During the decade that I covered the public safety communications sector for Urgent Communications magazine, I always looked forward to the national trade shows and conferences, such as the one that the Association of Public-Safety Officials (APCO) will host in Baltimore in a couple of weeks. In fact, I and my colleague Donny Jackson spent most of our time in the educational sessions because we felt that was the best place to learn where the sector was heading. As important, those sessions are where one learns about the sector’s biggest challenges and their potential solutions.
Public safety has a very big problem with cybersecurity, which is reflected in APCO’s 16-session “Cybersecurity for Public Safety Communications” educational track. MCP’s Mark Perkins is one of the presenters for the session entitled, “Cybersecurity Challenges and Opportunities for NG911,” which is scheduled to be held August 14 from 9:00 – 10:00 a.m. Eastern.
Recently I chatted with Perkins, MCP’s director of lifecycle management services delivery operations, about the problem, which only is going to get bigger as Next Generation 911 (NG911) and wireless broadband technology proliferates. Such systems are Internet Protocol (IP)-based, and IP systems particularly are prone to cybersecurity vulnerabilities. When agencies are interconnected on a regional or statewide basis, as they are when an emergency services IP network (ESInet) is in place—such networks provide the transport backbone in an NG911 environment—the problem becomes even bigger.
According to Perkins, more than 200 attacks on public safety agencies have been reported since early 2017. In the beginning, hackers were motivated by mischief; today they are motivated by profit, which is why ransomware attacks are by far the most prevalent.
“The FBI says that they rarely see anything other than ransomware attacks these days,” Perkins says.
Ransomware is a specific type of malware that hackers use to exploit a system vulnerability and then launch a program that encrypts the organization’s data files, essentially locking them and rendering them unusable. Then the hacker demands a ransom—hence the name—to provide the key that unlocks the files.
Ransomware has become big business for the hacker community. The cybersecurity firm Bitdefender reported that about $2 billion was paid out in 2017, while another firm, Cybersecurity Ventures, predicts that worldwide, businesses will suffer a ransomware attack every 14 seconds this year.
While it might be intuitive to think that public safety agencies in very large cities—think the so-called “NFL cities”—only are being targeted because they are in position to pay the biggest ransoms, even small agencies are falling victim to ransomware attacks. For example, a suburban Chicago police department a few years ago paid a ransom worth only $500 to unlock its files. So, it stands to reason that every public safety agency, regardless of size, is a potential victim of a ransomware attack.
According to Perkins, hackers constantly are pinging public safety networks, looking for vulnerabilities to exploit. Once inside a network, they navigate laterally, on the lookout for files to encrypt. It’s only a matter of time before they find the files that will bring down a network or system should they be corrupted. While there is no way to completely prevent a cybersecurity attack, the more protections an agency has in place to keep hackers out the better. Perkins compared cybersecurity to home security.
“If you have a deadbolt on your front door and ADT, but your neighbor only has a door-knob lock, whose house is the burglar going to rob?” Perkins says. “It works the same way with cybersecurity—they will go after the easiest target, and if you’re not doing anything, you become the easiest target.”
According to Perkins, protecting networks and systems from cybersecurity attacks is a multi-step process:
- Identification/Discovery—understand the network/systems environment and perform an asset inventory
- Assess/Prioritize—understand all risk areas regarding cybersecurity within the network/systems
- Implement/Operate—understand ongoing operational requirements
- Monitor/Evaluate—monitor the environment for anomalies on an ongoing basis
- Test/Evaluate—ensure compliance on an ongoing basis
- Improve/Evolve—ensure continuous improvement
The sad truth, however, is that if hackers really want to get into a network, they will. The home invasion analogy works here as well—you can have a half dozen dead bolts on your front door, but if a burglar really wants in, he’ll simply use a pry bar to break the door jamb. Where there’s a will, there’s a way. Consequently, Perkins stresses that every public safety agency needs to develop a robust continuity of operations plan and appropriate network and system backups, stored offsite, that can be implemented dynamically if a ransomware attack occurs.“The ability to restore is just as important as protection,” Perkins says.
Note: MCP’s David Jones, senior vice president of strategic accounts, also is scheduled to present during APCO 2019, in a session entitled, “Embracing Transformation: A Path Forward for the New Emergency Communications Ecosystem.” In addition, MCP will be showcasing its new proprietary solution—the Model for Advancing Public Safety (MAPS)—that is designed to enable public safety communications officials to monitor and assess the myriad technological and operational factors that determine success or failure. Visit booth 603 to learn more.
Glenn Bischoff is MCP’s technical writer/editor. Prior to joining the firm he was editor-in-chief for Urgent Communications and Fire Chief magazines. Email him at GlennBischoff@MissionCriticalPartners.com.