October 15, 2024 by Paul Soriano

Why Computer-Aided Dispatch Systems Need Endpoint Security

Like Like Views 145 [analytify-stats metrics="ga:pageviews" permission_view=""]

Industries: 9-1-1 & Law Enforcement Fire & EMS

Topics: Cybersecurity

Computer-aided dispatch (CAD) systems like PremierOne and Flex are essential for public safety agencies. They help to prioritize and record incident calls, identify the status and location of responders in the field, and automatically dispatch responder personnel. However, these systems are increasingly under attack from cybercriminals.

According to a March 2024 report by the Public Safety Threat Alliance (PSTA), from 2023 through March 2024, there were 16 reported cyberattacks on computer-aided-dispatch (CAD) or public safety answering points (PSAPs). These attacks caused an average of 15 days of downtime to availability and occurred, on average, once per month. 

The majority (75 percent) started with threat actors accessing partnering agencies’ outlying networks. then moving into the critical CAD and PSAP environments to deploy ransomware. Attacks like these can have a devastating impact on public safety agencies, disrupting 9-1-1 dispatch services and other critical operations.

Why is endpoint security important for CAD systems?

A critical step in protecting CAD systems from cyber attacks is providing your cybersecurity team with the right tools. One of the most effective tools is endpoint detection and response (EDR), an advanced security solution that monitors endpoints (such as laptops, desktops, and servers) for signs of malicious activity. When a threat is detected, EDR can automatically take steps to remediate the threat, such as isolating the affected endpoint or blocking malicious traffic. Endpoints on CAD systems include:

  • Laptops: Used by police officers and other first responders to access CAD systems while in the field.
  • Desktops: Used by dispatchers and other personnel at public safety answering points (PSAPs) to manage CAD systems.
  • Servers: Used to store and process CAD data.

These endpoints are all potential targets for cyber attacks.

EDR is particularly important for public safety agencies because CAD systems are often connected to a variety of other systems, such as 9-1-1 call handling systems and radio networks. This means that if one endpoint is compromised, the entire system could be at risk. The use of EDR technology — combined with human review from Security Operations Center (SOC) experts — can help to prevent this by quickly detecting and responding to threats before they can spread.

What are the most common cyber threats to CAD systems?

Common threats to CAD systems include:

  • Ransomware: This occurs when an attacker remotely locks systems or data and demands payment to unlock them. As highlighted in the Motorola Solutions white paper, When Lives Are on the Line: Protecting PSAPs from Cyber Attacks, ransomware has emerged as a primary method of attacking PSAPs.
  • Malware: This can be used to infect endpoints and steal data or disrupt operations.
  • Phishing attacks: These can be used to trick users into giving up their login credentials or downloading malware.
  • Insider threats: These can involve employees or contractors who have authorized access to CAD systems but use that access to intentionally harm the organization.

These threats can have a significant impact on CAD systems. Malware can steal sensitive data, such as personal information about callers and responders. Phishing attacks can lead to the compromise of user accounts. Insider threats can be particularly dangerous because they can involve individuals who have knowledge of the organization’s security measures.

Other Benefits of deploying endpoint security on CAD systems

In addition to improving a public safety agency’s cybersecurity posture by reducing the risk of data breaches and protecting sensitive data, implementing EDR also improves PSAP operations in regard to compliance and staffing. Industry-specific regulations such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accounting Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI-DSS), dictate specific protocols for monitoring, detecting and responding to security threats across various endpoints. Various state and federal mandates also address endpoint security requirements. EDR compliance ensures that your PSAP is adhering to these security standards. Plus, because EDR automates the tracking and detecting of potential threats, time is freed up for IT and security teams to focus on other agency needs, adding efficiencies to your operations.

If you are responsible for the security of a public safety CAD system, implementing EDR is an essential tool for protecting your systems from cyber attacks. 

Common challenges to implementing EDR on CAD systems

Considering the mission-critical nature of these systems, potential challenges can include:

  • Cost: EDR solutions can be expensive, and public safety agencies often operate with limited budgets. The cost of purchasing, implementing, and maintaining EDR software and hardware can be a significant barrier.
  • Complexity: EDR solutions can be complex to deploy and manage, requiring specialized expertise that may not be readily available within the agency. This could require additional training or hiring of cybersecurity personnel.
  • Integration: Integrating EDR with existing CAD systems and other infrastructure can be challenging, especially if those systems are outdated or from different vendors. Ensuring compatibility and seamless communication between different components can be a complex task.
  • False positives: EDR systems can sometimes generate false positive alerts, flagging benign activity as malicious. This can lead to alert fatigue among security personnel and potentially cause them to miss real threats.

These are just some potential challenges that public safety agencies might face when implementing EDR solutions. Careful planning, adequate resources and strong vendor partnerships can help mitigate these challenges and ensure successful EDR deployment.

Strategies to simplify EDR implementation for CAD systems

Here are some potential strategies public safety agencies can consider to mitigate these challenges: 

  • Leverage SOC expertise to proactively manage threats: Outsourcing EDR management to a specialized provider like Motorola Solutions can alleviate the need for in-house expertise. Our SOC provides  24/7 monitoring, threat detection and response, freeing up your in-house staff to focus on other priorities.
  • Partner with vendors offering comprehensive support: Partnering with Motorola Solutions ensures you’ll have access to robust onboarding, training and ongoing technical support that can significantly ease the deployment and management process.
  • Invest in staff training and development: Providing cybersecurity training to IT staff can equip them with the necessary skills to manage EDR effectively. This investment can reduce reliance on external expertise in the long run.
  • Start with a phased approach: Implementing EDR in phases, beginning with mission-critical systems like PremierOne and Flex CAD, allows for a more controlled and manageable deployment process. This approach also enables agencies to gradually build expertise and confidence in managing the solution. As part of this, we strongly recommend that agencies also implement a more holistic MDR approach.

Managed Detection and Response (MDR): an important next step

While EDR is an important first step in protecting CAD systems, implementing a broader Managed Detection and Response (MDR) service is critical. MDR is a holistic step up from EDR, extending threat monitoring and response to the entire digital perimeter of an organization, which includes cloud services, email accounts and on-premise networks as well as mission-critical systems like land mobile radio (LMR) and emergency call handling (ECH). 

Its strength lies in its ability to uncover and address threats that EDR might miss. This includes sophisticated network-based threats or multi-stage attacks that traverse multiple endpoints and system layers. Combining EDR and MDR provides a far more comprehensive detection and response capabilities to better defend against today’s threats to public safety and meet compliance requirements.

Summary

Since CAD systems are essential for public safety agencies, they are increasingly under attack from cybercriminals who use malware and other threats to cause downtime or otherwise impact communications. EDR is an advanced security solution that can help to protect CAD systems from these attacks.

EDR monitors endpoints for signs of malicious activity and can automatically take steps to remediate threats. It is particularly important for public safety agencies because CAD systems are often connected to a variety of other systems, such as 9-1-1 call handling systems and radio networks. This means that if one endpoint is compromised, the entire system could be at risk. By implementing EDR, along with a holistic MDR service, agencies can better protect themselves and ultimately the communities they serve.

Contact us to find out more about our solutions and services.

Contact us
Paul Soriano

Paul Soriano

Paul Soriano serves as a Product Manager for Motorola Solutions Cybersecurity Services. Paul has over 15 years of expertise in information security, specializing in security architecture, engineering, and strategy, including service as a U.S. Army Non-Commissioned Officer.

linkedin

Leave a Comment

Related Articles

HOW-TO-GUARANTEE-FULL-LOCAL-COMMUNICATIONS-ON-A-REGIONAL-NETWORK
How To Guarantee Full Local Communications on a Regional Network
ISSI OR MULTI-ZONE_ WHICH P25 INTEROPERABILITY SOLUTION IS BEST FOR YOUR AGENCY_ (1)
ISSI or Multi-Zone? Which P25 Interoperability Solution is Best for Your Agency?
9-THINGS-TO-KNOW-ABOUT-CALLING-9-1-1,-ADVICE-FROM-A-DISPATCHER
9 Things to Know About Calling 9-1-1, Advice From a Dispatcher