Cybersecurity Threat Advisory: Microsoft Patch Tuesday – May 2021

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory overview

Microsoft’s Patch Tuesday release for May 2021 includes a Windows update that will remediate a multitude of vulnerabilities. The update will patch 55 vulnerabilities; one is critical, 50 are important, and one is moderate. It also includes patches for three zero-day vulnerabilities that are identified below. MCP recommends updating all Windows machines to apply these patches and remediate the vulnerabilities.

On the Road Again with MCP's New President and CEO, Darrin Reilly

Now that the Centers for Disease Control have determined that it is safe to travel for those who have received the COVID-19 vaccine, that’s just what Darrin Reilly, MCP’s president and CEO, has been doing, visiting clients from coast to coast. Recently, MCP Insights chatted with him to discover what he has learned during his travels.

Operational Change Management Depends Largely on Organizational Culture

by Michele Frankovich and Elizabeth Lenz 

The ancient philosopher Heraclitus stated that change is the only constant in life. But that isn’t quite right. Another constant is that people generally are reticent to change and will do almost anything to avoid it. That’s because change represents the unknown, which is scary.

Nevertheless, change presents opportunities. Change is how people and organizations evolve. And evolution is necessary—if people and organizations do not adapt to changing conditions, they sooner or later will encounter difficulties. For instance, people need to learn new skillsets if they want to remain competitive in the job market. Similarly, organizations need to react to changing market conditions if they want to continue serving their customers, whose needs and wants continually evolve—or in the case of government entities, their constituents.

Whitepaper Explores Three Approaches to ESInet Provisioning

The promise of Next Generation 911 (NG911) systems is undeniable. The broadband capabilities of NG911 systems enable data to reach emergency communications centers (ECCs)—traditionally known as public safety answering points (PSAPs)—for the first time, because legacy 911 systems traditionally have been voice-centric, with very modest data capabilities. Moreover, NG911 systems will allow for the transmission of high-bandwidth files, such as video and building floorplans.

Cybersecurity Threat Advisory: Leaked Windows RDP Credentials

Posted by Mike Beagles

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory overview

Hacker group UAS recently had 1.3 million Remote Desktop Protocol (RDP) credentials, i.e., usernames and passwords, for Windows servers leaked by security researchers. The compromised credentials could allow a cyberattacker to log into a compromised RDP server. It is imperative to apply best security practices when handling Windows RDP servers, to prevent cyberattackers from accessing confidential information and granting more insight into a network. Such practices include a strong password policy and ensuring that RDP in not open to the internet.

’Once-in-a-Career’ Chance for Federal Funding Exists for Public Safety

The cost of standing up an emergency services Internet Protocol network (ESInet)—which provides the transport architecture that enables emergency calls to be delivered to Next Generation 911 (NG911) emergency communications centers (ECCs), traditionally known as public safety answering points (PSAPs)—is significant. Consequently, the news out of the nation’s capital of late has been encouraging concerning federal funding that might become available to the public safety community for such implementations and much more.

MCP Launches Video Chats to Keep Clients Current on Cybersecurity Threats

Cybersecurity threats and issues are increasing and evolving continuously, seemingly at warp speed. It is difficult to keep up with it all—but it is imperative that every organization does everything possible to protect its networks, systems and devices from cyberattacks. This is especially true of organizations that provide mission-critical, life-saving services, e.g., law enforcement agencies, fire/rescue departments, emergency medical services agencies and emergency communications centers, aka 911 centers.

Cybersecurity Threat Advisory: FortiOS Vulnerabilities

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

EMS Technology is Evolving to Ease, and Eventually End, Billing Woes

A previous post touched upon the difficulties that emergency medical service (EMS) agencies experience when trying to bill and then collect payment for the services that they provide. Those difficulties are considerable and have plagued the sector for as long as EMS has existed. Hundreds of millions of dollars go uncollected across the sector each year. For instance, an EMS study for one of MCP's clients wrote off $7 million last year because of an inability to bill for EMS services. That’s a big number.

Many EMS agencies across the United States are in similar circumstances. This makes it much more difficult for agencies to maintain their service-delivery models, pay salaries and benefits, ensure that existing equipment is operational, and upgrade or replace equipment that has reached or is approaching end of life.

Celebrating Women’s History Month with 911 Pioneer Anita Pitt

March is designated as Women’s History Month. Coincidentally, on April 3, the Brazos Valley Council of Governments (BVCOG) celebrates its 30^th anniversary. So, we thought it would be more than appropriate to chat with MCP client Anita Pitt, BVCOG’s 911 program director, who has been at the helm every step of the way and is considered one of the public-safety sector’s leading innovators. From humble beginnings, BVCOG’s 911 program today supports seven emergency communications centers in southeast Texas that serve a population of about 125,000.

Exploring the Basics of Crisis Communications for Public Safety

A constant in the public safety community is that agencies, no matter where they are located, inevitably will encounter a crisis that will affect, or even disrupt, their operations. Hurricanes, wildfires, tornadoes, hazardous materials spills, cyberattacks, network outages and system failures—even a pandemic every century or so—can wreak havoc on an agency’s mission-critical operations. Consequently, it is imperative that every public safety agency has a crisis preparedness plan. This is particularly true of emergency communications centers that field 911 calls from the public and then dispatch the appropriate emergency response.

Planning for the Unthinkable Is Good Thinking

More and more public-safety agencies are beginning to understand the importance of continuity-of-operations (COOP) planning, which includes disaster recovery—this element focuses specifically on the agency’s information technology (IT) assets—and crisis communications, both to internal and external stakeholders.

When developing COOP plans, agencies tend to think solely about events that are likely to occur that could have a profound effect on their operations. These typically include weather events such as hurricanes, floods and tornados. Also on the list are natural disasters, such as wildfires and earthquakes, and human-induced catastrophes like hazardous-material spills and, increasingly, cyberattacks.