A couple of weeks ago, MCP’s Richard Gaston posted about why it is critically important for every public-safety agency, regardless of size and resources, to have continuity-of-operations plans (COOP) and disaster-recovery (DR) plans in place. This post addresses an element that is lacking in many such plans, a gap that the COVID-19 pandemic has brought into sharp focus—geographic information system (GIS) data maintenance.

For decades, location of 911 callers was determined solely by querying the master street address guide (MSAG) and automatic location identification (ALI) tabular databases. About a quarter century ago, GIS-generated data entered the picture—quite literally—as computer-aided dispatch (GIS) system mapping applications began to leverage it to depict 911-caller locations on the map display on telecommunicators’ screens. In the Next Generation 911 (NG911) environment, GIS data will play an even bigger role, because geospatial data will replace MSAG and ALI data as the primary means of locating 911 callers.

COVID-19, aka the coronavirus, pandemic is grabbing a lot of attention right now, partly because we don’t see global pandemics in the United States very often, certainly not one of this gravity. But we do see other significant events on a fairly regular basis— e.g., wildfires, floods, hurricanes, tornadoes, earthquakes, hazardous materials spills, network outages—that can disrupt or halt public safety operations.

October 31 signified the end of National Cybersecurity Awareness Month, a topic of which the government sector has become more than just aware. Meanwhile, November 1 marked the start of Critical Infrastructure Security and Resilience Month—an initiative being led by the Federal Emergency Management Association (FEMA). The call to action is for public agencies to encourage resilience through preparedness and exercises, and to promote smart, secure investment in resilient and national infrastructure.

The emergency communications industry is a growing target for cyber security attacks and the threat is only just beginning. Public safety communications infrastructure is becoming more IP-based, and as a result, it's vulnerability to cyber threats is on the rise. There are more than 6,000 PSAPs located across the country, and 80 percent of them are small, making them unlikely to have inadequate cyber security defense programs. This is just one factor, among many, that makes 911 systems an attractive target for cyber-attacks.

Several major cyber security incidents have plagued the industry in the recent months, including

• An October 2016 attack where a teenager accidently impacted 911 centers around the country with a Twitter post containing a link that once clicked on, hijacked your iPhone and dialed 911 repeatedly. The post was clicked more than 117,000 times.

• Ransomware that affected 300 PCs and 40 servers with sensitive data plagued Madison County, who paid an astounding $21,000 in ransom (later covered by cyber insurance). The cost in
  man-hours to restore data is unknown and irretrievable.

These are just two examples that demonstrate that cyber threats are growing in complexity and sophistication, and could continue to increase in severity as PSAPs become more interconnected, both regionally and at the statewide level.

So what cyber threats exist and what steps can you take  to prepare your psap?

Understanding the types of cyber threats that exist today, PSAP and IT Managers can better protect the data and assets within their 911 centers that could be targets.