October 3, 2019 by Paul Hill

Threat Modeling Key To Identifying Risks

Like 3 Views 4581 [analytify-stats metrics="ga:pageviews" permission_view=""]

Industries: 9-1-1 & Law Enforcement Energy Industries

Topics: ASTRO P25 Infrastructure Cybersecurity Device Management Services Infrastructure Services PSAPs

Threat ModelingEmerging technological advances have changed the landscape of public safety organizations. Today’s public safety systems are becoming more closely related to IT systems, increasing interconnectivity and complexity. These changes are introducing modern vulnerabilities and making public safety systems a more inviting target for cyber attacks.

With their mission of providing direct, uninterrupted access to the public and continually protecting communities, cyber attacks can have a destructive effect on public safety systems. And with limited budgets and a shortage of cybersecurity professionals, identifying and prioritizing threats is critical. 

Threat modeling is a useful tool to effectively identify likely adversaries, evaluate potential threats and focus resources. In order to get started with threat modeling, system security and data protection, we’ve outlined seven best practices:

  1. Know your adversary: In order to protect against an attack, it’s important to understand your potential adversaries and their likely motivations. Within public safety, most hackers are motivated by the financial benefits gained through ransoming your system, data and services.
  2. Model your system: Understanding your complete system from end-to-end is important to ensuring your operations are protected. Unless your ecosystem is understood, it can’t be properly protected. Organizations should designate an individual to ensure that everyone is playing their role in protecting security.
  3. Evaluate your threats: Conducting a comprehensive risk assessment will help guide your organization to better manage your cyber risk awareness. The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides an outline of best practices that can be adapted to your organization’s individual security goals and resources.
  4. Patch your systems: The failure to regularly patch systems is one of the primary reasons that hackers are successful. It’s critical that your organization develops and implements a detailed patching plan to limit the threat of cyber attacks. 
  5. Upgrade your systems: Making sure your system is up-to-date with upgraded hardware and software is essential to diminishing vulnerabilities. This can help to reduce your organization’s attack surface and introduce new security features.
  6. Backup your data: Developing a backup and recovery strategy is a big factor in a quick recovery following a hardware failure or ransomware attack. For public safety, having an established recovery plan can be key to resuming service in a timely manner.
  7. Support your organization: Engaging assistance early in the process of developing a cyber readiness plan can help your agency properly prepare to respond to and recover from a potential attack.

In a business reality where it’s no longer if, but when organizations will become a cyber attack target, reducing risk levels and potential vulnerabilities is key. Engaging in threat modeling and implementing industry best practices will help agencies ensure they are secure.

Read the full Motorola Solutions White Paper to learn more about cybersecurity best practices and a recommended threat modeling framework to identify and prioritize threats. 

Join us for the APCO Emerging Technology Forum

Want to learn more about emerging technologies and how to address the challenges of today’s ever-changing public safety communications landscape? 

Join Motorola Solutions at the APCO Emerging Technology Forum taking place in Denver on October 8th and 9th. Dan Zeiler, Director of Cybersecurity for 9-1-1 Solutions, will be presenting on October 8th at 2:45 p.m. His topic is DDoS and TDoS – Defending Against the Great Threats. Don’t miss it!

Learn more about the Forum

Contact us to find out more about our solutions and services.

Contact Us

Leave a Comment