As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

Government and private-sector organizations continue to release updates concerning a variety of topics related to the SolarWinds Orion compromise. In December, SolarWinds Orion, a prominent information technology (IT) monitoring and management solution, was compromised via a backdoor exploit by a sophisticated state-sponsored cyberattacker. The application was discovered to be communicating with unknown third-party servers through traffic deliberately designed to mimic normal activity. This compromise was highly sophisticated and affects many public and private organizations across the world.

In this article, we have provided information regarding several important SolarWinds-related developments.

More than ever, broadband communications networks are essential to the public safety and justice communities. Such networks easily transmit highly bandwidth-intensive files, e.g., video and building floor plans, that would choke a narrowband network. Such files enhance situational awareness for incident commanders and other officials—as well as emergency responders and jail/prison officers—by orders of magnitude, which in turn helps them do their jobs better.

But there’s a flip side to broadband communications networks of which the public safety community needs to take seriously. Such networks typically are owned and operated by commercial entities, and because of this public safety agencies that contract for broadband services typically do not receive the performance guarantees and—even more importantly—the visibility into these networks that they’re used to receiving from the networks that they own and operate, for example, their land mobile radio (LMR) systems.

Consequently, public safety agencies should proceed carefully when they consider whether to contract with any commercial entity for broadband services.

A recent blog examined the need for public safety and justice agencies to integrate data into their daily operations. This integration has two distinct but interrelated elements—data gathering/exchange and data leveraging. Data needs to be captured effectively and efficiently, and then flow seamlessly between agencies, departments and their field personnel, and between disparate networks and systems. The data needs to be actionable so that it can inform the decision-making process and be made available to any authorized user whenever they need it.

The year 2020 was fraught with challenges, most notably those generated by the COVID-19 pandemic. Public safety and justice agencies from coast to coast were forced to implement, virtually overnight, new operational strategies that became necessary because employees were unable to work in their brick-and-mortar facilities, either due to illness or various shelter-in-place orders. In some cases, agencies had to rapidly execute protective measures for those employees who could arrive at work, driven by social-distancing mandates.

Last week a serious cybersecurity breach concerning SolarWinds’ Orion network- and remote-monitoring platform was revealed. Orion has been implemented by a great many organizations, including the White House, the Pentagon, the U.S Department of energy and many other government agencies and technology companies. 

This cyberattack was particularly clever, in that the perpetrators designed the malware to look like Orion software files with a signed certificate. When the user deployed what he or she thought was a legitimate update, the malware was distributed. The traffic looked exactly like Orion traffic, so there were no red flags; consequently, it was easy to overlook the breach, which is why it was so widely distributed. Learn more about how this breach can impact public safety agencies by registering for MCP's cyber briefing today at 1 p.m. Eastern.