Historically, cybersecurity threats to land mobile radio systems (LMR) consisted almost exclusively of jamming (disruption of radio frequencies to prevent communications) or device theft. However, recent ransomware attacks have directly impacted U.S. broadband and P25 networks. Reported LMR compromises at public safety agencies in the last year caused an average of seven days of downtime to mission-critical systems.
This blog shares highlights from a recent Public Safety Threat Alliance (PSTA) report on the impact of cyber attacks to LMR systems, along with recommended best practices for security measures that can help improve LMR system defense.
The importance of awareness and preparedness
Recent attacks mainly involve credential abuse, in which an attacker uses stolen credentials like usernames and passwords to exploit cybersecurity vulnerabilities and disrupt LMR environments. Threat actors also used tactics such as scanning for misconfigured SSL virtual private network (VPN) connections to get into the network and launch brute force login campaigns, attempting multiple username and password combinations until the correct one was discovered, to access P25 radio networks.
Fortunately, some victims were able to quickly recover when communications were immediately restored by activating a separate radio system following the attack. Agencies that are able to avoid or recover from attacks quickly highlight the importance of proactively improving LMR system defense to protect against cyber threats.
Why proactive defense strategies are critical
The tactics, techniques and procedures (TTPs) used by threat actors to breach LMR networks in recent attacks used the same opportunistic strategy — targeting systems that had multiple vulnerabilities. Many of these happen as a result of a lack of cybersecurity training for employees or because proactive measures are not in place.
In one recent attack, for example, a radio network protected by ActivEye Managed Detection and Response (MDR) service successfully blocked credential abuse— unauthorized access attempts using someone else’s credentials. Motorola Solutions’ MDR service, backed by 24/7 security monitoring by highly-trained security professionals, powers rapid threat detection and response capabilities to protect organizations and agencies of all sizes from cybersecurity threats.
Here are more best practices for radio network security that can help you proactively defend against cyber threats, reduce your attack surface and lower the risk and likelihood of your network being compromised.
- Incident Response (IR) plans – Establish the policies and procedures that should be in place if a cyber attack happens. Regularly review and update the plan.
- Password hygiene – changing default credentials, i.e., “password123,” requiring employees to use strong passwords and enabling multi-factor authentication.
- Securing remote services – changing SSL VPNs to IpSec and adding multi-factor authentication for connections to mission-critical sites.
- Patching critical systems – ensuring internet-facing mission-critical systems are regularly updated.
Protecting communities starts with protecting mission-critical systems and networks. Learn more about how you can protect your systems and by joining the Public Safety Threat Alliance for access to specialized threat intelligence.
About the Public Safety Threat Alliance
The PSTA is an information sharing and analysis organization (ISAO) established by Motorola Solutions and is recognized by the Cybersecurity and Infrastructure Security Agency (CISA). The PSTA regularly publishes research, such as the “Cyber Threats and Impacts to Land Mobile Radios” report. It also hosts regular webinars featuring our cybersecurity analysts and other experts. The PSTA provides threat intelligence products and services for member organizations at no cost.
Join the PSTA today to get a copy of the full report and other valuable research.
