April is 9-1-1 Education Month. Throughout the month this blog series will highlight different aspects of the emergency response process, including what happens when you text or call 9-1-1, and will pay tribute to the men and women behind the phones. This April, take some time to learn something new about America’s emergency response system.
In February, the Department of Homeland Security warned that cyber attacks against law enforcement, fire departments and other emergency services have gone from being rare to commonplace and are likely to become more frequent over time. As I reflect on the 13 years I’ve worked at the Mason-Oceana 9-1-1, I remember that in the early days, there were almost no connections from our facility to the outside. Fast forward to today, our 9-1-1 center has become a central communications hub. It is interconnected to scores of agencies, servers with vital information, as well as computers and devices being used in the field.
Protecting our front line
With April being National 9-1-1 Education Month, there’s no better time to discuss the topic of cybersecurity. Public Safety Answering Points (PSAPs) and 9-1-1 centers are just as vulnerable to cyber intrusion as any other business or government entity. A 2015 study by the Aspen Institute noted that 48% of CIOs and CSOs responsible for critical infrastructure believe that a cyber attack may result in a potential loss of life. The nation’s 9-1-1 centers are part of the emergency services sector of our critical infrastructure. Having a standard firewall is no longer adequate to address the vulnerabilities that exist. America’s 5,899 primary and secondary PSAPs who answer an estimated 240 million calls/year cannot afford a cyber intrusion when lives are literally on the line.
Becoming cyber resilient
With the evolving cyber threats, it’s critical that government officials, security experts and those responsible for keeping the nation’s PSAPs operational understand their risk posture and readiness to address a cyber attack. I fall into this category. Last fall, I worked with Motorola’s cybersecurity services professionals to conduct a risk assessment for the Mason-Oceana 9-1-1 Center. The comprehensive evaluation gave us a baseline of where we stood and provided a roadmap to becoming cyber resilient. Some of the findings were straightforward; others were eye-opening; and some will require more due diligence to implement:
- Harden and patch the system. In addition to making sure that security updates are installed, also make sure the firewall is configured properly.
- Check your intrusion-detection system. If you don’t have one, install one.
- Protect against unauthorized WiFi interface activation.
- Constantly monitor networks for unauthorized assets, in addition to unusual network traffic.
- Understand the physical security elements of your facility. Controlling and limiting movement in and out of your facility, especially where servers and network components are placed, is just as important.
- Establish process and policies to control network access.
- Educate the entire team on governance and the importance of following all security policies.
The above were just highlights from the assessment. When calls come in, one of the first things we do at our 9-1-1 center is assess the situation. Just as we do with a 9-1-1 call, we need to first assess our cybersecurity situation to lay the ground for a comprehensive strategy.
A security services organization is best-positioned to help you understand what the threats are and the baseline for improvements needed, as well as help you set priorities and track progress. Their experts keep on top of the latest standards and best practices. Such an assessment will provide a prioritized roadmap for your cybersecurity efforts and also help your team identify unknown security-risk items. In the world of public safety, we remind citizens that they have an important role to play. Let’s not forget our own role in keeping our PSAPs secure – cybersecurity is now an important component of this responsibility.