, and denial of service attacks. I’ve likely left a number of other nasty things off the list, but you get the point. Internally, you can reduce the danger through frequent password changes, firewalls, anti-virus programs, and limiting access to who can load software of any kind to your machines. A pro-active manager will also block inbound access to all but authorized web addresses, and subject even those to a rigorous vetting process. But past that point, it’s mostly out of our hands.

Sure, we can cooperatively seek robust networks, and petition vendors to focus on designs that minimize our risks, but in the end, a good deal of the threats that we currently face are no longer outside our door. They may not come from within in our own continent, and the fact that we have not been heavily tested until now may simply be a case of an ample supply of more visible and fiscally attractive targets. There are about 6,000 or so PSAPs in the United States, and approximately 3.6 billion Internet users worldwide, each of whom has the potential to launch or unwittingly participate in an attack, making the odds 600,000 to 1 against us. Feeling insecure yet? 

With more than 45 years’ experience in public safety, including managing large consolidated dispatch centers in four states, Barry Furey now serves as a trainer and consultant for the 9-1-1 and public safety communications community.  See www.barryfurey.com

 

Comments

Show: Newest | Oldest

Post a Comment

Log in or sign up to comment

 
9-1-1 Magazine is a Sponsor of the California Mobile Command Center Rally

Send mail to webmaster@9-1-1magazine.com with questions or comments about this portal.

© 2010-2017 9-1-1 MAGAZINE and 9-1-1MAGAZINE.com. The content of this portal is the property of 9-1-1 MAGAZINE and 9-1-1MAGAZINE.com.  We encourage government public-safety agencies to share any content with their staff, however, all others must not duplicate or modify any content without prior written consent of 9-1-1 MAGAZINE. Email publisher@9-1-1magazine.com for permissions. For more information, read the Terms of Service. Continued access of this portal and system implies consent to the above statements and those maintained on the Terms of Service.

Powered by Solata

MCM Consulting Yellow Submarine Marketing

 Team Rennick

Adcomm