Cyber-security and the PSAP
DHS and FBI outline the increase in attacks on PSAPs and express concerns about keeping public safety communications secure
Historically, PSAP security was handled by the “tech guys” and the phone company. It was certainly not a concern for public safety communication center managers. As technology saturates the 911 world, security falls to everyone involved, even those on the front lines. Thankfully there are companies already thinking about how NG-911, applications and data living in “the cloud,” coupled with the increasing sophistication of those intent on disrupting public safety, will affect PSAPs in the future.
Bob Schassler, senior vice president of government solutions for Motorola, agreed that public safety agencies and the private companies they work with need to “develop an ecosystem of security.” Applications need to meet a standard of security, and this must be looked at before rolling them out and opening up public safety to attack.
Recently, the Department of Homeland Security (DHS) in collaboration with the FBI released an alert outlining the increase in attacks on PSAPs and concerns revolving around keeping public safety communications secure in an environment of ever-evolving technology.
Types of Attacks
Telephony Denial-of-Service (TDoS) attacks use similar tactics, but are focused on voice-call systems. TDoS attacks were the spotlight of the DHS report. Recent TDoS attacks were part of an extortion scheme in which the criminals attempting to get agencies to pay them money supposedly owed to them.
If the agency refuses, which they should, the attacker launches a saturation wave of phone calls that renders the telephone lines useless. Although recent TDoS attacks have targeted non-emergency administrative lines, the implications of future problems are clear and have public safety professionals and citizens concerned.
Agencies are moving to wireless servicing, including those which host their call-taking capabilities. The acronyms that exist defining these changes and those coming can make a communication center manager’s head spin. Whether an agency is just coming online with E-911 or NG-911, centers need to be aware of security issues that will come with the new technology. Diluted accountability is another aspect of these changes, as there will no longer be one phone company handling the incoming/outgoing calls but instead a portfolio of companies providing services.
A concern brought to the attention of the FCC panel at APCO 2013 was who would be responsible for failures in the future and how will failures be investigated. PSAPs will be left holding more responsibility than ever before, although the FCC assured members they would still play a role.
TCS offers training for everyone from IT to front-line communicators, believing the key to security is awareness.
“With IP, it will be easier than ever to make those attacks,” stated Erik Wallace, principal architect of enterprise security and protection at the Cyber Intelligence Group, TCS.
“PSAPs will be in the position (telephone companies) were in before. PSAPs need consulting help to address and fix potential problems. They need to have help with what to do before, during and after a potential attack,” Wallace said.
TCS partners with best-in-breed hardware vendors to run their security software and offer protection for PSAPs now and in the future.
David Kahn, CEO of Covia Labs, makes these recommendations for security:
In the new environment of public safety communications, everyone regardless of title needs to be aware of the potential for attacks and failure of service. If someone cannot get through to 911, an operator cannot help save a life. Getting informed and utilizing cyber-security products are two ways to keep providing the emergency services to which we are dedicated.
DHS reminds all agencies to report any attack immediately to the FBI at www.ic3.gov.
|Back to previous page|