In the last few years, cybersecurity concerns have gone mainstream. Cyber incidents haven’t just increased in volume — they’re impacting the daily lives of citizens. For instance, the 2021 ransomware attack on Colonial Pipeline shut down a major fuel supply line, creating gas shortages across the East Coast. In the process, it made millions of people more aware of the danger of cybercrime impacting industrial and critical infrastructure targets.
Unfortunately, public safety agencies and the mission-critical systems they rely on are at risk, too. In light of the potential impact to these systems, we wanted to better understand the views and expectations of public safety professionals in 2022 and beyond, particularly for law enforcement agencies. The result is our recently published 2022 Motorola Solutions Law Enforcement Survey, in which we asked law enforcement personnel — including command staff, IT, operations management and first responders — for their thoughts on cybersecurity.
Current Views On Cyber Threats
As news reports filled 2022 with stories of cyber attacks holding IT systems and data for ransom, it was no surprise that 52 percent of survey respondents identified ransomware as their agency’s top concern. Given its potential to both endanger sensitive information and cost a substantial amount of money (with no guarantee of recovering the data), ransomware is a major headache. However, it is not the only prevalent public safety attack vector.
While only 6 percent cited telephony denial-of-service/distributed denial-of-service (TDoS/DDoS) attacks as their key concern, more public safety personnel should be wary of them. According to Motorola Solutions research, these are among the most common attacks facing public safety agencies today besides ransomware.
Adopting Cybersecurity Best Practices
With so many ongoing threats to public safety networks and systems, it’s critical that agencies commit to implementing a holistic cybersecurity approach. It should be centered around a risk mindset that focuses on patching; incident response planning; readiness exercises and assessments; deploying modern endpoint detection and response (EDR) solutions; continuous monitoring to enable rapid threat detection and remediation.
The Cybersecurity and Infrastructure Security Agency (CISA) recently published a list of Cybersecurity Performance Goals that echo this advice. The voluntary goals broadly apply across all 16 critical infrastructure sectors, with a particular focus on smaller organizations that lack the resources for a robust cybersecurity plan.
These fundamentals still require the help of experienced professionals, though. But finding, hiring and retaining staff with cybersecurity expertise is a constant challenge facing police departments of all sizes that can slow implementation of the critical tools and processes required for effective protection.
That difficulty is reflected in our survey results. Although 62 percent of respondents said they were very or extremely confident in their current cybersecurity program, respondents also cited low deployment across a range of critical cybersecurity solutions. For instance, fewer than half of respondents’ agencies (41 percent) deploy cybersecurity services such as security monitoring and patching to protect systems and networks. Only 30 percent of respondents have a cyber incident response plan or utilize threat intelligence, and only 54 percent have cybersecurity training programs.
We also asked respondents to estimate how much their agency plans to spend on cybersecurity specific initiatives within its annual budget. Of those who answered, the top response was the lowest figure provided as a choice: less than 5 percent. Just as concerning, more than 50 percent of respondents weren’t even able to estimate a general budget percentage. Unfortunately, that level of investment is simply not sufficient to protect against or combat today’s cyber threats.
Integrated Public Safety Technology for Improved Security
Today, keeping the public safe requires modern, effective operations, and effective operations require maximum connectivity. That’s why modern public safety requires a unified technology ecosystem that integrates people, assets and operations. This can enable agencies to simplify tasks and create new workflow efficiencies so responders can focus on their core mission, not technology.
Unifying public safety technology also enhances cybersecurity by streamlining the people, processes and tools needed to keep systems and networks safe. Rather than attempting to secure multiple siloed technologies, agencies can centralize and streamline data and systems enhancing overall security for the entire ecosystem. Survey respondents agreed, including cybersecurity among the top benefits of integrating public safety technology, along with increased efficiency and collaboration and more easily accessible data.
The 2022 Motorola Solutions Law Enforcement Survey reflects the views and concerns of nearly 1,000 professionals, and reinforces our beliefs that modern, effective public safety requires a unified technology ecosystem that integrates people, assets and operations, increasing efficiency and security for better outcomes.
Yet, it also highlights how important it is for forward-thinking agencies of all sizes to not only focus on building an integrated technology ecosystem, but to also invest in the tools and resources necessary to secure it. This includes regular patching, training, risk assessments and cyber exercises as well as around-the-clock monitoring and remediation of not only IT networks, endpoints and cloud, but of mission-critical systems.
Given the increasing number of cyber attacks against law enforcement agencies, partnering with a vendor that can provide expertise in both public safety and cybersecurity can provide peace of mind and the support you need to better defend against them.
Download Evolving Threats, Adapting Technology: Defending Law Enforcement In The Digital Era to read the full guide.