Imagine dialing 911 and your call goes unanswered. That scenario could easily become a reality as our public safety systems become an increasingly attractive target to hackers. Trey Fogerty, government affairs director for the National Emergency Number Association noted in a TV interview that, “researchers found…that a trivial number of 911 calls from a small number of compromised devices …would be able to take down not just one 911 center, but actually many 911 centers across a region.” In 2015, Miami County call center paid a $700 ransom to regain access to their administrative network. While no 911 calls were impacted, the threat loomed large. Many reports exists of various successful and unsuccessful attacks against call center.
Today, public safety agencies and IT administrators have to be concerned about the security of their 911 call center. In the past, these traditionally disconnected, standalone, analog systems, were more difficult to penetrate and attack. However, with the advent of Next Generation 911 (NG911) these systems are now digital-enabled, IP connected networks. This makes an attacker’s barrier to entry much lower. And no one can question the attractiveness of a public safety system as a target.
The real question, now, is how we protect our 911 systems. Most agencies do not have experience in this arena, nor adequate funding. Yet, the risk remains real. In the absence of a cohesive national strategy and adequate funding are there steps that you, as an IT administrator or director of a 911 call center, can take? The answer is yes.
This article contains five simple steps to get started on improving the security of your 911 call center. Even if you are not responsible for a 911 call center, the above tips can be applied equally to just about any other environment from corporate IT to other government agencies.
Own your 911 system. By that, I mean recognize that no one is responsible for the security of your system but you. Your vendors may or may not provide some or all of the security, but ultimately, it’s you who will be on the front page of the newspaper when you get hacked. Understand your critical role in owning the security of your 911 call center. Once you recognize that it’s up to you and only you, you can start.
You are a target. “911 center hacked” makes a great headline. And for someone with nefarious intent, “getting” a 911 center helps build their street cred; never mind the potential nation-state actors who may have far more serious intentions. Now that you know it’s your challenge, start to learn. First, try to understand what the unique risks facing your center are. For example, does your PSAP have external connections to third-party vendors that could be compromised? Does your center have a lax policy on passwords or software programs that may not support the installation of antivirus software without extensive testing by the provider? Are your computers regularly patched? Consultants or cybersecurity companies can help you understand what may not be readily apparent by conducting formal risk assessments or vulnerability scans.
SEE: Network security policy (Tech Pro Research)
911 funding overall is already scarce in many cities and counties. With the costs of moving to NG911 looming on the horizon coupled with regular raiding of 911 funds, it’s hard to pay for the 911 systems themselves let alone secure them. However, setting aside money explicitly for security is important and necessary. I suggest working with your finance departments, city council, and other government departments and agencies to start to make this a priority. Focus on helping them understand the risk if these critical vulnerabilities in your 911 system are left unchecked. Politicians speak “risk” and by shedding light on areas where risk can manifest can be a great motivator. Even small incremental budget allocations can help you get started and at least do the basics.
Some security is better than no security. Rather than waiting until you have all of the funding you need or have a complete picture of your risks, start. Do something. It’s likely you can buy basic security countermeasures from your current vendors at a reasonable price. Installing antivirus software, enabling firewalls, patching your systems, and conducting routine backups are all reasonably inexpensive steps to take. You don’t need a security consultant to tell you that you need antivirus or a firewall. You do. Start there. Build from that.
With some basic countermeasures out of the way, you can take a quick breath. But don’t relax too long. Security is an ongoing process. You fix one thing, there’s a new hole. And it’s likely your basic steps may stop unsophisticated attackers, but it’s likely it won’t defeat a sophisticated hacker. Start by writing a security plan. Do a formal risk assessment. Get organized. Perhaps security monitoring services make sense. Commit yourselves and your employees to an active cybersecurity posture.
There you have it. In NG911 the potential for attack is far larger and the results far more catastrophic. Today’s public safety leaders and IT administrators must start to take an active role in the security of their 911 call center. Be accountable, get educated, budget for it, knock out a few basics, and then keep going. Why take the risk by doing nothing?
- FTC looks to shut down fake tech support scams with Operation Tech Trap (TechRepublic)
- Amazon Connect is a cloud-based call center you can launch ‘within minutes’ (TechRepublic)
- The world’s smartest cities: What IoT and smart governments will mean for you (TechRepublic)
- Millions of Verizon customer records exposed in security lapse (ZDNet)
- Cybercrime Inc: How hacking gangs are modeling themselves on big business (ZDNet)
- US issues hacking security warning for small aircraft
- Fears grow as Congo's Ebola epidemic spreads to Uganda
- Turkish-led forces enter Syrian border town Ras al Ain, fighting rages
- 2020 Democrats start two nights of debates in Detroit
- US position in NATO effects ties with Turkey
- Banking sector in Lithuania 15 years after joining the EU
- Georgians allege Azerbaijan interfering in their local elections
- NWS Issues Short Term Forecast and Flood Advisory for Guam
- Historical Visit
- Every Man for Himself: The Russian Regime Turns On Itself
- Armed and Dangerous: Myanmar's military goes shopping
- Human civilisation could end by 2050
5 steps to secure your emergency call center have 1046 words, post on www.techrepublic.com at September 15, 2017. This is cached page on VietNam Breaking News. If you want remove this page, please contact us.