This October, as we mark the last few days of Cyber Security Awareness Month, it’s the perfect time to reflect on the incredible progress our industry has made. We’ve successfully elevated cybersecurity from a niche IT topic to a genuine boardroom conversation. Our staff are more savvy and more aware of phishing, social engineering, and cyber hygiene than ever before. This hard-won foundation of awareness is absolutely critical and it’s the bedrock of any successful security program. As someone who has been involved in some of the largest incident response investigations seen over the last few years, I see this awareness as the first, essential step.
And for those of us in public safety — in the world of mission-critical Land Mobile Radio (LMR) and Operational Technology (OT) — this foundation is just the beginning. In our mission, awareness is knowing that a fire is a danger. The next step, resilience, is the muscle memory of the firefighter — knowing exactly what to do, second-by-second, when the alarm sounds.
It’s time to build on our success with awareness and consciously elevate our thinking to active “resilience.” The unique, high-stakes nature of our mission demands it.
The standard corporate awareness model is an excellent start, but it’s primarily built to protect a traditional IT environment, where the main risk is the loss of data. This model needs to be extended when we look at the converged IT/OT world of public safety communications.
In our world:
- The “User” is Different: The highest-value target isn’t just an office worker. It’s the trusted, privileged LMR engineer with the “keys to the kingdom”—the one who can access radio management consoles and network cores.
- The “Asset” is Different: We aren’t just protecting a file server. We are protecting dispatch systems, radio towers and the P25 or TETRA core that provides the communications backbone for every first responder in a city.
- The “Impact” is Different: An attacker isn’t just trying to steal data (though they may); they are seeking to disrupt, degrade and deny our ability to communicate. The impact isn’t just a financial loss; it’s a 999 or 112 call that doesn’t go through.
Our awareness programs get us 80% of the way there, but we must now address this critical 20% gap.
An organisation that is “aware” knows a cyber-attack is possible. An organisation that is “resilient” knows what to do when it happens. When a cyber-attack hits your LMR network, the impact is immediate and kinetic. It’s the dispatch console that freezes. It’s the radio network that suddenly goes silent.
If you are figuring out your response plan, trying to identify stakeholders, and searching for an expert to call after the attack has landed, you have already lost precious, mission-critical time.
Awareness is knowing a punch might come. Resilience is having a plan to take that punch, stay standing and continue the mission. My favourite quote is still from Mike Tyson “Everyone has a Plan until they get punched in the face!”.
This month, I challenge leaders in our industry to build upon their awareness successes and test their readiness. This looks different depending on your role.
For the CISO: Your awareness program is a vital part of your security posture. Your resilience program is the investment that validates it. I challenge you: instead of just running an enterprise-wide phishing test, also run one full-scale, OT specific incident response tabletop exercise this month.
Get your IT security team, your radio comms managers and your operational leadership in the same room. Throw a high-impact scenario at them — ransomware on the dispatch consoles, a DoS attack on the radio core. Test your “un-patchable” LMR environment. I guarantee that one four-hour exercise will do more for genuine readiness — and reinforce the value of awareness — than a year’s worth of newsletters. It will immediately expose the gaps in your plans, your tech and your culture.
For the LMR Manager: You are already an expert in resilience. You live and breathe it. You build your networks with N+1 or N+N redundancy to protect against hardware failure. You have contingency plans for power outages and backhaul cuts.
The thought leadership challenge for you is to apply that exact same “belt-and-braces” engineering mindset to cyber threats. What is your documented, practiced, step-by-step procedure for when a threat actor, not a thunderstorm, takes your system offline? Who do you call first? What’s step one?
True resilience is built on a foundation of proactive planning, supported by a workforce that is truly “aware” of the stakes.
This Cyber Security Awareness Month, let’s lead the way. Let’s thank our teams for their vigilance and for embracing the culture of awareness we’ve worked so hard to build.
And then, let’s take that next step together. Let’s elevate the conversation from passive “awareness” to active “resilience.” Let’s stop just knowing that threats exist and start proving that we are ready to face them.
Because in our world, readiness isn’t just a security metric. It is the very bedrock of the public safety mission. Contact us to find out how our cybersecurity solutions can secure your organisation today.
