As 9-1-1 technological solutions migrate towards Next Generation 9-1-1, systems are more open to cyber-attacks. We will talk about why security is more essential than ever, especially during and through the migration to NG9-1-1, as well as what needs to be done to ensure these more advanced assets are protected and monitored.
3. PRESENTER INTRO
• Jack’s background
– Managing Director of 20/20 Technical Advisors
– Twenty years in IT infrastructure design and
management
– Public Safety
– Government and Military Contracting
– Fortune 500 companies – Healthcare, Logistics
– Network/security architect for Health and Human
Services mymedicare.gov website
4. 20/20 TECHNICAL ADVISORS
Come see us next
year at NENA in
Indy!
– Infrastructure
• Architecture design
• Voice/data networks
• Servers
– Security
• Architecture design
• Program design
• Audit/testing
– IT Strategy planning
– IT Management
• Indianapolis, IN Based Technology Consultancy Firm
5. 20/20 TECHNICAL ADVISORS
• Currently working in an advisory roll on a state 9-1-1 network
– Network management
– Invoice management
– Telecom expense management
– 9-1-1 fee management
• Inventory of the state 9-1-1 voice/data network
– Approximately 12K circuits
– Over 100 PSAPs
– Over 200 carriers
– Circuit IDs, Enhanced / NG / Wireless, Detailed network drawings
6. OVERVIEW
• Challenges in security
• What are we protecting?
– Evaluation of infrastructure and systems
– Entry points into public safety systems
– Aspects of NG9-1-1 providing a significant security impact over
Enhanced 9-1-1
• Who are we guarding against?
– Hackers – Who are they? What do they want?
7. OVERVIEW
• How do we mitigate?
– Building a security program
– Utilize NENA NG-SEC standards
– Utilize widely used security standards
8. CHALLENGES IN SECURITY
• Hackers increased activity
– Increase in hacktivism
• Technology Changes
– New technologies
• Next Generation 9-1-1
• Text, VoIP, mobile apps
– Cloud based solutions
– 3rd party management
companies
• Employees reduced security
awareness
– “Point and click” world
– Social engineering
– Fast paced world
9. CHALLENGES IN SECURITY
• Everyday there are more and more threats to the
nation’s IT infrastructures
• Hackers have a variety of motives
• Hackers are getting more advanced with less knowledge
• Hacking tools are easier to obtain and use
• Funding to install and manage systems are flat or
decreasing
10. WHAT ARE WE PROTECTING
• Every system evaluated for risk
– All existing and new systems must be evaluated
• What systems are mission critical?
– Voice systems, dispatch systems, network, etc…
• What data is sensitive?
– Employee data, call recording, email, ALI, etc..
• What systems stand to be targets?
11. WHAT ARE WE PROTECTING
– Unpatched systems
– Viruses on systems
– Untrusted networks
• Internet
• ESInets
• Partner networks
• Cloud providers
• Entry points to systems and network infrastructures
– USB drives
– USB ports
– Wifi networks
– Devices not decommissioned
– Unauthorized devices
12. WHAT ARE WE PROTECTING
• Examples of dangerous devices
– Rubber Duck USB Keyboard
– Raspberry PI
Micro PC
13. NG9-1-1 VS. ENHANCED
• Traditional voice network (TDM)
• Point to point communication
• ES/EM trunks
• Voice over IP(VoIP) /Session Initiation Protocol(SIP)
– Internet Protocol(IP) based network communication
– Packet based network
– ESINet – MPLS Cloud network used
– Can be a multi-point network
14.
15.
16. WHO ARE THE THREATS
• Can be external or internal attackers
• Internal attackers
• Disgruntled employees
• Sympathizers of a protest group
• Financially troubled individuals
17. WHO ARE THE THREATS
• Script Kiddies
- Not necessarily out to attack 9-
1-1
- Disgruntled employee
- Usually hacker starting out /
wanting to get noticed
- Use code already written
- Low tech skillsets but can do
lots of damage
- Take advantage of improper
patching and software
deficiencies
• Historical Incidents
- ILOVEYOU Virus did $7 billion in
damage
- Melissa virus did $80 million in
damage
• Catastrophic damage to 9-1-1
- Potential is there
- Not a specific target
• Patching can mitigate most
threats
18. WHO ARE THE THREATS
• Hacktivists – Protestors of the 21st century - vigilantes
- Motivated by politics or religion
- Expose wrong doing
- Exacting revenge
- Harass for entertainment
- Can be large organizations
- Many times no central command
- Uses social media to coordinate
19. WHO ARE THE THREATS
• State sponsored hackers
- Countries realize that controlling cyberspace is important
- China, North Korea, Russia are all in the news
• Cyber Terrorist
- Motivated by politics or religion
- The most dangerous
- Goal is to create fear and chaos, maybe even murder
- Very skilled
- Maybe state sponsored
20. MOTIVES
• Steal data
- Publish info about an event – call recordings, radio recordings, logs
- Employee information – People involved with an event
- Resource data
• Look for information dispatchers have for events
• Police/EMS staffing and positioning
• Incident response plans
21. MOTIVES
• Disrupt service
- Tie up 9-1-1 call
handling
- Voice gateways – VoIP
- Dispatch software
systems
- Dispatch networks
- Text 9-1-1
- Radio communication
gateways
• Monitoring target networks for data
- Insert themselves into the
environment to monitor data
- Monitor data traffic
- “Sniff” for passwords to systems
- Monitor phone calls/private
communications
- Monitor email to mine information
- Information gathering on resources
22. SECURITY MYTHS
• Technology is a “silver bullet” for security
• Technology is more important than people
• Outsourcing puts the responsibility on the outsourcer
• IT owns security
• “They don’t want us.”
23. HOW TO MITIGATE
• Develop Security Program
• Developing Security Architecture
• We started with:
– What do we want to protect?
– Evaluation of the risks to those systems?
– Who are we trying to keep out of those systems?
24. SECURITY PROGRAM
• Involve all levels of the organization
– Any agency that has oversight
– Executive management
– Operations management
– IT management
– IT technical staff
– Key staff members
– Trainers
– Outside technology partners
33. SECURITY PROGRAM
• Security Policy
Create/Update
– Adjust corresponding
policies
– Obtain approval of
adjusted policies
34. SECURITY PROGRAM
• Training
– Notify staff of changes
in policy
– Training classes
– Online tutorials
– Memos
– Update training
records
35. SECURITY PROGRAM
• Then the cycle starts again
• Security is a continual process and never stops
• New system procurement
– That system must be put through the program at the planning
stage
– Security must be tested throughout the implementation of new or
updated system
– The system should be security tested before allowed to go live
36. SECURITY REFERENCES
• NENA NG-SEC Document – www.nena.org
• ISECOM – Open Source Security Testing Methodology
Manual (OSSTMM) – www.isecom.org
• SANS – www.sans.org
• NIST – www.nist.gov
• Defense Information Systems Agency - www.disa.mil
37. SUMMARY
• The security climate for any organization will continually change
• Build a budget for security in everything you do
• Hackers are more active
• Changes in your technology are adding more entry points for attackers into
your environment
• PATCH YOUR SYSTEMS REGULARLY
• Implement or review your Security Policy
• Remember the security cycle never stops
• Involved everyone / train everyone
• Enlist help from trusted partners