Public safety agencies rely on critical communications networks and secure information systems to save lives and protect communities. A new joint report reveals that cybercriminals are actively targeting these mission-critical systems, creating significant operational challenges for emergency services.
The report, “Persistent Disruptive Cyber Activity Impacting U.S. Public Safety Mission-Critical Services”, by the Public Safety Threat Alliance (PSTA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), documents a 60% increase in attacks on public safety agencies’ mission critical systems, including radio communications, computer-aided dispatch (CAD), and 9-1-1 emergency call handling systems.
The impact of operational disruption
Cyberattacks are causing notable operational disruptions to mission-critical systems, directly jeopardizing public safety. In 2024 alone, 24 public safety emergency communication systems were rendered completely unavailable due to successful cyberattacks, resulting in significant disruptions to operations that lasted for days and even weeks. The attacks affected:
- CAD systems experienced a 100% increase in disruptions in 2023, with 18 cyberattacks resulting in an average of 15 days of downtime per incident.
- 9-1-1 emergency call handling systems with five incidents directly impacting them.
- Public safety radio systems, where ransomware attacks quadrupled in 2024.
These attacks demonstrate how the growing cyber threat directly impacts the ability of emergency services to operate effectively.
The downstream consequences of cyberattacks
Cyberattacks can have impacts beyond disrupting emergency dispatch or radio communications. They can have a significant effect on public safety agencies, costing millions and disrupting vital services. Ransomware incidents often force agencies to make difficult financial decisions, weighing the cost of rebuilding systems against the cost of paying a ransom. In 2024, a municipality was forced to pay cyberattackers $1.5 million from its reserve funds to recover its systems after a ransomware attack. In early 2025, another city declared a state of emergency following a cyberattack that inhibited their ability to share and receive mobile data inside police vehicles.
What motivates cybercriminals, and how do they conduct their attacks?
Most cyberattackers engage in this activity for financial gain through ransomware or data theft. According to the report, they typically attack public safety systems using five standard methods:
- Credential abuse
- Vulnerability exploitation
- Targeting remote services
- Phishing and social engineering
- Malware
Significantly, IT systems are often interconnected with emergency technology. In 2024, 83% of attackers targeting CAD systems gained initial access through regular city or police networks.
Unique challenges for public safety agencies
Public safety agencies face distinct challenges in defending against cyber threats.
- High availability requirements: Mission-critical networks must maintain continuous operation with minimal downtime.
- Legacy systems: Older systems make it difficult to implement proper controls and monitoring.
- Security gaps: Issues such as shared accounts and inadequate user permissions.
- Interconnectivity: Many public safety systems connect to municipal and law enforcement IT networks, creating opportunities for lateral movement by cybercriminals.
- Sensitive data: Public safety entities manage highly sensitive information that, if compromised, could lead to significant consequences, including identity theft.
The PSTA and MS-ISAC – cybersecurity champions
Public safety agencies face a constant barrage of cyber threats, ranging from sophisticated attacks to vulnerabilities in outdated systems and insecure practices. To help combat these challenges, two key organizations provide cybersecurity support for public safety agencies: the Public Safety Threat Alliance (PSTA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
About the PSTA
The PSTA, established by Motorola Solutions and recognized by the Cybersecurity and Infrastructure Security Agency (CISA), is an Information Sharing and Analysis Organization (ISAO) specializing in emergency communication systems and public safety. All of the PSTA’s products and services are provided to member organizations at no cost, including threat reports, vulnerability alerts, dark web monitoring, and an automated indicator feed. U.S. public safety agencies are strongly encouraged to join the PSTA to benefit from these resources and contribute to a network dedicated to improving the cybersecurity posture and resilience of mission-critical systems. Register today to join the PSTA’s global network of public safety defenders.
About MS-ISAC
MS-ISAC serves as a vital resource for U.S. state, local, tribal, and territorial (SLTT) government organizations. It analyzes cyber threats from various sources and provides essential support and resources. All U.S. SLTT government entities are encouraged to join for access to threat intelligence and enhanced defense capabilities. To join the MS-ISAC website, register here.
Read the full report
For a deeper understanding of the tactics cybercriminals employ and the detailed security measures to counter them, including comprehensive insights into evolving public safety threats and actionable, detailed guidance on enhancing cybersecurity posture and resilience. Read the full report here.
Join the PSTA MS-ISAC webinar on July 24th
Join the joint PSTA and MS-ISAC webinar, “Critical Infrastructure Under Attack: Safeguarding Public Safety Communications Systems,” on July 24, 2025, from 1:00-2:00 PM EDT.
Gain insights on:
- Identifying emerging threats to public safety communication systems.
- Implementing best practices for cybersecurity resilience.
- Developing proactive defense strategies.
- Fostering collaboration across agencies to strengthen collective security.
