Cyber-security and the PSAP
DHS and FBI outline the increase in attacks on PSAPs and express concerns about keeping public safety communications secure
Historically, PSAP security was handled by the “tech guys” and the phone company. It was certainly not a concern for public safety communication center managers. As technology saturates the 911 world, security falls to everyone involved, even those on the front lines. Thankfully there are companies already thinking about how NG-911, applications and data living in “the cloud,” coupled with the increasing sophistication of those intent on disrupting public safety, will affect PSAPs in the future.
Bob Schassler, senior vice president of government solutions for Motorola, agreed that public safety agencies and the private companies they work with need to “develop an ecosystem of security.” Applications need to meet a standard of security, and this must be looked at before rolling them out and opening up public safety to attack.
Recently, the Department of Homeland Security (DHS) in collaboration with the FBI released an alert outlining the increase in attacks on PSAPs and concerns revolving around keeping public safety communications secure in an environment of ever-evolving technology.
Types of Attacks
Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks occur when an entity attempts to render a machine or network resource useless. The goal is to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Hosts are saturated with communication so that they cannot respond to legitimate requests.
Telephony Denial-of-Service (TDoS) attacks use similar tactics, but are focused on voice-call systems. TDoS attacks were the spotlight of the DHS report. Recent TDoS attacks were part of an extortion scheme in which the criminals attempting to get agencies to pay them money supposedly owed to them.
If the agency refuses, which they should, the attacker launches a saturation wave of phone calls that renders the telephone lines useless. Although recent TDoS attacks have targeted non-emergency administrative lines, the implications of future problems are clear and have public safety professionals and citizens concerned.
In the past, PSAP phone calls came in through landlines handled by local telephone companies. If lines went down or there was any kind of trouble, the phone company was responsible for fixing the problem and was liable for any issues created due to the failure. As more agencies move towards NG-911, more systems will be accepting calls through wireless and Voice over Internet Protocol (VoIP).
Agencies are moving to wireless servicing, including those which host their call-taking capabilities. The acronyms that exist defining these changes and those coming can make a communication center manager’s head spin. Whether an agency is just coming online with E-911 or NG-911, centers need to be aware of security issues that will come with the new technology. Diluted accountability is another aspect of these changes, as there will no longer be one phone company handling the incoming/outgoing calls but instead a portfolio of companies providing services.
A concern brought to the attention of the FCC panel at APCO 2013 was who would be responsible for failures in the future and how will failures be investigated. PSAPs will be left holding more responsibility than ever before, although the FCC assured members they would still play a role.
During APCO 2013 in August, I saw several panels and numerous vendors offering public safety communication professionals information and products to help mitigate current and future security concerns. TCS offers ESP Cyber Solutions for Public Safety, which offers capabilities to assess, protect, validate, monitor and train the systems and teams supporting public safety infrastructure, providing for a comprehensive end-to-end solution from a single vendor.
TCS offers training for everyone from IT to front-line communicators, believing the key to security is awareness.
“With IP, it will be easier than ever to make those attacks,” stated Erik Wallace, principal architect of enterprise security and protection at the Cyber Intelligence Group, TCS.
“PSAPs will be in the position (telephone companies) were in before. PSAPs need consulting help to address and fix potential problems. They need to have help with what to do before, during and after a potential attack,” Wallace said.
TCS partners with best-in-breed hardware vendors to run their security software and offer protection for PSAPs now and in the future.
David Kahn, CEO of Covia Labs, makes these recommendations for security:
- Open up channels to more than just voice telephony. Then calls coming in over VoIP landlines (the originator of most attacks) will become more obvious.
- Dedicate a portion of the PSAP’s telephone lines to calls from landlines or for VoIP systems and keep these lines segregated from those accepting cellular calls. Again, most attacks originate on non-cellular lines, as wireless has increased ability to locate the origin point of an attack.
- Become knowledgeable about Information Assurance (IA) strategies, policies and tools. Be ready for the cyber-world of NG-911 and FirstNet.
In the new environment of public safety communications, everyone regardless of title needs to be aware of the potential for attacks and failure of service. If someone cannot get through to 911, an operator cannot help save a life. Getting informed and utilizing cyber-security products are two ways to keep providing the emergency services to which we are dedicated.
DHS reminds all agencies to report any attack immediately to the FBI at www.ic3.gov.