ARLINGTON, VIRGINIA — Ensuring that E911 call centers (ECCs) are safe from cyber attack should be a top priority in the public safety sector. Unfortunately, not all ECCs have taken the steps necessary to minimize their exposure.
Hackers have already infiltrated numerous emergency call centers. The cyber attacks can range from mere nuisance to complete disruption of service. Unlike other sectors, where potential exposure is measured in dollars, in the public safety sector lives are literally at stake.
At APCO International’s Public Safety Broadband Summit, a panel of cybersecurity experts addressed the threats that hackers pose to emergency communications centers, as well as steps PSAPs can take to help lessen their potential vulnerability.
Memorable Quotes
Here are some memorable quotes from the panel discussion:
“There was a public safety cyber attack every month in 2018 — and 2019 has been no better. Be prepared for it — deal with it.” – Tim Lorello, President & CEO, SecuLore Solutions
If you do one thing today, make sure you have backups. If they are tested and validated, they can get you back on line after a ransomware attack.” – Dan Zeiler, Director of Cyber Security, Motorola Solutions
“Once cybercriminals own your system, they show you what they want you to see. You can be part of a cyberattack and never even know it.” – Jay English, Chief Technology Officer, APCO International
3 Key Takeaways
Panelists shared some key takeaways from the cybersecurity threats currently facing the public safety sector.
#1 Cyber crime is big business.
Losses from cyber crime cost the U.S. economy billions of dollars annually. And that’s just the tip of the iceberg — much more malicious activity likely goes unreported.
Public safety is particularly vulnerable. Many PSAPs don’t even have a firewall, and most public safety personnel are not cyber trained.
The most common attacks on the public safety sector are:
- Ransomware -- locking a system until a fee is paid
- Malware -- utilizing software to intentionally inflict damage upon a network
- Cryptomining -- harnessing the computing power of an unrelated network in order to engage in cryptocurrency mining
#2 It’s not enough to simply have a backup plan in place — you must practice it, as well.
Many PSAPs have a whiteboard on their call center wall for use in the case of an emergency. As important as that may be, unless public safety communicators have practiced using that whiteboard under actual conditions, they will not be fully prepared to make the necessary adjustments in the case of unforeseen circumstances.
When hit by a cyber attack, the PSAPs’ number one priority must be to continue to provide uninterrupted service to the public and the first responder community who depend upon them. Regularly drilling under emergency conditions is the best way to ensure that happens.
#3 The key to surviving a cyber attack is knowing your network.
Many PSAPs succumb to cyber attacks because they don’t know what’s running on their networks, and don’t understand expected traffic flows. It’s critical to map networks before any attack, so that any intrusions can be quickly identified, and affected centers can be isolated and traffic rerouted.
While next generation 911 (NG911) will mitigate some public safety cybersecurity issues, it will not be a silver bullet. NG911 will offer the ability to lessen many of the risks PSAPs currently face, but will not eliminate them entirely. In the future, as now, preparation and foresight will be the key.
