When emergencies and natural disasters like wildfires, storms and terrorist attacks happen, law enforcement, fire and medical services rely on ASTRO 25 radio systems to communicate with each other. They know that when lives are at stake, they need always-on voice and data messaging, and systems they can depend on when cellular services may not be available.
Cyber attackers know the importance of these systems, too, which is why public safety agencies have been in their crosshairs in recent years. Whatever their motivations, attackers know that if they can successfully disrupt or disable communications, they can cause chaos or demand ransom payments from their victims.
To give first-responders a behind-the-scenes look at how we protect the systems they depend on so they can focus on their mission, Motorola Solutions recently presented an ASTRO 25 cybersecurity webinar, “Security from the Start: Protecting ASTRO 25 Radio Systems from Cyber Threats.” Presenters shared insights into how cyber threats are impacting public safety agencies, and how we’ve built a complete security ecosystem for our mission-critical ASTRO P25 systems to minimize the threat of cyber attacks. Here are some of the highlights.
ASTRO 25 Security Best Practices
ASTRO 25 solutions are designed for information assurance, with state-of-the-art features and services to prevent, detect and respond to external and internal risks. To ensure the reliability of applications, Motorola Solutions applies security best practices based on the National Institute of Standards and Technology (NIST) framework, the Open Web Application Security Project (OWASP) and the International Organization for Standardization (ISO) when developing software.
“The standards that we follow include NIST-853 (basic controls), OWASP (lifecycle maturity model) and ISO 27001 (services),” Security Solutions Professional Jeanine Baisi added, “and we’re always looking for improvements.”
Given the evolving nature of threats, patching is an important part of any security program. This requires customers to be diligent about making updates to minimize network vulnerabilities and ensure system availability. However, as any system administrator can tell you, patching can be a time-consuming process. Brian Roosevelt, Principal Product Engineer reviewed the advantages of the remote patching service offered by Motorola Solutions to keep customers’ systems updated and secure.
“Patching helps make your system immune to vulnerabilities and prevents those initial attacks from succeeding and gaining a foothold in the network,” advised Roosevelt. “It’s absolutely critical that everyone is patching — it’s never been more important than it is right now.”
Patching is only the start of the steps agencies can take to prepare for a security incident. Roosevelt reviewed several different types of advisory services from Motorola Solutions that can help your agency determine if the right security controls are in place and functioning properly.
Managed Security Services for ASTRO Systems
A relatively new security offering for ASTRO systems is managed detection and response, or MDR, which offers advanced capabilities to analyze and process security information at scale to find and respond to threats. The ActiveEye platform that powers our MDR services automatically reviews billions of security events daily to determine which are real and eliminate false positives so that critical events can be escalated quickly to our Security Operations Center (SOC) analysts for further investigation and risk mitigation.
“You need a method to be able to elevate the important information to the human [analysts] so they can do what they do best and perform analysis and investigations of that data,” Roosevelt noted. He then outlined how the ActiveEye platform can be used to protect not only the ASTRO system but also the agency’s entire network environment, including endpoint devices and cloud applications.
For agencies looking for an additional level of understanding of the threats to their system and recommendations for how to remediate them, Roosevelt explained that the new Advanced Threat Insights service provides concierge-style support.
Key Management and Encryption for ASTRO Systems
All Motorola Solutions’ mission-critical radios and systems are built with security in mind. For ASTRO, this includes authentication and end-to-end voice and data encryption solutions to ensure communications are secure. The primary tool for ASTRO systems is our Key Management Facility (KMF) for agencies interested in easily managing their subscriber fleets and eliminating downtime.
Summary
Protecting mission-critical ASTRO systems from cyber attacks is something that is top of mind for every public safety agency. To learn more about the topics discussed above, and additional aspects of how we build security directly into our ASTRO systems and protect them from external threats, we invite you to watch the on-demand webinar now.