SlideShare a Scribd company logo

Cyber Threat to Public Safety Communications

K
Kory Edwards
1 of 11
Download to read offline
Cyber Threat to Public Safety Communications Kory W. Edwards Webster University May 2016
Abstract Public safety communications are the most crucial point of defense within the communication critical infrastructure (CI) sector. This paper explores the past mistakes, the threats, challenges, vulnerabilities and solutions in protecting public safety communications systems to ensure communications flow from the public to the first responder and all the coordination between them. This research paper traces the progression of public safety communications during the 9/11 attacks to modern infrastructure changes and the new threats they pose. Once identified, solutions are offered for those vulnerabilities. Keywords: Cybersecurity, Public Safety Communications, Cyberattack, Communications Security, Disaster Response Post 9/11 Connectivity Created Ubiquity Public safety communication vulnerabilities attained prominence in the aftermath of the September 11th , 2001 terrorist attacks. Once the two planes hit the World Trade Center, approximately 55,000 calls went out to the 911 emergency call center, of which 3,000 were received within the first few minutes. (Sharp, et al 2011) Cell phone networks promptly became overloaded as well, thus complicating first responder communications which typically used cell phones as a back-up to land mobile radio (LMR) systems. Radio repeaters on the Twin Towers were damaged and LMRs being used by police and firefighters could not operate at a power strong enough to hear the evacuation calls from within the buildings. (Sharp, et al 2011) With the addition of noise, operators talking over each other, incompatible systems, differences in radio jargon and the confusion, public safety communications underwent a significant break down during the crisis. America needed a remedy for the future. Since 9/11, the most common buzz words in emergency management are “redundancy” and “interoperability”. Federal funding continues to flow to agencies of all levels of government, Federal, state and local in order to procure systems that can operate in the same network or bridge into each other’s networks. The big push for more powerful radios, converters for cell phones to talk to LMRs, audio bridges to link LMR networks into a single channel, converters to merge LMR and other communication platforms into a voice-over-IP communication and broadband communications that ride over the internet have all increased interoperability and redundancy of public safety communications significantly. But emergency managers often overlook a key fact- connectivity creates ubiquity. The ability to connect all these platforms together offers many benefits, but the more components connected to the internet also provides for more entrances for cyber-attack. Components linking systems then become single points of failure that a cyber attacker can reach from literally anywhere around the world with the right skills. Attacks on Public Safety Communications
What is an attractive target? Just in the year 2013, there were over 600 instances where citizens were denied emergency services as a result of a cyber-attack; 200 of these attacks directly targeted offices of public safety and their systems. (Macri 2014) Since 9/11, significant emphasis is placed on interoperability between agencies and levels of government. Interoperability plans often rely on increased connectivity to the open internet for remote maintenance, remote diagnostics and conversion of signals between networks. Each of these connections offer a cyber attacker additional access points from which they can monitor public safety communications, intercept sensitive data or conduct a cyber-attack. Aside from the actual public safety communications systems, which are increasingly more complex and composed of more secure components, the public’s ability to communicate with 911 services presents a prime target. Cyber-attacks have become so increasingly routine that IT professionals and their executive chain no longer focus on individual or repetitive attacks. The sheer volume and variety of penetrations and probes do not garner attention unless there is a significant loss of data or productivity. As Federal funds flow to agencies large and small to improve interoperability and redundancy, few agencies invested in protecting the public’s link to 911 call centers. As of May, 2015, over 200 attacks were conducted against 911 call centers using a telephone denial-of-service (TDOS) attack. (Viebeck 2015) Similar to a distributed denial-of-service (DDOS) attack, the attackers launch a large volume simultaneous calls to 911 which ties up the system and prevents the receipt of legitimate emergency calls. The most attractive targets are those easiest to get access to and most likely to cause the biggest effect. These would be the ability of the public to call 911, 911 call center’s ability to receive and process calls, and the single points of failure within interoperable bridge systems. The Attacks In recent years, we’ve seen sporadic attacks on both 911 systems, other public safety networks or supporting companies and infrastructure. Here’s just a small sample:  In early 2016, a cyberattack flooded Spartanburg County, SC non-emergency phone lines and pushed the calls onto the 911 system which jammed the 911 call center and slowed dispatching to respond to emergencies. (Stone 2016)  In April 2016, a cyberattack shut down various public safety systems of the Newark Police Department, NJ. The virus used in the attack prevented staff from accessing criminal data and the primary system used to dispatch first responders for 3 days. The police had to use their back-up system until the virus was remediated. (Coleman 2016)  In March 2016, a cyberattack flooded VOIP Innovations, a leading provider of voice over IP services, with service requests and denied their customers access to the system. The attack was so intense and so frequent that the FBI considered the attack a national security threat. (Hartmans 2016) Why? Because first responder agencies use VOIP in their primary networks or use components such as the Raytheon ACU-1000 for interoperability. The ACU-1000 converts numerous land-mobile-radio (LMR) and other communications systems to a single VOIP signal, which allows them to talk to each
other. (Raytheon 2012) This becomes a single point of failure in a mass casualty of major event situation management.  In December 2014, cyber attackers disrupted the emergency 911 system in Indianapolis, IN for several days. The attackers either entered the system directly or by way of an individual computer. Not only did the penetration of the system occur, but the attackers stayed within the system to see how police responded to the incident. (Brilliant 2015) Threat of Secondary Attacks If the inability to contact emergency services were not concerning enough, the combination of a major terrorist attack followed by a cyber-attack on first responder systems could significantly compound the loss of life. Currently, cyberattacks from terrorist organizations have inflicted minimal damage and mostly consist of nuisance attacks. The concern with cyberattacks being combined with a physical attack within the U.S. relates to both future capabilities and the organizations’ ability to purchase cyberattack capabilities. The Islamic State of Iraq and the Levant (ISIL) obtained significant financial support from oil field seizures and other means. These funds could easily be used to recruit a successful cyber attacker to provide a secondary attack in the aftermath of a physical attack. Security Challenges of Public Safety Communications Complacency Recent mass casualty incidents in previously little known locations like San Bernardino, CA, Charleston, SC, Colorado Springs, CO, and Fort Hood, TX show us that public safety communications are of concern in places outside of the major metropolitan areas that most often receive attention. Many agencies and local governments believe that their city, county or town will never see such an event occur. And they might be right. Especially when facing significant expenses in upgrading their public safety networks, why put forth the effort and funding for a small possibility? Between frequently changing legal and technological requirements and the massive coordination needed to improve interoperability and continuity between agencies, most heads of agencies are not willing to dedicate time, manpower and a large portion of their budget to fix their cybersecurity vulnerabilities. (Burger, et al 2016) Public safety officials are not likely to pay close attention to cyber-attacks that happened “over there” in a distant city or state. In fact, many heads of agencies that hire security experts become complacent over the daily threat briefs and worries of their security staff. The security director who constantly cries wolf cannot get the action they need when it is significant. So, should a cyber security professional not mention the daily threats? Our society has become tone deaf to the headlines about cybersecurity issues. And our complacency becomes a major challenge in address the security needs to public safety communications. Expense/Funding Budgets always have been a battle for any security professional. The biggest challenge facing a Chief Information Security Officer (CISO) is normally not identifying the vulnerabilities and
solutions, but obtaining the budget necessary to fortify their networks. Take for example the following headlines over just the last year:  How to be a successful CISO without a “real” cybersecurity budget (SEP 2015)  How to calculate ROI and justify your cybersecurity budget (DEC 2015)  Rebalancing your cybersecurity budget with deception technology (APR 2016) A recent study showed that across all industries, government failed industry-standard security tests the worst. In fact, government agencies fixed fewer than 1/3 of detected cyber-security problems and most often due to budget constraints. (Ward 2015) Whereas private companies such as Target have been financially and legally held accountable for data theft, government agencies are often not held to the same standards. The theft of millions of Federal employee personal information during the Office of Personnel Management data breach is a perfect example of why government should dedicate more funds to cybersecurity, but do not have the same legal and financial incentives to do so as a private company does through litigation risks. Interoperability Since 9/11, many agencies have progressed in the issue of interoperability between agencies. With the support of the Department of Homeland Security, universal standards of data management, enabling of broadband capabilities for voice, data and video, and hardware solutions such as audio bridges and higher-power land-mobile-radio systems have become commonplace. Even joint command centers have sprung up to bring crisis management participants face-to-face when needed. The increased interoperability also comes with its own set of challenges though. Not every agency can afford to participate in these joint interoperability ventures due to funding or incompatible systems. Expenses often are cost prohibitive for smaller or rural agencies using outdated and incompatible systems meaning they must bear a larger expense in order to become interoperable. Instead, they end up relying on less expensive options such as augmenting LMR networks with broadband. Aside from the broadband cyber vulnerabilities, this option typically uses first responder commercial smartphones that lack mission-critical voice capabilities such as radio-to-radio and one-to-many communications. (DHS 2014) Shared systems between agencies also run the risk of being tied into an agency that has not employed security measures, that lacks diverse routing or redundancy in electrical power. When agencies lack common security policies and training, one of the agencies might be enabling insiders to accidentally or intentionally disrupt operations or security throughout the share network. Vulnerabilities of Public Safety Communications Next Generation 911 Systems Today’s trend in 911 systems is the implementation of Next Generation 911 (NG911) systems which operate on an Internet Protocol (IP). These systems offer a wide range of broadband options for voice, data, video and interconnection of public and private networks. Unfortunately, this new system subjects 911 communications to significant vulnerabilities that come with an IP
connected system. In order to be functional for a wide array of agencies, these systems require standardized identity management and credentialing system-wide. The use of credentials allows a potential attacker numerous attack vectors and wide-spanning access which would allow the attack to spread quickly and proliferate across systems. (DHS 2015) DHS is of the opinion that these risks do not undermine the benefits of the NG911 system; however, they acknowledge that as attacks increase in complexity and sophistication beyond the TdoS attacks currently used, the system will be more at risk. But such a statement begs two questions, how do we know these more sophisticated attacks do not already exist? And, how soon before we begin to see these new attack strategies. By ascribing to a new system with known flaws and multiple chokepoints, and especially by publishing these vulnerabilities, are we not encouraging new attack development? Reliance Upon Telephony Modern public safety communications systems rely heavily upon telephony. The New York Police and Fire Departments, for example, operate a dedicated, private LTE carrier using the 2.5 GHz spectrum leased by the Brooklyn Archdiocese. (Careless, et al 2011) This now subjects the entire New York emergency response to standard LTE attacks on the commodity hardware and software used, rogue base stations renegotiation attacks (forcing the communications to less secure GSM channels), man-in-the-middle (MiM) attacks, jamming, attacks using stolen secret key (K) attained from the carrier’s HSS/AuC or the UICC manufacturer, physical attacks on base stations or availability attacks on eNodeB and Core. (Bartock, et al 2015) Those public safety communications systems that rely on VOIP communications for interoperability also have significant vulnerabilities to deal with. Internet bound packets can be intercepted or significant strain on VPN hardware can cause delays and broken communications. These VOIP systems all lead to virtual chokepoints at gateways and base station control functions (BCFs) and securing them at a firewall is challenging. Other VOIP security is depended upon updated patches to phones, good underlying network security, operating system security, DoS attacks, packet interception, unsecure open ports, wireless connectivity exposure and spam over IP telephony. (Ruck 2010) The ability to conduct attacks on telephony is not complicated but does require specialized equipment that is not difficult to obtain. Especially when dealing with cellular systems, the most secure operating system is the Android or iOS operating system on the phones; however, at least two other operating systems exist on handsets and they have significantly more vulnerabilities. The base board operating system controls all functions involving radio frequency (RF) transmission and controls. They rely on signals being dent on the downlink from a tower as being both secure and direct commands. Shifting an LTE signal to GSM or UMTS where security flaws are more exploitable can be done with a cause code 8 which bricks the handset and instructs it to stop looking for LTE. This would knock a first responder’s handset off the secure LTE network and since most of these specialized LTE systems do not have a GSM channel in their neighbor list, the phone becomes dead at least until power cycled away from the rogue base station’s reach. SIM cards on cellular devices are also a vulnerability. Reverse engineering of a SIM card can grant unauthorized access, or hacking of an authorized SIM card can give a cyber attacker access
to about 13% of authorized devices in order to steal data or conduct a TDoS attack from within the specialized network. (Anthony 2013) Shortage of Cyber Security Professionals Despite all the improving hardware, software, encryption, awareness and companies willing to sell and install the latest and greatest in cyber security and cyber defense systems, one final vulnerability remains and is growing. This would be the shortage of cyber security professionals to employ and acknowledgment of the need for these professionals. Many companies and government entities have shifted their hiring practices to ensure new head of security are also information security or cyber security trained; however, the fact remains that roughly 300,000 cyber security jobs remain unfilled in the U.S. and that number is likely to grow to over 1.5 million in the next 5 years. (Zarya 2016) This shortage means that public safety agencies must compete for this talent pool with private corporations which typically offer higher salaries than government entities can afford to pay. The shortage also leads to expansion of the talent pool by hiring foreign cyber security experts or relying on offsite cyber security companies for support through consulting roles or crisis assistance. Hiring foreign professionals runs the risk of terrorist sympathizers infiltrating these agencies to either conduct cyber reconnaissance or an attack. And the hiring of consultants or outside crisis management companies means a delayed response to these attacks and a response to only attacks that are blatantly noticeable. What does a public safety agency do about the daily attacks that do not rise to the crisis threshold but could be indicative of probing or planning for a larger attack? How can an agency respond rapidly and effectively if their support is not onsite? It is imperative that we recognize the vulnerability within our employee talent in addition to the hardware and software security issues. Solutions for First Responder Communications Communication of Information Via Fusion Center Network One of the benefits of the actions taken by the Department of Homeland Security after the 9/11 Report was issued was the establishment of a state fusion center network. Federal funding supports these state and major metropolitan area analysis centers that now exist in every state and territory, with the exception of Wyoming. Embedded analysts and liaisons at these fusion center connect agencies of all levels of government and private sector partners through face-to- face interaction at the center. In addition, useful tools such as Adobe Connect sessions are offered for free through the DHS portals. These communications systems remove crisis discussions from the agency’s standard networks and onto an internet based platform that may not be linked to the victim agency’s networks and therefore not targeted in the cyber-attack. Use of these fusion center tools can allow access to key personnel using any device that is able to connect to the internet via cellular or land-based Ethernet connections, regardless of the ISP or connection. Voice, data, messaging and video are all offered on the platform and through the embedded DHS Intelligence Officers, information can travel rapidly through the fusion center network to other state, localities and centers which may need to prepare for subsequent or simultaneous attacks. These DHS Intelligence Officers have already established rapport and
contact with key players within their area of responsibility. This is a significant resource that is often under-utilized. Network In-A-Box An alternate cellular back-up solution would be a closed cellular network such as the Multi- Radio Network-in-a-Box system offered by a joint venture between Radisys, Octasic and Quortus. (Radisys 2015) This product is a portable cellular base station platform that can handle up to 32 cellular devices per box and is deployable via UAV, vehicle or backpack. It uses 4G/LTE, 3G and 2G air interfaces, allowing any cellular device to connect to it but allows the agency to restrict which devices can connect to the platform by using a whitelist/blacklist authentication. In order to cover larger distances or urban environments, the system can be deployed with multiple platforms and establishing a crisis specific cellular channel, frequency and neighbor list. How is this platform different from a carrier platform? It offers the security of being a closed network that does not connect to outside carrier networks. This inhibits a rogue tower or internet attack since it is detached from public cellular networks. If the frequency were to be intercepted, that frequency can be changed for the authorized devices. A visual log of SMS transmissions between devices can also serve as a time-stamped record of the event management and decisions. Satellite Backup There is a common misperception that redundancy and diversity of communications can be achieved through multiple options of terrestrial communications. Unfortunately, this ends up leading to diversity of the carrier but not the pathway. (Bardo 2015) If the entire infrastructure collapses due to a major terrorist attack or natural disaster (as in 9/11), what options remain? This is where satellite communications become essential. Just as satellite communications can be deployed at sea or on a battlefield without significant infrastructure, these satellite communications systems are a fail-safe in a catastrophic event. Modern satellite communications allow for sleeve devices that can be added to off-the-shelf cellular devices to convert them to satellite capable handsets. Satellite communications should be an integral part of any continuity of operations planning. Recruitment of Cyber Security Professionals As mentioned in the vulnerabilities section of this paper, there is a shortage of cyber security professionals. A solution to this problem is to recruit or train IT personnel within the agency to understand cyber security issues. Agency sponsorship of certification courses such as Certified Information Systems Security Professional (CISSP) and Security + courses, attached with an employment commitment obligation (to prevent employee loss) could augment the agency’s IT skills. In addition to training and recruitment, executives must break the complacency mindset and dedicate resources and attention to improving their cyber security status. In government, where loss is not as much of a concern, policies must be adopted to hold government executives accountable in the event that their agency suffers a significant loss of data or service capability.
Conclusion No public safety communications system is 100% secure from cyber-attack and no agency has the funding to reach the pinnacle of cyber security. However, it is incumbent upon public safety leadership to seek out solutions to improve their security standing. Lives are on the line, as we learned during the 9/11 attacks, those lives can be first responders and citizens. Communications are the key to an effective disaster response and our attackers understand that by disrupting these communications they can maximize the effects of their attack. The solutions outline above are just a few of the possibilities and as technology evolves, so must our communications defenses.
References Sharp, K.; Losavio, K. (2011) 9/11, 10 Years Later., PSC Online, Retrieved from: http://psc.apcointl.org/2011/09/06/911-10-years-later Macri, G. (2014) Emergency services like 911 n longer cyber-safe, GAO reports. TheDailyCaller.com, Accessed from: http://dailycaller.com/2014/01/30/emergency- services-like-911-no-longer-cyber-safe-gao-reports/ Viebeck, E. (2015). DHS: 911 Call Centers Vulnerable to Cyber-Attack. TheHill.com, Retrieved from: http://thehill.com/policy/cybersecurity/241442-dhs-911-call-centers-vulnerable-to- cyberattack Stone, A. (2014) Cyberattack: The Possibilities Emergency Managers Need to Consider. EmergencyMgmt.com, Retrieved from: http://www.emergencymgmt.com/safety/Cyberattack-Emergency-Managers.html Coleman, V. (2016) Cyber Attack Temporarily Shut Down Newark Police Computer Systems., NJ.com, Retrieved from: http://www.nj.com/essex/index.ssf/2016/04/cyber_attack_shuts_down_newark_police_co mputer_sys.html Hartmans, A. (2016) VOIP Innovations Suffers Cyberattack., Pittsburgh Business Times. Retrieved from: http://www.bizjournals.com/pittsburgh/news/2016/03/17/voip- innovations-suffers-cyberattack.html Raytheon (2012) ACU-1000 Datasheet. PSI Company. Retrieved from: http://www.psicompany.com/man-prod-info/Raytheon-JPS/Control-Equipment/ACU- 1000/ACU-1000-Datasheet.pdf Brilliant, J. (2015) Hackers Target Indianapolis 911 Center. WTHR.com Retrieved from: http://www.wthr.com/story/27897557/hackers-target-indianapolis-911-center Burger, E.; Welch, T. (2016) Complacency in the Face of Evolving Cybersecurity Norms is Hazardous, Legaltech News, Retrieved from: http://poseidon01.ssrn.com/delivery.php?ID=04310512712102512509107200409409412 100903600008206109110602100102511101202308307301112005810012204202405311 407111201207411107602009003403703409907012109909207106504204600000007712 5102095114095093001086003092000106100109001126026102125106089113097006& EXT=pdf Ward, M. (2015) All Industries Fail Cybersecurity, Govt The Worst., CNBC.com, Retrieved from: http://www.cnbc.com/2015/06/23/all-industries-fail-cybersecurity-govt-the- worst.html Department of Homeland Security (DHS) (2014), The Hybrid Public Safety Microphone (Turtle Command) Land Mobile Radio Converging with Broadband., Retrieved from:
https://www.dhs.gov/sites/default/files/publications/The%20Hybrid%20Public%20Safety %20Microphone-Turtle%20Command- Land%20Mobile%20Radio%20Converging%20with%20Broadband_0.pdf Department of Homeland Security (DHS) (2015) Cyber Risks to Next Generation 911., Retrieved from: https://www.dhs.gov/sites/default/files/publications/NG911%20Cybersecurity%20Primer %20FINAL%20508C%20(003).pdf Careless, J. and Bischoff, G. (2011) What a Difference a Decade Makes., Urgentcomm.com, Retrieved from: http://urgentcomm.com/networks-amp-systems-mag/what-difference- decade-makes Bartock, M.; Cichonski, J.; and Franklin, J. (2015) LTE Security – How Good Is It?, National Institute of Standards and Technology (NIST), Retrieved from: http://csrc.nist.gov/news_events/cif_2015/research/day2_research_200-250.pdf Ruck, M. (2010) Top Ten Security Issues Voice Over IP (VOIP), Designdata.com, Retrieved from: http://www.designdata.com/wp- content/uploads/sites/321/whitepaper/top_ten_voip_security_issue.pdf Anthony, S. (2013) The Humble SIM Card Has Finally Been Hacked: Billions of Phones at Risk of Data Theft, Premium Rate Scams., Extremetech.com, Retrieved from: http://www.extremetech.com/computing/161870-the-humble-sim-card-has-finally-been- hacked-billions-of-phones-at-risk-of-data-theft-premium-rate-scams Zarya, V. (2016) How These Mormon Women Became Some of the Best Cybersecurity Hackers in the U.S., Fortune.com, Retrieved from: http://fortune.com/2016/04/27/mormon- women-cybersecurity/ Radisys (2015) Radisys, Octasic and Quortus Partner to Deliver a Multi-Radio Network-in-a- Box for Defense and Public Safety Sectors., Radisys.com, Retrieved from: http://www.radisys.com/press-releases/radisys-octasic-and-quortus-partner-deliver-multi- radio-network-box-defense-and-public-safety Bardo, T. (2015), Why Public Safety Plans Should Include Satellite Communications., Hughes.com, Retrieved from: http://www.hughes.com/resources/why-public-safety- plans-should-include-satellite-communications?locale=en

Recommended

Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020Agnieszka Guźniczak-Beim
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexAndreanne Clarke
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
The Social Takeover
The Social TakeoverThe Social Takeover
The Social TakeoverZeroFOX
 
Gsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsGsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsChuck Brooks
 

Recommended

Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020Agnieszka Guźniczak-Beim
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexAndreanne Clarke
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
The Social Takeover
The Social TakeoverThe Social Takeover
The Social TakeoverZeroFOX
 
Gsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsGsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsChuck Brooks
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
Analysis of Rogue Access Points using Software-Defined Radio
Analysis of Rogue Access Points using Software-Defined RadioAnalysis of Rogue Access Points using Software-Defined Radio
Analysis of Rogue Access Points using Software-Defined RadioJuanRios179
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Policy Guide for Legislators
Policy Guide for LegislatorsPolicy Guide for Legislators
Policy Guide for LegislatorsKristin Judge
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019BluePayProcessing
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemLillian Ekwosi-Egbulem
 
Cybersecurity and its impact on your commercial real estate portfolio
Cybersecurity and its impact on your commercial real estate portfolioCybersecurity and its impact on your commercial real estate portfolio
Cybersecurity and its impact on your commercial real estate portfolioJLL
 
Tema 5.cybersecurity
Tema 5.cybersecurityTema 5.cybersecurity
Tema 5.cybersecurityFalconPeregrine1
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...Symantec
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoJoão Rufino de Sales
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfssuserc1c354
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 

More Related Content

What's hot

Analysis of Rogue Access Points using Software-Defined Radio
Analysis of Rogue Access Points using Software-Defined RadioAnalysis of Rogue Access Points using Software-Defined Radio
Analysis of Rogue Access Points using Software-Defined RadioJuanRios179
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
 
Policy Guide for Legislators
Policy Guide for LegislatorsPolicy Guide for Legislators
Policy Guide for LegislatorsKristin Judge
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019BluePayProcessing
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemLillian Ekwosi-Egbulem
 
Cybersecurity and its impact on your commercial real estate portfolio
Cybersecurity and its impact on your commercial real estate portfolioCybersecurity and its impact on your commercial real estate portfolio
Cybersecurity and its impact on your commercial real estate portfolioJLL
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...Symantec
 

What's hot (19)

Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
Analysis of Rogue Access Points using Software-Defined Radio
Analysis of Rogue Access Points using Software-Defined RadioAnalysis of Rogue Access Points using Software-Defined Radio
Analysis of Rogue Access Points using Software-Defined Radio
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
 
Policy Guide for Legislators
Policy Guide for LegislatorsPolicy Guide for Legislators
Policy Guide for Legislators
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
6 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 20196 Cybersecurity Trends to Watch in 2019
6 Cybersecurity Trends to Watch in 2019
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
 
Symantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government SectorSymantec's Internet Security Threat Report for the Government Sector
Symantec's Internet Security Threat Report for the Government Sector
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
 
Cybersecurity and its impact on your commercial real estate portfolio
Cybersecurity and its impact on your commercial real estate portfolioCybersecurity and its impact on your commercial real estate portfolio
Cybersecurity and its impact on your commercial real estate portfolio
 
Tema 5.cybersecurity
Tema 5.cybersecurityTema 5.cybersecurity
Tema 5.cybersecurity
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh Webinar
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 

Similar to Cyber Threat to Public Safety Communications

The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfssuserc1c354
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Running headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxRunning headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxrtodd599
 
Marriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMAMarriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMADavid Sweigert
 
How to take down the 911 call center -- NFPA 1221 , Chapter 13
How to take down the 911 call center -- NFPA 1221 , Chapter 13How to take down the 911 call center -- NFPA 1221 , Chapter 13
How to take down the 911 call center -- NFPA 1221 , Chapter 13David Sweigert
 
NEC Public Safety | Integrating Physical & Cyber Security
NEC Public Safety | Integrating Physical & Cyber SecurityNEC Public Safety | Integrating Physical & Cyber Security
NEC Public Safety | Integrating Physical & Cyber SecurityNEC Public Safety
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 

Similar to Cyber Threat to Public Safety Communications (20)

The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdf
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
Running headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxRunning headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docx
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
Marriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMAMarriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMA
 
How to take down the 911 call center -- NFPA 1221 , Chapter 13
How to take down the 911 call center -- NFPA 1221 , Chapter 13How to take down the 911 call center -- NFPA 1221 , Chapter 13
How to take down the 911 call center -- NFPA 1221 , Chapter 13
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESS
 
NEC Public Safety | Integrating Physical & Cyber Security
NEC Public Safety | Integrating Physical & Cyber SecurityNEC Public Safety | Integrating Physical & Cyber Security
NEC Public Safety | Integrating Physical & Cyber Security
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwc
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Terrorist Cyber Attacks
Terrorist Cyber AttacksTerrorist Cyber Attacks
Terrorist Cyber Attacks
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 

Cyber Threat to Public Safety Communications

  • 1. Cyber Threat to Public Safety Communications Kory W. Edwards Webster University May 2016
  • 2. Abstract Public safety communications are the most crucial point of defense within the communication critical infrastructure (CI) sector. This paper explores the past mistakes, the threats, challenges, vulnerabilities and solutions in protecting public safety communications systems to ensure communications flow from the public to the first responder and all the coordination between them. This research paper traces the progression of public safety communications during the 9/11 attacks to modern infrastructure changes and the new threats they pose. Once identified, solutions are offered for those vulnerabilities. Keywords: Cybersecurity, Public Safety Communications, Cyberattack, Communications Security, Disaster Response Post 9/11 Connectivity Created Ubiquity Public safety communication vulnerabilities attained prominence in the aftermath of the September 11th , 2001 terrorist attacks. Once the two planes hit the World Trade Center, approximately 55,000 calls went out to the 911 emergency call center, of which 3,000 were received within the first few minutes. (Sharp, et al 2011) Cell phone networks promptly became overloaded as well, thus complicating first responder communications which typically used cell phones as a back-up to land mobile radio (LMR) systems. Radio repeaters on the Twin Towers were damaged and LMRs being used by police and firefighters could not operate at a power strong enough to hear the evacuation calls from within the buildings. (Sharp, et al 2011) With the addition of noise, operators talking over each other, incompatible systems, differences in radio jargon and the confusion, public safety communications underwent a significant break down during the crisis. America needed a remedy for the future. Since 9/11, the most common buzz words in emergency management are “redundancy” and “interoperability”. Federal funding continues to flow to agencies of all levels of government, Federal, state and local in order to procure systems that can operate in the same network or bridge into each other’s networks. The big push for more powerful radios, converters for cell phones to talk to LMRs, audio bridges to link LMR networks into a single channel, converters to merge LMR and other communication platforms into a voice-over-IP communication and broadband communications that ride over the internet have all increased interoperability and redundancy of public safety communications significantly. But emergency managers often overlook a key fact- connectivity creates ubiquity. The ability to connect all these platforms together offers many benefits, but the more components connected to the internet also provides for more entrances for cyber-attack. Components linking systems then become single points of failure that a cyber attacker can reach from literally anywhere around the world with the right skills. Attacks on Public Safety Communications
  • 3. What is an attractive target? Just in the year 2013, there were over 600 instances where citizens were denied emergency services as a result of a cyber-attack; 200 of these attacks directly targeted offices of public safety and their systems. (Macri 2014) Since 9/11, significant emphasis is placed on interoperability between agencies and levels of government. Interoperability plans often rely on increased connectivity to the open internet for remote maintenance, remote diagnostics and conversion of signals between networks. Each of these connections offer a cyber attacker additional access points from which they can monitor public safety communications, intercept sensitive data or conduct a cyber-attack. Aside from the actual public safety communications systems, which are increasingly more complex and composed of more secure components, the public’s ability to communicate with 911 services presents a prime target. Cyber-attacks have become so increasingly routine that IT professionals and their executive chain no longer focus on individual or repetitive attacks. The sheer volume and variety of penetrations and probes do not garner attention unless there is a significant loss of data or productivity. As Federal funds flow to agencies large and small to improve interoperability and redundancy, few agencies invested in protecting the public’s link to 911 call centers. As of May, 2015, over 200 attacks were conducted against 911 call centers using a telephone denial-of-service (TDOS) attack. (Viebeck 2015) Similar to a distributed denial-of-service (DDOS) attack, the attackers launch a large volume simultaneous calls to 911 which ties up the system and prevents the receipt of legitimate emergency calls. The most attractive targets are those easiest to get access to and most likely to cause the biggest effect. These would be the ability of the public to call 911, 911 call center’s ability to receive and process calls, and the single points of failure within interoperable bridge systems. The Attacks In recent years, we’ve seen sporadic attacks on both 911 systems, other public safety networks or supporting companies and infrastructure. Here’s just a small sample:  In early 2016, a cyberattack flooded Spartanburg County, SC non-emergency phone lines and pushed the calls onto the 911 system which jammed the 911 call center and slowed dispatching to respond to emergencies. (Stone 2016)  In April 2016, a cyberattack shut down various public safety systems of the Newark Police Department, NJ. The virus used in the attack prevented staff from accessing criminal data and the primary system used to dispatch first responders for 3 days. The police had to use their back-up system until the virus was remediated. (Coleman 2016)  In March 2016, a cyberattack flooded VOIP Innovations, a leading provider of voice over IP services, with service requests and denied their customers access to the system. The attack was so intense and so frequent that the FBI considered the attack a national security threat. (Hartmans 2016) Why? Because first responder agencies use VOIP in their primary networks or use components such as the Raytheon ACU-1000 for interoperability. The ACU-1000 converts numerous land-mobile-radio (LMR) and other communications systems to a single VOIP signal, which allows them to talk to each
  • 4. other. (Raytheon 2012) This becomes a single point of failure in a mass casualty of major event situation management.  In December 2014, cyber attackers disrupted the emergency 911 system in Indianapolis, IN for several days. The attackers either entered the system directly or by way of an individual computer. Not only did the penetration of the system occur, but the attackers stayed within the system to see how police responded to the incident. (Brilliant 2015) Threat of Secondary Attacks If the inability to contact emergency services were not concerning enough, the combination of a major terrorist attack followed by a cyber-attack on first responder systems could significantly compound the loss of life. Currently, cyberattacks from terrorist organizations have inflicted minimal damage and mostly consist of nuisance attacks. The concern with cyberattacks being combined with a physical attack within the U.S. relates to both future capabilities and the organizations’ ability to purchase cyberattack capabilities. The Islamic State of Iraq and the Levant (ISIL) obtained significant financial support from oil field seizures and other means. These funds could easily be used to recruit a successful cyber attacker to provide a secondary attack in the aftermath of a physical attack. Security Challenges of Public Safety Communications Complacency Recent mass casualty incidents in previously little known locations like San Bernardino, CA, Charleston, SC, Colorado Springs, CO, and Fort Hood, TX show us that public safety communications are of concern in places outside of the major metropolitan areas that most often receive attention. Many agencies and local governments believe that their city, county or town will never see such an event occur. And they might be right. Especially when facing significant expenses in upgrading their public safety networks, why put forth the effort and funding for a small possibility? Between frequently changing legal and technological requirements and the massive coordination needed to improve interoperability and continuity between agencies, most heads of agencies are not willing to dedicate time, manpower and a large portion of their budget to fix their cybersecurity vulnerabilities. (Burger, et al 2016) Public safety officials are not likely to pay close attention to cyber-attacks that happened “over there” in a distant city or state. In fact, many heads of agencies that hire security experts become complacent over the daily threat briefs and worries of their security staff. The security director who constantly cries wolf cannot get the action they need when it is significant. So, should a cyber security professional not mention the daily threats? Our society has become tone deaf to the headlines about cybersecurity issues. And our complacency becomes a major challenge in address the security needs to public safety communications. Expense/Funding Budgets always have been a battle for any security professional. The biggest challenge facing a Chief Information Security Officer (CISO) is normally not identifying the vulnerabilities and
  • 5. solutions, but obtaining the budget necessary to fortify their networks. Take for example the following headlines over just the last year:  How to be a successful CISO without a “real” cybersecurity budget (SEP 2015)  How to calculate ROI and justify your cybersecurity budget (DEC 2015)  Rebalancing your cybersecurity budget with deception technology (APR 2016) A recent study showed that across all industries, government failed industry-standard security tests the worst. In fact, government agencies fixed fewer than 1/3 of detected cyber-security problems and most often due to budget constraints. (Ward 2015) Whereas private companies such as Target have been financially and legally held accountable for data theft, government agencies are often not held to the same standards. The theft of millions of Federal employee personal information during the Office of Personnel Management data breach is a perfect example of why government should dedicate more funds to cybersecurity, but do not have the same legal and financial incentives to do so as a private company does through litigation risks. Interoperability Since 9/11, many agencies have progressed in the issue of interoperability between agencies. With the support of the Department of Homeland Security, universal standards of data management, enabling of broadband capabilities for voice, data and video, and hardware solutions such as audio bridges and higher-power land-mobile-radio systems have become commonplace. Even joint command centers have sprung up to bring crisis management participants face-to-face when needed. The increased interoperability also comes with its own set of challenges though. Not every agency can afford to participate in these joint interoperability ventures due to funding or incompatible systems. Expenses often are cost prohibitive for smaller or rural agencies using outdated and incompatible systems meaning they must bear a larger expense in order to become interoperable. Instead, they end up relying on less expensive options such as augmenting LMR networks with broadband. Aside from the broadband cyber vulnerabilities, this option typically uses first responder commercial smartphones that lack mission-critical voice capabilities such as radio-to-radio and one-to-many communications. (DHS 2014) Shared systems between agencies also run the risk of being tied into an agency that has not employed security measures, that lacks diverse routing or redundancy in electrical power. When agencies lack common security policies and training, one of the agencies might be enabling insiders to accidentally or intentionally disrupt operations or security throughout the share network. Vulnerabilities of Public Safety Communications Next Generation 911 Systems Today’s trend in 911 systems is the implementation of Next Generation 911 (NG911) systems which operate on an Internet Protocol (IP). These systems offer a wide range of broadband options for voice, data, video and interconnection of public and private networks. Unfortunately, this new system subjects 911 communications to significant vulnerabilities that come with an IP
  • 6. connected system. In order to be functional for a wide array of agencies, these systems require standardized identity management and credentialing system-wide. The use of credentials allows a potential attacker numerous attack vectors and wide-spanning access which would allow the attack to spread quickly and proliferate across systems. (DHS 2015) DHS is of the opinion that these risks do not undermine the benefits of the NG911 system; however, they acknowledge that as attacks increase in complexity and sophistication beyond the TdoS attacks currently used, the system will be more at risk. But such a statement begs two questions, how do we know these more sophisticated attacks do not already exist? And, how soon before we begin to see these new attack strategies. By ascribing to a new system with known flaws and multiple chokepoints, and especially by publishing these vulnerabilities, are we not encouraging new attack development? Reliance Upon Telephony Modern public safety communications systems rely heavily upon telephony. The New York Police and Fire Departments, for example, operate a dedicated, private LTE carrier using the 2.5 GHz spectrum leased by the Brooklyn Archdiocese. (Careless, et al 2011) This now subjects the entire New York emergency response to standard LTE attacks on the commodity hardware and software used, rogue base stations renegotiation attacks (forcing the communications to less secure GSM channels), man-in-the-middle (MiM) attacks, jamming, attacks using stolen secret key (K) attained from the carrier’s HSS/AuC or the UICC manufacturer, physical attacks on base stations or availability attacks on eNodeB and Core. (Bartock, et al 2015) Those public safety communications systems that rely on VOIP communications for interoperability also have significant vulnerabilities to deal with. Internet bound packets can be intercepted or significant strain on VPN hardware can cause delays and broken communications. These VOIP systems all lead to virtual chokepoints at gateways and base station control functions (BCFs) and securing them at a firewall is challenging. Other VOIP security is depended upon updated patches to phones, good underlying network security, operating system security, DoS attacks, packet interception, unsecure open ports, wireless connectivity exposure and spam over IP telephony. (Ruck 2010) The ability to conduct attacks on telephony is not complicated but does require specialized equipment that is not difficult to obtain. Especially when dealing with cellular systems, the most secure operating system is the Android or iOS operating system on the phones; however, at least two other operating systems exist on handsets and they have significantly more vulnerabilities. The base board operating system controls all functions involving radio frequency (RF) transmission and controls. They rely on signals being dent on the downlink from a tower as being both secure and direct commands. Shifting an LTE signal to GSM or UMTS where security flaws are more exploitable can be done with a cause code 8 which bricks the handset and instructs it to stop looking for LTE. This would knock a first responder’s handset off the secure LTE network and since most of these specialized LTE systems do not have a GSM channel in their neighbor list, the phone becomes dead at least until power cycled away from the rogue base station’s reach. SIM cards on cellular devices are also a vulnerability. Reverse engineering of a SIM card can grant unauthorized access, or hacking of an authorized SIM card can give a cyber attacker access
  • 7. to about 13% of authorized devices in order to steal data or conduct a TDoS attack from within the specialized network. (Anthony 2013) Shortage of Cyber Security Professionals Despite all the improving hardware, software, encryption, awareness and companies willing to sell and install the latest and greatest in cyber security and cyber defense systems, one final vulnerability remains and is growing. This would be the shortage of cyber security professionals to employ and acknowledgment of the need for these professionals. Many companies and government entities have shifted their hiring practices to ensure new head of security are also information security or cyber security trained; however, the fact remains that roughly 300,000 cyber security jobs remain unfilled in the U.S. and that number is likely to grow to over 1.5 million in the next 5 years. (Zarya 2016) This shortage means that public safety agencies must compete for this talent pool with private corporations which typically offer higher salaries than government entities can afford to pay. The shortage also leads to expansion of the talent pool by hiring foreign cyber security experts or relying on offsite cyber security companies for support through consulting roles or crisis assistance. Hiring foreign professionals runs the risk of terrorist sympathizers infiltrating these agencies to either conduct cyber reconnaissance or an attack. And the hiring of consultants or outside crisis management companies means a delayed response to these attacks and a response to only attacks that are blatantly noticeable. What does a public safety agency do about the daily attacks that do not rise to the crisis threshold but could be indicative of probing or planning for a larger attack? How can an agency respond rapidly and effectively if their support is not onsite? It is imperative that we recognize the vulnerability within our employee talent in addition to the hardware and software security issues. Solutions for First Responder Communications Communication of Information Via Fusion Center Network One of the benefits of the actions taken by the Department of Homeland Security after the 9/11 Report was issued was the establishment of a state fusion center network. Federal funding supports these state and major metropolitan area analysis centers that now exist in every state and territory, with the exception of Wyoming. Embedded analysts and liaisons at these fusion center connect agencies of all levels of government and private sector partners through face-to- face interaction at the center. In addition, useful tools such as Adobe Connect sessions are offered for free through the DHS portals. These communications systems remove crisis discussions from the agency’s standard networks and onto an internet based platform that may not be linked to the victim agency’s networks and therefore not targeted in the cyber-attack. Use of these fusion center tools can allow access to key personnel using any device that is able to connect to the internet via cellular or land-based Ethernet connections, regardless of the ISP or connection. Voice, data, messaging and video are all offered on the platform and through the embedded DHS Intelligence Officers, information can travel rapidly through the fusion center network to other state, localities and centers which may need to prepare for subsequent or simultaneous attacks. These DHS Intelligence Officers have already established rapport and
  • 8. contact with key players within their area of responsibility. This is a significant resource that is often under-utilized. Network In-A-Box An alternate cellular back-up solution would be a closed cellular network such as the Multi- Radio Network-in-a-Box system offered by a joint venture between Radisys, Octasic and Quortus. (Radisys 2015) This product is a portable cellular base station platform that can handle up to 32 cellular devices per box and is deployable via UAV, vehicle or backpack. It uses 4G/LTE, 3G and 2G air interfaces, allowing any cellular device to connect to it but allows the agency to restrict which devices can connect to the platform by using a whitelist/blacklist authentication. In order to cover larger distances or urban environments, the system can be deployed with multiple platforms and establishing a crisis specific cellular channel, frequency and neighbor list. How is this platform different from a carrier platform? It offers the security of being a closed network that does not connect to outside carrier networks. This inhibits a rogue tower or internet attack since it is detached from public cellular networks. If the frequency were to be intercepted, that frequency can be changed for the authorized devices. A visual log of SMS transmissions between devices can also serve as a time-stamped record of the event management and decisions. Satellite Backup There is a common misperception that redundancy and diversity of communications can be achieved through multiple options of terrestrial communications. Unfortunately, this ends up leading to diversity of the carrier but not the pathway. (Bardo 2015) If the entire infrastructure collapses due to a major terrorist attack or natural disaster (as in 9/11), what options remain? This is where satellite communications become essential. Just as satellite communications can be deployed at sea or on a battlefield without significant infrastructure, these satellite communications systems are a fail-safe in a catastrophic event. Modern satellite communications allow for sleeve devices that can be added to off-the-shelf cellular devices to convert them to satellite capable handsets. Satellite communications should be an integral part of any continuity of operations planning. Recruitment of Cyber Security Professionals As mentioned in the vulnerabilities section of this paper, there is a shortage of cyber security professionals. A solution to this problem is to recruit or train IT personnel within the agency to understand cyber security issues. Agency sponsorship of certification courses such as Certified Information Systems Security Professional (CISSP) and Security + courses, attached with an employment commitment obligation (to prevent employee loss) could augment the agency’s IT skills. In addition to training and recruitment, executives must break the complacency mindset and dedicate resources and attention to improving their cyber security status. In government, where loss is not as much of a concern, policies must be adopted to hold government executives accountable in the event that their agency suffers a significant loss of data or service capability.
  • 9. Conclusion No public safety communications system is 100% secure from cyber-attack and no agency has the funding to reach the pinnacle of cyber security. However, it is incumbent upon public safety leadership to seek out solutions to improve their security standing. Lives are on the line, as we learned during the 9/11 attacks, those lives can be first responders and citizens. Communications are the key to an effective disaster response and our attackers understand that by disrupting these communications they can maximize the effects of their attack. The solutions outline above are just a few of the possibilities and as technology evolves, so must our communications defenses.
  • 10. References Sharp, K.; Losavio, K. (2011) 9/11, 10 Years Later., PSC Online, Retrieved from: http://psc.apcointl.org/2011/09/06/911-10-years-later Macri, G. (2014) Emergency services like 911 n longer cyber-safe, GAO reports. TheDailyCaller.com, Accessed from: http://dailycaller.com/2014/01/30/emergency- services-like-911-no-longer-cyber-safe-gao-reports/ Viebeck, E. (2015). DHS: 911 Call Centers Vulnerable to Cyber-Attack. TheHill.com, Retrieved from: http://thehill.com/policy/cybersecurity/241442-dhs-911-call-centers-vulnerable-to- cyberattack Stone, A. (2014) Cyberattack: The Possibilities Emergency Managers Need to Consider. EmergencyMgmt.com, Retrieved from: http://www.emergencymgmt.com/safety/Cyberattack-Emergency-Managers.html Coleman, V. (2016) Cyber Attack Temporarily Shut Down Newark Police Computer Systems., NJ.com, Retrieved from: http://www.nj.com/essex/index.ssf/2016/04/cyber_attack_shuts_down_newark_police_co mputer_sys.html Hartmans, A. (2016) VOIP Innovations Suffers Cyberattack., Pittsburgh Business Times. Retrieved from: http://www.bizjournals.com/pittsburgh/news/2016/03/17/voip- innovations-suffers-cyberattack.html Raytheon (2012) ACU-1000 Datasheet. PSI Company. Retrieved from: http://www.psicompany.com/man-prod-info/Raytheon-JPS/Control-Equipment/ACU- 1000/ACU-1000-Datasheet.pdf Brilliant, J. (2015) Hackers Target Indianapolis 911 Center. WTHR.com Retrieved from: http://www.wthr.com/story/27897557/hackers-target-indianapolis-911-center Burger, E.; Welch, T. (2016) Complacency in the Face of Evolving Cybersecurity Norms is Hazardous, Legaltech News, Retrieved from: http://poseidon01.ssrn.com/delivery.php?ID=04310512712102512509107200409409412 100903600008206109110602100102511101202308307301112005810012204202405311 407111201207411107602009003403703409907012109909207106504204600000007712 5102095114095093001086003092000106100109001126026102125106089113097006& EXT=pdf Ward, M. (2015) All Industries Fail Cybersecurity, Govt The Worst., CNBC.com, Retrieved from: http://www.cnbc.com/2015/06/23/all-industries-fail-cybersecurity-govt-the- worst.html Department of Homeland Security (DHS) (2014), The Hybrid Public Safety Microphone (Turtle Command) Land Mobile Radio Converging with Broadband., Retrieved from:
  • 11. https://www.dhs.gov/sites/default/files/publications/The%20Hybrid%20Public%20Safety %20Microphone-Turtle%20Command- Land%20Mobile%20Radio%20Converging%20with%20Broadband_0.pdf Department of Homeland Security (DHS) (2015) Cyber Risks to Next Generation 911., Retrieved from: https://www.dhs.gov/sites/default/files/publications/NG911%20Cybersecurity%20Primer %20FINAL%20508C%20(003).pdf Careless, J. and Bischoff, G. (2011) What a Difference a Decade Makes., Urgentcomm.com, Retrieved from: http://urgentcomm.com/networks-amp-systems-mag/what-difference- decade-makes Bartock, M.; Cichonski, J.; and Franklin, J. (2015) LTE Security – How Good Is It?, National Institute of Standards and Technology (NIST), Retrieved from: http://csrc.nist.gov/news_events/cif_2015/research/day2_research_200-250.pdf Ruck, M. (2010) Top Ten Security Issues Voice Over IP (VOIP), Designdata.com, Retrieved from: http://www.designdata.com/wp- content/uploads/sites/321/whitepaper/top_ten_voip_security_issue.pdf Anthony, S. (2013) The Humble SIM Card Has Finally Been Hacked: Billions of Phones at Risk of Data Theft, Premium Rate Scams., Extremetech.com, Retrieved from: http://www.extremetech.com/computing/161870-the-humble-sim-card-has-finally-been- hacked-billions-of-phones-at-risk-of-data-theft-premium-rate-scams Zarya, V. (2016) How These Mormon Women Became Some of the Best Cybersecurity Hackers in the U.S., Fortune.com, Retrieved from: http://fortune.com/2016/04/27/mormon- women-cybersecurity/ Radisys (2015) Radisys, Octasic and Quortus Partner to Deliver a Multi-Radio Network-in-a- Box for Defense and Public Safety Sectors., Radisys.com, Retrieved from: http://www.radisys.com/press-releases/radisys-octasic-and-quortus-partner-deliver-multi- radio-network-box-defense-and-public-safety Bardo, T. (2015), Why Public Safety Plans Should Include Satellite Communications., Hughes.com, Retrieved from: http://www.hughes.com/resources/why-public-safety- plans-should-include-satellite-communications?locale=en