First responders and other emergency workers rely on Land Mobile Radios (LMR) as one of the primary means of communication in situations where cellphone service isn’t reliable or practical. The continued advancement of technology allows for improved integrations between LMR systems, the internet and other mission-critical systems to better meet the needs of communities and the people who serve them. However, it also increases the potential of a cyberattack impacting a first responder’s main, and often only, form of communication. That’s why it’s more important than ever to ensure your agency is taking the necessary steps to protect your LMR environment.
A recent report from the Public Safety Alliance (PSTA) details the current cyber threats to LMR and offers recommendations for protecting against them. Here are some highlights from the full report, including findings from our ActiveEye Managed Detection and Response (MDR) team. The full report is available to PSTA members now.
The Changing Threat Landscape
In addition to its ongoing research into public safety threats, the PSTA relied on insights from ActiveEye, Motorola Solutions managed security platform. The ActiveEye team monitors public safety environments to provide threat detection and response in multiple environments, including LMR systems. Many of the attempted threats that ActiveEye detected in 2023 were against Project 25 (P25) radio systems. P25 is a set of standards that ensure LMR equipment can interoperate with other equipment.
In the past year, the ActiveEye team detected multiple instances of vulnerability scans, denial-of-service (DoS) attempts, and remote code execution (RCE) attempts against P25 systems. Most of these attempted attacks were against firewalls that were connected to the agency’s LMR environment.
Other Security Challenges
While the continued integration between LMR and other systems in an agency can help agencies be more productive, it also increases the number of access points connected to LMR, which in turn can create more ways for cybercriminals to compromise them. For example, the rise in remote connection software in the past few years increased the number of access vectors for networks connected to LMR environments. Password sharing is also common in LMR environments. This opens the door to credential abuse, which remains one of the top threats used against public safety as a whole.
Exploiting vulnerabilities, particularly those found in firewalls, is another method that threat actors can use to directly access LMR core networks. In addition, many LMR systems have out-of-date hardware or services that are end-of-life products, which can be attacked using known weaknesses in legacy systems that are no longer patched or properly maintained.
Other threat vectors include the use of removable media, such as USB devices plugged into LMR or adjacent networks. As overall removable media attacks become more common, future attacks on LMR are possible via this attack technique. Many agencies lack proper security management of LMR networks and 24/7 threat monitoring, making it harder for them to detect and remediate cyberattacks.
While the threats to LMR networks only increase with more integrations, they’re necessary to keep up with advances in technology and the improvements they can bring for overall efficiency and safety. By putting additional security measures in place, however, you can protect your system. Some of these measures include;
Improving Physical Security: Ensure that all equipment is properly locked and can only be accessed by a PIN that is only given to authorized personnel. You can also consider installing cameras and other surveillance.
Enforcing Multi-Factor Authentication: Enforcing MFAs in the LMR environment can protect against attacks that use credential abuse to gain access to the network.
Developing a Cyber Incident Response Plan: This can provide a road map for when a cyberattack does happen to your system. You can also make sure your response plan works by using it to conduct a cyber exercise.
In an ever-changing cyber threat landscape, it is more important than ever to protect your LMR environment.
About the Public Safety Threat Alliance
The PSTA is a no-cost information sharing and analysis organization (ISAO) established by Motorola Solutions that is recognized by the Cybersecurity and Infrastructure Security Agency (CISA). The PSTA regularly publishes research that is shared with members. It also hosts regular webinars featuring our cybersecurity analysts and other experts.