Next Generation 911 Networks Cybersecurity Network Management IT and Network Support

If you’re operating an IP-based 911 network, plan to be attacked

Mark Perkins April 24, 2018 3 min read
shutterstock_105784187-1

From coast to coast, public safety agencies are implementing Emergency Services Internet Protocol (IP) Networks (ESInets) to provide Next Generation 911 (NG911) services. Such broadband-enabled networks promise to greatly enhance emergency response, as they will enable bandwidth-intensive files, such as streaming video, to be received by NG911-capable public safety answering points (PSAPs) and then shared with first responders in the field, bringing situational awareness to new, lofty levels.

At the same time, ESInets will enable PSAPs to share data with each other seamlessly and in real time, and will enable them to serve as backups to each other in the event that one or more PSAPs in a region are rendered inoperable, inaccessible or uninhabitable due to a disaster.

More than 180 PSAP cyber attacks in the last two years

That’s the good news. The not-so-good news is that municipal communications systems, especially 911 systems, are viewed in the black-hat hacker community as a very large notch in the belt, so they increasingly are being targeted. More than 180 cyber attacks on PSAP infrastructure have been recorded in the last two years alone. A huge factor is that IP networks are far more vulnerable to cyber attack than the closed networks provided by telecommunications carriers that carried 911 calls to PSAPs for most of the last half century. (Learn more about this and how 911 network management is changing in our upcoming webinar on 4/26.)This is going to be a bigger problem in the future, and not just because of the ongoing NG911 migration; the major telecom carriers will eventually retire their legacy copper infrastructure in favor of IP-based infrastructure, which puts any PSAP connected to such infrastructure—even those that are not contemplating a transition to NG911 over the near-term—at greater risk for attack.

Numerous ways to attack 911 systems exist. Denial of service (DoS) and distributed denial of service (DDoS) attacks attempt to unleash a tsunami of fake emergency calls with the intent of crashing a 911 system. The difference between them is that DoS attacks usually involve a hacker using one computer and one internet connection, while the DDoS attacks use hundreds of thousands, sometimes millions, of devices—including personal computers, digital video recorders, routers, smartphones, Internet of Things (IoT) gadgets (e.g., sensors, thermostats), even watches—pretty much anything capable of collecting and exchanging data. What they have in common is that create a lot of havoc, sometimes over a wide swath. In November 2016, for instance, an Arizona teenager launched a DDoS attack that disrupted PSAP operations in at least 12 states.

Malware and ransomware attacks also can be devastating and are on the rise. Malware is an overarching term that covers any program—e.g., viruses, rootkits and Trojans—designed to infect and damage a computer or computer system without the user’s knowledge or consent. The attack usually is launched by exploiting a system vulnerability, though human factors also come into play, such as when someone clicks on a malicious email or web link, or inserts an unauthorized USB drive into their computer. Hackers use software specially designed to automatically probe for system vulnerabilities on a 24 x 7 basis. When one is found, an attack is launched, sometimes automatically, sometimes manually.

Ransomware is a specific type of malware. The hacker exploits a system vulnerability to launch a program that encrypts the organization’s data files, essentially locking them and rendering them unusable. Then the hacker demands a ransom to provide the key that unlocks the files.

Alleviate Your Risk: Conduct Regular Vulnerability Assessments

Given the devastating nature of malware and ransomware attacks, it always is a good idea to conduct regular system vulnerability assessments, which consist of the following components:

  • Physical security—focuses primarily on information technology (IT) assets such as server rooms, wire closets, communication rooms and public areas where network access is available.
  • Network management and monitoring—focuses on detection of anomalies that often are related to malicious events; activities include:
    • Monitoring passwords to ensure that they are strong and up to date.
    • Ensuring that all cyber security patches are current.
    • Implementing intrusion-detection sensors.
    • Monitoring port traffic to identify suspicious traffic.
    • Regularly checking firewall settings; most organizations implement firewalls and then fail to check on them; while “set it and forget it” is a fine strategy for cooking chicken on a rotisserie, it should be avoided when managing firewalls.
  • External penetration test—focuses on assessing the system for external vulnerabilities.

Such assessments require considerable cyber security expertise to execute, and, as with financial audits, independent, third party review is of high importance. We recommend that agencies consider contracting with a consulting firm that specializes in cyber security assessments. Mission Critical Partners’ cyber security team—which is part of our lifecycle management services offering—stands ready to provide such assistance.

Reach out to us today—we’re eager to help you avoid a cyber attack.

Don't forget to share this post!

Mark Perkins
Mark brings more than 20 years of expertise in mission-critical public safety network management, support and maintenance that he's gained from managing network and security operations centers, field repair teams and depot repair services. He holds multiple Information Technology Infrastructure Library (ITIL) certifications, and has managed organizations with TL9000, ISO9000 and ISO9001 certifications. His expertise spans emergency services IP networks (ESInets), LAN and WAN networks, and land mobile radio network infrastructure for state, regional and county public safety organizations.

Related posts

Next Generation 911 Networks Emergency Response Ecosystem Wireless Communications

Records Are Meant To Be Broken, Right? DDoS Attacks Are a Concern to 911

March 6, 2018
John Chiaramonte
Next Generation 911 Networks Public Safety Technology 911 and Emergency Communications Centers Fire and EMS Wireless Communications

Broadband Could Be the Key to Unlocking Federal Funds for NG911 Implementations

November 30, 2021
John Chiaramonte
Cybersecurity Network Management Fire and EMS Healthcare

Cybersecurity Threat Advisory: Ryuk Ransomware Activity Targeting the Healthcare and Public Health Sector

November 2, 2020
Mike Beagles