Over the past year, highly disruptive cyberattacks have increasingly threatened dispatch centers’ integrity and availability by compromising computer-aided dispatch (CAD) and Public Safety Answering Point (PSAP) systems around the world. This blog shares highlights from the recent Public Safety Threat Alliance (PSTA) report on their impact, along with tips on how to safeguard your dispatch center from cyber threats.
Since the beginning of 2023 through March 2024, there have been 16 reported cyberattacks on dispatch centers, which have caused, on average, 15 days of availability downtime — a steep increase from the 12 cyberattacks on CAD operations observed in total from 2019-2022. Striking an average of once per month, these attacks limit the ability of dispatchers and telecommunicators to perform their jobs effectively, forcing trained staff to resort to pen-and-paper operations and preventing call handlers from answering 911 calls.Â
The adverse effects of the attacks are not only confined to targeted PSAPs or dispatch centers. They extend to neighboring agencies that are tasked with performing additional duties to help support the impacted counties. This domino effect further taxes already limited PSAP resources and has the potential to reduce the overall quality and efficiency of service to communities.
Cybercriminal attack trends
Threat actors primarily used credential abuse, phishing and vulnerability exploits to access dispatch environments, though typically not as the first point of contact. Some 75 percent of cyber attacks in the past year began outside of the dispatch networks in adjacent networks utilized by related agencies. Opportunistic threat actors most often attacked law enforcement, fire departments or municipal enterprise IT networks first, then moved into critical emergency response environments to deploy ransomware — at times up to a month after the initial attack.
The most common method, accounting for 40 percent of all public safety attacks, began with threat actors using legitimate credentials to gain initial access through unsecured service accounts. Then, they used lateral movement techniques to travel to the CAD or PSAP network perimeter, bypass the firewalls and access the target dispatch systems.Â
Who is at risk?
Last year, 88 percent of victims were located within the United States. While in some cases, major cities like Dallas, TX and Medellin, Colombia, were targeted, it’s important to recognize that even dispatch systems for small counties and towns are at risk of catastrophic impacts due to cyber attacks. In fact, most dispatch victims in the last year were associated with small and medium-sized 911 call centers for counties and cities with populations as low as 8,406 people.Â
Protecting your mission-critical dispatch center systems
The security of dispatch centers, both large and small, and their mission-critical systems is vital to protecting community safety, maintaining public order and managing emergencies. A cyber attack that compromises systems’ data, devices or networks within dispatch centers does not just affect livelihoods; it can also threaten lives. For optimal protection, we recommend incorporating these precautionary measures:
- Managed Detection and Response (MDR) and Advisory Services to find and mitigate cybersecurity threats earlier with 24/7Â detection and expert advice from highly-trained security professionals.
- Endpoint Detection and Response (EDR) to proactively identify and automatically remediate threats on endpoints within the radio system, dispatch and related enterprise network.
- Penetration Testing, aka ethical hacking, is often a mandatory requirement to meet compliance regulations or industry standards, along with technical assessments, to see how your cybersecurity strategy will fare in the real world.
- Vulnerability Scanners and Security Patching fine-tuned to your system to look for known weaknesses and security flaws, and security patching services to help you resolve weaknesses in mission-critical system software and safeguard them against potential attacks.
- Cyber Exercises, both tabletop and functional, to test your incident response plan in a no-stakes environment to see if you have the proper cybersecurity procedures in place and if your security measures are effective.
About the Public Safety Threat AllianceÂ
The PSTA is an information sharing and analysis organization (ISAO) established by Motorola Solutions and is recognized by the Cybersecurity and Infrastructure Security Agency (CISA). The PSTA regularly publishes research, such as the Cyber Threats and Impact to Dispatch Centers report. It also hosts regular webinars featuring our cybersecurity analysts and other experts. The PSTA provides threat intelligence products and services for member organizations at no cost.   Â
Join the PSTA today to get a copy of the full report and other valuable research