In times of crisis, the availability of public safety radio communications becomes the crucial lifeline that empowers our first responders to protect and serve. A new report from the Public Safety Threat Alliance (PSTA) sheds light on a concerning trend – the increasing cyber threats impacting public safety radio communications. The public safety threat report “Cyber threats to public safety radio communications” offers crucial insights into these threats, their impact and the essential steps to take for defense.
The threat is real: cyber attacks are increasing in impact
Cyberattacks on public safety radio systems are a reality and the report reveals ransomware as the weapon of choice. In 2024 there were four cyberattacks that shut down public safety radio communications. All four of these disruptions were the result of ransomware infections, marking a shift from historically more common attacks like jamming and distributed denial-of-service (DDoS). This change indicates that threat actors are becoming more sophisticated and aware of the critical nature of these systems.
Significant downtime and real-world consequences
The impact of these attacks is becoming more devastating. The average downtime for public safety radio communication after a successful cyberattack in 2024 was seven days.
This severely hampers mission-critical communications for emergency services, putting lives at risk. One attack left responders relying on a backup system and facing weeks of downtime to rebuild their network.
The risks and vulnerabilities within public safety radio systems
The report highlights several critical risks and vulnerabilities that threat actors exploit:
- Overuse of Administrator Accounts: the prevalence of numerous and shared administrator accounts significantly increases the risk, granting attackers immediate high-level access.
- Vulnerable Systems and Applications: unpatched or end-of-life software and systems, including firewalls and servers, provide easy entry points for attackers.
- Rogue Devices: unauthorized internet-connected devices, lacking proper security controls, can bypass network defenses and offer backdoor access.
- Lack of Security Monitoring: without 24/7 active security monitoring, organizations are blind to malicious activity, allowing attackers more time and freedom to operate undetected.
Defending our public safety networks: a call to action
The report emphasizes that a defense-in-depth strategy is crucial for protecting public safety radio environments. This involves the implementation of defenses including 24/7 monitoring and endpoint detection and response (EDR).
The report provides a valuable “Defender checklist” based on CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs), outlining actionable recommendations.
A must-read for public safety organizations
The PSTA’s report is an essential resource for anyone involved in managing or securing public safety radio systems. Its detailed analysis of recent attacks, identified vulnerabilities, and practical recommendations provide a roadmap for strengthening cyber defenses. By understanding the threats and implementing the suggested controls, agencies can better protect these vital communications lifelines.
Join the PSTA today to access the full report and gain in-depth insights into cyber threats to critical communications systems, effective mitigation strategies and the evolving threat landscape, empowering you to take proactive steps to enhance your cybersecurity posture.
About the PSTA
The Public Safety Threat Alliance (PSTA), established by Motorola Solutions and formally recognized by the Cybersecurity & Infrastructure Security Agency (CISA), plays a crucial role in safeguarding public safety by disseminating essential cybersecurity information and analysis. This collaborative platform actively contributes to enhancing the cybersecurity posture of public safety organizations through various means. These include conducting and publishing original research on emerging threats, producing regular threat intelligence reports to keep stakeholders informed and hosting webinars featuring cybersecurity experts who share their insights and expertise.
