Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD

61 views

Published on


As 9-1-1 technological solutions migrate towards Next Generation 9-1-1, systems are more open to cyber-attacks. We will talk about why security is more essential than ever, especially during and through the migration to NG9-1-1, as well as what needs to be done to ensure these more advanced assets are protected and monitored.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2015 NENA - SECURING 9-1-1 INFRASTRUCTURE IN THE NG9-1-1 WORLD

  1. 1. NG9-1-1 Technology & Infrastructure Securing 9-1-1 Infrastructure in the NG9- 1-1 World
  2. 2. PRESENTER INTRO • Jack’s background – Managing Director of 20/20 Technical Advisors – Twenty years in IT infrastructure design and management – Public Safety – Government and Military Contracting – Fortune 500 companies – Healthcare, Logistics – Network/security architect for Health and Human Services mymedicare.gov website
  3. 3. 20/20 TECHNICAL ADVISORS Come see us next year at NENA in Indy! – Infrastructure • Architecture design • Voice/data networks • Servers – Security • Architecture design • Program design • Audit/testing – IT Strategy planning – IT Management • Indianapolis, IN Based Technology Consultancy Firm
  4. 4. 20/20 TECHNICAL ADVISORS • Currently working in an advisory roll on a state 9-1-1 network – Network management – Invoice management – Telecom expense management – 9-1-1 fee management • Inventory of the state 9-1-1 voice/data network – Approximately 12K circuits – Over 100 PSAPs – Over 200 carriers – Circuit IDs, Enhanced / NG / Wireless, Detailed network drawings
  5. 5. OVERVIEW • Challenges in security • What are we protecting? – Evaluation of infrastructure and systems – Entry points into public safety systems – Aspects of NG9-1-1 providing a significant security impact over Enhanced 9-1-1 • Who are we guarding against? – Hackers – Who are they? What do they want?
  6. 6. OVERVIEW • How do we mitigate? – Building a security program – Utilize NENA NG-SEC standards – Utilize widely used security standards
  7. 7. CHALLENGES IN SECURITY • Hackers increased activity – Increase in hacktivism • Technology Changes – New technologies • Next Generation 9-1-1 • Text, VoIP, mobile apps – Cloud based solutions – 3rd party management companies • Employees reduced security awareness – “Point and click” world – Social engineering – Fast paced world
  8. 8. CHALLENGES IN SECURITY • Everyday there are more and more threats to the nation’s IT infrastructures • Hackers have a variety of motives • Hackers are getting more advanced with less knowledge • Hacking tools are easier to obtain and use • Funding to install and manage systems are flat or decreasing
  9. 9. WHAT ARE WE PROTECTING • Every system evaluated for risk – All existing and new systems must be evaluated • What systems are mission critical? – Voice systems, dispatch systems, network, etc… • What data is sensitive? – Employee data, call recording, email, ALI, etc.. • What systems stand to be targets?
  10. 10. WHAT ARE WE PROTECTING – Unpatched systems – Viruses on systems – Untrusted networks • Internet • ESInets • Partner networks • Cloud providers • Entry points to systems and network infrastructures – USB drives – USB ports – Wifi networks – Devices not decommissioned – Unauthorized devices
  11. 11. WHAT ARE WE PROTECTING • Examples of dangerous devices – Rubber Duck USB Keyboard – Raspberry PI Micro PC
  12. 12. NG9-1-1 VS. ENHANCED • Traditional voice network (TDM) • Point to point communication • ES/EM trunks • Voice over IP(VoIP) /Session Initiation Protocol(SIP) – Internet Protocol(IP) based network communication – Packet based network – ESINet – MPLS Cloud network used – Can be a multi-point network
  13. 13. WHO ARE THE THREATS • Can be external or internal attackers • Internal attackers • Disgruntled employees • Sympathizers of a protest group • Financially troubled individuals
  14. 14. WHO ARE THE THREATS • Script Kiddies - Not necessarily out to attack 9- 1-1 - Disgruntled employee - Usually hacker starting out / wanting to get noticed - Use code already written - Low tech skillsets but can do lots of damage - Take advantage of improper patching and software deficiencies • Historical Incidents - ILOVEYOU Virus did $7 billion in damage - Melissa virus did $80 million in damage • Catastrophic damage to 9-1-1 - Potential is there - Not a specific target • Patching can mitigate most threats
  15. 15. WHO ARE THE THREATS • Hacktivists – Protestors of the 21st century - vigilantes - Motivated by politics or religion - Expose wrong doing - Exacting revenge - Harass for entertainment - Can be large organizations - Many times no central command - Uses social media to coordinate
  16. 16. WHO ARE THE THREATS • State sponsored hackers - Countries realize that controlling cyberspace is important - China, North Korea, Russia are all in the news • Cyber Terrorist - Motivated by politics or religion - The most dangerous - Goal is to create fear and chaos, maybe even murder - Very skilled - Maybe state sponsored
  17. 17. MOTIVES • Steal data - Publish info about an event – call recordings, radio recordings, logs - Employee information – People involved with an event - Resource data • Look for information dispatchers have for events • Police/EMS staffing and positioning • Incident response plans
  18. 18. MOTIVES • Disrupt service - Tie up 9-1-1 call handling - Voice gateways – VoIP - Dispatch software systems - Dispatch networks - Text 9-1-1 - Radio communication gateways • Monitoring target networks for data - Insert themselves into the environment to monitor data - Monitor data traffic - “Sniff” for passwords to systems - Monitor phone calls/private communications - Monitor email to mine information - Information gathering on resources
  19. 19. SECURITY MYTHS • Technology is a “silver bullet” for security • Technology is more important than people • Outsourcing puts the responsibility on the outsourcer • IT owns security • “They don’t want us.”
  20. 20. HOW TO MITIGATE • Develop Security Program • Developing Security Architecture • We started with: – What do we want to protect? – Evaluation of the risks to those systems? – Who are we trying to keep out of those systems?
  21. 21. SECURITY PROGRAM • Involve all levels of the organization – Any agency that has oversight – Executive management – Operations management – IT management – IT technical staff – Key staff members – Trainers – Outside technology partners
  22. 22. SECURITY PROGRAM • Planning – Standards – Policies – Architectures – Guidelines
  23. 23. POLICY EXAMPLES • Senior management policies - Explains sr. management’s expectations and goal - Identifies who is responsible for security • Functional Policies • Acceptable use • Password • Data protection • Wireless • Physical • Remote Access • Inventory • Change control • Incident Response
  24. 24. STANDARDS EXAMPLES • Hardware / software manufacturers • Global architecture requirements • Service vendors • Device standards • Naming conventions
  25. 25. SECURITY PROGRAM • Policy Implementation/Enforceme nt – Train users – Implement architectures – Document as built configurations – Testing security on systems • Before, during and after implementation
  26. 26. SECURITY PROGRAM • Monitor & Manage – Monitor environment – Monitor tools – Audit – Penetration Testing – Manage changes through policy • Document changes • Notification of changes
  27. 27. SECURITY PROGRAM • Intrusion / Threat Detection – Detect event – Initiate Incident Response
  28. 28. SECURITY PROGRAM • Threat/Risk Assessment – Determine risk – Determine course of action – Mitigate risk
  29. 29. SECURITY PROGRAM • Security Policy Create/Update – Adjust corresponding policies – Obtain approval of adjusted policies
  30. 30. SECURITY PROGRAM • Training – Notify staff of changes in policy – Training classes – Online tutorials – Memos – Update training records
  31. 31. SECURITY PROGRAM • Then the cycle starts again • Security is a continual process and never stops • New system procurement – That system must be put through the program at the planning stage – Security must be tested throughout the implementation of new or updated system – The system should be security tested before allowed to go live
  32. 32. SECURITY REFERENCES • NENA NG-SEC Document – www.nena.org • ISECOM – Open Source Security Testing Methodology Manual (OSSTMM) – www.isecom.org • SANS – www.sans.org • NIST – www.nist.gov • Defense Information Systems Agency - www.disa.mil
  33. 33. SUMMARY • The security climate for any organization will continually change • Build a budget for security in everything you do • Hackers are more active • Changes in your technology are adding more entry points for attackers into your environment • PATCH YOUR SYSTEMS REGULARLY • Implement or review your Security Policy • Remember the security cycle never stops • Involved everyone / train everyone • Enlist help from trusted partners

×