Make this page my home page
  1. Drag the home icon in this panel and drop it onto the "house icon" in the tool bar for the browser

  2. Select "Yes" from the popup window and you're done!

November 12, 2013
Print Comment RSS

Michelle Perin Communications and Communicators
with Michelle Perin

Cyber-security and the PSAP

DHS and FBI outline the increase in attacks on PSAPs and express concerns about keeping public safety communications secure

Historically, PSAP security was handled by the “tech guys” and the phone company. It was certainly not a concern for public safety communication center managers. As technology saturates the 911 world, security falls to everyone involved, even those on the front lines. Thankfully there are companies already thinking about how NG-911, applications and data living in “the cloud,” coupled with the increasing sophistication of those intent on disrupting public safety, will affect PSAPs in the future.

Bob Schassler, senior vice president of government solutions for Motorola, agreed that public safety agencies and the private companies they work with need to “develop an ecosystem of security.” Applications need to meet a standard of security, and this must be looked at before rolling them out and opening up public safety to attack.

Recently, the Department of Homeland Security (DHS) in collaboration with the FBI released an alert outlining the increase in attacks on PSAPs and concerns revolving around keeping public safety communications secure in an environment of ever-evolving technology.

Request product info from top Technology companies.
First: *
Last: *
Department: *
Department size: *
Email: *
Zip Code: *
Telephone: *
I recommend or purchase products for my Department: *
Purchasing Timeframe: *
*Required Field

Types of Attacks
Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks occur when an entity attempts to render a machine or network resource useless. The goal is to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Hosts are saturated with communication so that they cannot respond to legitimate requests.

Telephony Denial-of-Service (TDoS) attacks use similar tactics, but are focused on voice-call systems. TDoS attacks were the spotlight of the DHS report. Recent TDoS attacks were part of an extortion scheme in which the criminals attempting to get agencies to pay them money supposedly owed to them.

If the agency refuses, which they should, the attacker launches a saturation wave of phone calls that renders the telephone lines useless. Although recent TDoS attacks have targeted non-emergency administrative lines, the implications of future problems are clear and have public safety professionals and citizens concerned.

Next-Generation Problems
In the past, PSAP phone calls came in through landlines handled by local telephone companies. If lines went down or there was any kind of trouble, the phone company was responsible for fixing the problem and was liable for any issues created due to the failure. As more agencies move towards NG-911, more systems will be accepting calls through wireless and Voice over Internet Protocol (VoIP).

Agencies are moving to wireless servicing, including those which host their call-taking capabilities. The acronyms that exist defining these changes and those coming can make a communication center manager’s head spin. Whether an agency is just coming online with E-911 or NG-911, centers need to be aware of security issues that will come with the new technology. Diluted accountability is another aspect of these changes, as there will no longer be one phone company handling the incoming/outgoing calls but instead a portfolio of companies providing services.

A concern brought to the attention of the FCC panel at APCO 2013 was who would be responsible for failures in the future and how will failures be investigated. PSAPs will be left holding more responsibility than ever before, although the FCC assured members they would still play a role.

Cyber Solutions
During APCO 2013 in August, I saw several panels and numerous vendors offering public safety communication professionals information and products to help mitigate current and future security concerns. TCS offers ESP Cyber Solutions for Public Safety, which offers capabilities to assess, protect, validate, monitor and train the systems and teams supporting public safety infrastructure, providing for a comprehensive end-to-end solution from a single vendor.

TCS offers training for everyone from IT to front-line communicators, believing the key to security is awareness.

“With IP, it will be easier than ever to make those attacks,” stated Erik Wallace, principal architect of enterprise security and protection at the Cyber Intelligence Group, TCS.

“PSAPs will be in the position (telephone companies) were in before. PSAPs need consulting help to address and fix potential problems. They need to have help with what to do before, during and after a potential attack,” Wallace said.

TCS partners with best-in-breed hardware vendors to run their security software and offer protection for PSAPs now and in the future.

David Kahn, CEO of Covia Labs, makes these recommendations for security:

  • Open up channels to more than just voice telephony. Then calls coming in over VoIP landlines (the originator of most attacks) will become more obvious.
  • Dedicate a portion of the PSAP’s telephone lines to calls from landlines or for VoIP systems and keep these lines segregated from those accepting cellular calls. Again, most attacks originate on non-cellular lines, as wireless has increased ability to locate the origin point of an attack.
  • Become knowledgeable about Information Assurance (IA) strategies, policies and tools. Be ready for the cyber-world of NG-911 and FirstNet.

In the new environment of public safety communications, everyone regardless of title needs to be aware of the potential for attacks and failure of service. If someone cannot get through to 911, an operator cannot help save a life. Getting informed and utilizing cyber-security products are two ways to keep providing the emergency services to which we are dedicated.

DHS reminds all agencies to report any attack immediately to the FBI at www.ic3.gov.

About the author

Michelle Perin spent seven and a half years as a police telecommunications operator with the City of Phoenix (Ariz.) Police Department. She is a Navy veteran and holds a graduate degree in Criminology and Criminal Justice from Indiana State University. Her publication credits include Law Enforcement Technology, Law & Order, Beyond the Badge, Police Chief, Police Times, and Police Magazine. Michelle has done volunteer work as an advocate for sexual assault victims and veterans. She is currently a volunteer firefighter in the small Oregon town in which she lives. She rides a Triumph America with the Patriot Guard honoring those who have served our nation. She currently works at Jasper Mountain, a psychiatric residential treatment facility for severely traumatized children. Michelle enjoys spending time with her two adolescent sons, watching ice hockey, and volunteering at the local ferret shelter. Michelle has been a member of the Public Safety Writers Association since 2005 and has been the Contest Coordinator since 2007.

Contact Michelle Perin




PoliceOne Offers


Technology Sponsors

Featured Distributor

Featured Products

NEW from Code 3: vLink

NEW from Code 3: vLink



Ops Force Components: CADmine®, Staff Wizard®, and GeoBalance®

Ops Force Components: CADmine®, Staff Wizard®, and GeoBalance®




Featured Videos

Top Product Articles

Featured Deals

Featured Product Categories

New Products

Police Technology Questions

PoliceOne Offers