The average number of breached data records, including credentials, per U.S.-based company, is an astounding number—28,500.
The cybersecurity problem that public safety agencies have is very big and it’s not going away—if anything, it’s only going to expand as time passes. That was the consensus of a panel convened for MCP’s inaugural Conference for Advancing Public Safety, which was presented last month.
“The threat’s there—something is going to happen, and we need to be prepared for it,” said Thomas Stutzman, director, Indiana County (Pennsylvania) Emergency Management Agency.
As part of our ongoing effort to keep our clients informed about the latest cybersecurity threats, we issue advisories whenever new threats are detected. If you would like to receive such advisories in the future, update your preferences here.
A previous post examined some of the key technology factors that should be considered as the public safety community mulls how to evolve its communications capabilities going forward. This post explores operations, governance and funding considerations.
Profound challenges often spur great progress. The COVID-19 pandemic is no exception. Not only is the public safety community staring an enormous challenge in the face, but also is looking at a tremendous opportunity to move the community forward.
Traditionally, public safety has been slow to adopt new technologies and embrace new strategies. However, the pandemic has forced agencies to do things they likely would not have contemplated before. The collection of new concepts not only will enable public safety to handle the pandemics and mega-disasters of the future, but also will enhance day-to-day operations personnel performance. Public safety is up to the challenge, as long as officials can get comfortable with being uncomfortable for a while.
In a recent post, I touched upon some of the novel ways that the public safety community has responded to the COVID-19 pandemic. In this post I’ll explore some of the most important lessons that have been learned.
First and foremost, all public safety agencies need continuity-of-operations (COOP) and disaster-recovery (DR) plans. We have roughly 150 subject-matter experts, and as they travel the country supporting clients, they often discover the complete lack of such plans and/or they come to realize that they haven’t been updated for quite some time. This always amazes me. Every agency should have such plans. As Benjamin Franklin said, “by failing to prepare, you are preparing to fail.” While the pandemic has brought this need into sharp focus, there are many events—tornados, floods, earthquakes, wildfires, hurricanes, hazmat incidents—that could render an emergency communications center inoperable, inaccessible or uninhabitable.
As states begin to reopen and communities slowly return to normalcy, organizations, including mission-critical agencies, must evaluate their responses to the COVID-19 public-health crisis and leverage their experiences to prepare for future crises. Conducting an incident-response review, also called a hot wash, enables agencies to identify areas in which they performed well, as well as where their responses could use improvement. When conducted as part of an agency’s after-action reporting activities, this review can help build a better incident-response plan moving forward.
MCP’s NetInform solution leverages a variety of tools that enable our subject-matter experts to assess our clients’ communications network security postures. That assessment includes looking for vulnerabilities that could allow a bad actor to gain access to the network and then navigate through it, seeking opportunities to perform cyberattacks. Typically, a lot of vulnerabilities exist, and they’re not always easy to see. It can be something as simple as a network port being left open by a service technician after the work is done, or a former employee’s account is still active long after they left. This is problematic because numerous, easy-to-use scanning programs are readily available to hackers that enable them to probe an organization’s network to discover every open port, i.e., breach point, and attempt access.
Geographic information system (GIS) data is a foundational component in the migration to, and continuing operation of, Next Generation 911 (NG911) systems.
But developing local GIS data so that it aligns with NG911 standards is a laborious and time-consuming process that can take months or years to complete.
Despite this, MCP’s Robert Horne, one of the firm’s GIS gurus, cautions in a recent whitepaper against taking shortcuts in developing GIS data for use in a NG911 environment. Spe cifically, Robert writes that public safety agencies should avoid using the U.S. Census Bureau’s open-source Topologically Integrated Geographic Encoding and Referencing (TIGER) data for 911 call-routing purposes. TIGER data is available free of charge, but does not meet basic public safety requirements, nor the established NG911 standards, Robert writes. This is due to incomplete data attribution, poor spatial accuracy, incomplete coverage of the PSAP’s jurisdictional footprint, inaccurate street names and address ranges, and a lagging data update schedule. local GIS data so that it aligns with NG911 standards is a laborious and time-c onsuming process that can take months or years to complete.
Emergency communications centers need a lot of gear. They need wireless communications systems to communicate with first responders in the field. They need call-handling systems to process 911 calls. They need computer-aided dispatch systems, as well as mapping and automatic vehicle location applications, to dispatch the appropriate emergency response. And those are just the backbone systems. The ECC technology ecosystem that enables effective emergency response is quite expansive.
As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their mission-critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
This week, there is a new critical alert that requires the mission-critical community’s immediate attention.
Advisory Summary
Hacking groups still are exploiting the COVID-19 pandemic as an opportunity to perform cyberattacks. The United States’ Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert regarding the threats. To combat these threats, their recommendations are focused on user training and good cyber hygiene. A comprehensive list of recommendations to mitigate the risk can be found on the CISA website.
A couple of weeks ago, MCP’s Richard Gaston posted about why it is critically important for every public-safety agency, regardless of size and resources, to have continuity-of-operations plans (COOP) and disaster-recovery (DR) plans in place. This post addresses an element that is lacking in many such plans, a gap that the COVID-19 pandemic has brought into sharp focus—geographic information system (GIS) data maintenance.
For decades, location of 911 callers was determined solely by querying the master street address guide (MSAG) and automatic location identification (ALI) tabular databases. About a quarter century ago, GIS-generated data entered the picture—quite literally—as computer-aided dispatch (GIS) system mapping applications began to leverage it to depict 911-caller locations on the map display on telecommunicators’ screens. In the Next Generation 911 (NG911) environment, GIS data will play an even bigger role, because geospatial data will replace MSAG and ALI data as the primary means of locating 911 callers.
How can we support your mission? From design and procurement to building and management, our national team of experts is here to help…because the mission matters.
A: 690 Grays Woods Blvd., Port Matilda, PA 16870
P: 888.862.7911
