4 cybersecurity questions 911 communication center leaders must be able to answer
Cyberattacks on 911 communication centers have physical consequences. How can you ensure your department’s security is up to par, and what questions should you ask third-party vendors to protect your assets?
Thank you to Larry S. Kirsch, PCM-G General Manager, for his contributions to this article.
By Police1 Staff
911 communication systems are a critical component of emergency response and preparedness, which make them an attractive target for criminal activity. In the last 24 months, there have been 184 reported cyberattacks on public safety agencies and local governments, 42 of which have specifically targeted 911 communication centers, according to NBC News
As the threat becomes more prevalent, there are certain things to know about cybersecurity for 911 communication centers.
Gauging the vulnerability of a dispatch center
The type of attacks on 911 call centers range from unsophisticated access attempts to malicious behavior meant to dismantle the systems. Primary attacks on 911 communication centers include:
When attackers pose as legitimate institutions to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Most often, these attacks take place via email, telephone or text message. The stolen information is used to compromise important accounts.
Software that is intended to damage or disable computers and computer systems.
Distributed Denial of Service (DDoS) attack
An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Under the umbrella of DDoS attacks are:
- PSTN denial of service attacks like call flooding
- Fake calls/fake caller information like “SWATting”
The longer a center is inaccessible due to an attack, the more dangerous it is for patients in need of critical care, creating physical consequences to cyberattacks. In 2017, a 6-month-old Dallas boy died after his babysitter’s 911 calls were delayed during an apparent DDoS attack.
It’s also dangerous for public safety professionals. In these situations, LEOs are unable to call for backup, paramedics can't request cops, and firefighters can’t call for mutual aid.
Given the critical nature of 911, all dispatch centers need a comprehensive cybersecurity plan. You should be asking these four questions about your communication center and its digital security:
1. Do we have clear policies?
Having clear policies at your communication center is the only way to improve and assess your overall risk management approach.
Commonly used policies to ensure information security include:
- Acceptable Use Policy
- Confidential Data Policy
- Email Policy
- Mobile Device Policy
- Incident Response Policy
- Network Security Policy
- Password Policy
- Physical Security Policy
- Wireless Network and Guest Access Policy
- Bring Your Own Device Policy
- Learning Management System Policy
These policies will help you to assess your current security state, discover security gaps, and understand new procedures that should be introduced.
2. Is your connection secure?
IP technology brings many benefits to command centers, but it also represents new ways an attacker can disrupt or disable public safety answering point (PSAP) operations.
Legacy TDM technology was easy to keep secure because calls were taken over dedicated connections. IP-based networks like NG911 are a different story. As 911 networks evolve to IP-based networks, and as new endpoints are added to these IP-based networks, the opportunity for security breaches increases.
There is more data to protect with NG911 systems. Not only do you have inbound traffic which now includes multimedia images, but you also have computer-aided dispatch systems and GIS databases newly linked to the system.
It’s worth noting that legacy equipment is often one of public safety’s most significant cybersecurity vulnerabilities. Although it sounds like a double-edged sword, departments that are unable to switch to new technology promptly may be more susceptible to cyberattacks. Legacy technology may have unpatched software or other vulnerabilities that become easy targets for hackers.
3. Are you capable of handling the tech?
As noted above, all communication centers should develop and implement a comprehensive cybersecurity plan. The problem is most agencies don't have the expertise to produce what's needed on their own.
Is your department able to support information security preparedness through risk assessment, mitigation and incident response capabilities? Most likely, the answer is no. Many agencies should outsource at least a portion of their cybersecurity plan to experts experienced with public safety technology and security needs.
Smaller PSAPs may require a frank discussion with their governing authorities about how to support an effective cybersecurity program. According to the Federal Communications Commission, that conversation may include more cost-effective options such as joining a multi-jurisdictional ESINet, joining a statewide Security Operations Center, or outsourcing more challenging tasks to the commercial sector.
The upfront costs may prevent you from long-term disaster.
4. Are your employees trained on security policies?
There is no better cyber protection than a well-trained staff that understands and implements good cyber hygiene and safe clicking. To achieve this, every member of every PSAP and any partner organizations must be aware of basic cybersecurity procedures.
Conducting cyber-focused drills and exercises can help your personnel - from telecommunicators to chiefs - understand how to respond to threats and risks appropriately. Consider exercises like testing staff with mock phishing emails to see which dispatchers may need more help identifying suspicious emails. Practicing processes and procedures can help refine your strategy.
You won’t know if your cyber training is adequate if you don’t follow up. Online learning exercises and internal discussion are a great way to keep skills sharp.
As technology and cyber threats evolve, resilience will always be an essential component for PSAPs. Continuous training upgrades to cyber architectures and redefined contingency plans have great value in maintaining continuity of operations.