Next Generation 9-1-1 (NG9-1-1) and legacy public safety answering point (PSAP) systems are being increasingly impacted by cyberattacks. Worryingly, 2024 saw more than double the number of disruptions compared to the previous year. The surge in cybersecurity threats to NG911 systems mirrors a broader rise in cyberattacks targeting public safety systems, often driven by financially motivated criminals.
The new report, published by the Public Safety Threat Alliance (PSTA), sheds light on this alarming trend. The investigation reveals the growing impact of cyber attacks on NG911 systems and offers crucial advice on how to best protect public safety call handling systems.
Key findings:
- Extortion attacks doubled: Attacks against PSAPs for extortion have doubled in 2024.
- USA targeted: All reported cyberattacks on 911 systems in 2024 occurred in the USA.
- Spreading attacks: Cyberattacks on dispatch systems and enterprise networks can spread to connected NG911 systems.
The PSTA reports recommendations align with the Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Performance Goals (CPGs) to bolster NG9-1-1 network security.
Where attacks originate
Interestingly, the report shows that most attacks don’t directly target the emergency call handling system. About 75 percent of attacks that disrupted or degraded 911 availability started outside of the PSAP, often in an adjacent county or law enforcement network, before infiltrating 911 call handling systems.
The report highlights two significant ransomware attacks on NG911 networks in 2024, one in Florida and one in Texas, both causing major disruptions. Data from Motorola Solutions’ ActiveEye Managed Detection and Response (MDR) platform, confirms the severity of these cybersecurity threats, showing the ongoing efforts to block malicious attempts to access emergency call-handling networks and exploit vulnerabilities.
Best practices for protection
With cybersecurity attacks on emergency systems becoming more frequent and sophisticated, security must be a top priority for all public safety agencies. The PSTA report suggests implementing security measures based on CISA’s CPGs, including:
- Strong Authentication: Use strong passwords and multi-factor authentication (MFA) to make it harder for attackers to access your systems, especially administrative accounts that control your most critical systems.
- Regular Updates: Keep your systems updated with the latest patches to prevent attackers from exploiting vulnerabilities in your software.
- 24/7 Monitoring: To defend against ransomware and other attacks, you need 24/7 monitoring from a Security Operations Centre (SOC) with rapid threat detection and response capabilities to identify and respond to nefarious activity within your network.
- Limit Access: Carry out risk assessments and gap analysis, limit users access to only necessary systems, segment your network to isolate critical systems and restrict unnecessary connections, making it more difficult for attackers to move within your network.
- Data Backup: Regularly back up your data to a separate location. This ensures you can restore your systems and data if a cyberattack occurs.
About the PSTA
The PSTA, established by Motorola Solutions and recognized by CISA, shares vital cybersecurity information and analysis. The PSTA publishes research, such as the “Cyber Threats and Impacts to Land Mobile Radios” report, and hosts webinars with cybersecurity experts. The PSTA offers threat intelligence products and services for its members at no cost.
Join the PSTA today to get a copy of the full ‘’Cyber Impacts to Next Generation 9-1-1 Systems” report and access to other valuable research.
