This document discusses cyber threats to public safety communications systems. It summarizes that since 9/11, increased connectivity and interoperability between systems has created more potential access points for cyber attacks. Specific vulnerabilities discussed include next generation 911 systems relying on IP networks, reliance on cellular networks using LTE and VOIP, and a shortage of cybersecurity professionals. Potential solutions proposed include using fusion center networks to communicate crisis information over separate internet-based systems rather than agency networks.
Cyber Threat to Public Safety CommunicationsKory Edwards
This document discusses cyber threats to public safety communications systems. It begins by describing how communications broke down for first responders during the 9/11 attacks due to overloaded cell networks and damaged radio systems. Since then, improvements have focused on redundancy and interoperability through increased connectivity, but this also introduces more vulnerabilities. The document outlines several cyberattacks against 911 call centers and public safety networks in recent years. It identifies the most attractive targets as the public's access to 911 and single points of failure in interconnected systems. The main security challenges are complacency about risks and limited budgets to address vulnerabilities.
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
This document discusses social engineering and how it enables unauthorized access. Social engineering relies on exploiting human tendencies rather than technical vulnerabilities. The document explores how Edward Snowden used social engineering to gain access to NSA systems by persuading coworkers to provide their credentials. It examines why information security programs fail to prevent social engineering, despite training, due to human factors like lack of motivation. Common social engineering attack types are discussed, including insider threats, external threats, and the tactics used like appealing to human tendencies like authority, scarcity, and liking. The document argues a new approach is needed that incorporates social intelligence concepts to make employees less susceptible to social engineering.
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
1. Local governments are increasingly being targeted by cyber attacks as more infrastructure becomes internet-
connected. This exposes sensitive data and critical systems to risks.
2. State and local governments are often unprepared to deal with cybersecurity threats due to a lack of skilled
personnel and budgetary resources. They also may not adequately share intelligence about threats.
3. The annual cost of cyber attacks on businesses alone is estimated to be between $400-500 billion. Securing critical
infrastructure like power grids against cyber threats will require tremendous resources, with some projections
putting worldwide annual cybersecurity costs at trillions of dollars by 2020.
The document is a report from IBM analyzing cyber attack data from 2014. Some key findings include:
- Unauthorized access incidents nearly doubled from 2013 and accounted for 37% of all incidents in 2014, likely due to vulnerabilities like Shellshock and Heartbleed.
- Over 62% of incidents targeted just three industries: finance/insurance, information/communications, and retail.
- More than half of all attacks came from internal sources like employees or contractors, though most internal breaches were unintentional.
- The US was both the most attacked country and the origin of over half of all attacks due to its large size and internet infrastructure.
The document discusses cyber security issues and proposes policy solutions. It outlines current problems like a lack of security standards, interconnected systems being vulnerable, and attacks coming from anywhere. The document argues for establishing comprehensive cyber security policies, expanding US CERT, incentivizing businesses to regulate themselves, and addressing human vulnerabilities. The goal is to facilitate technological innovation in a safe, secure environment.
Did you know the average time it takes to remediate a breached social account is 5.5 hours? Our report, The Social Takeover, helps you understand why social media security is important for any organization to address.
Cyber Threat to Public Safety CommunicationsKory Edwards
This document discusses cyber threats to public safety communications systems. It begins by describing how communications broke down for first responders during the 9/11 attacks due to overloaded cell networks and damaged radio systems. Since then, improvements have focused on redundancy and interoperability through increased connectivity, but this also introduces more vulnerabilities. The document outlines several cyberattacks against 911 call centers and public safety networks in recent years. It identifies the most attractive targets as the public's access to 911 and single points of failure in interconnected systems. The main security challenges are complacency about risks and limited budgets to address vulnerabilities.
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
This document discusses social engineering and how it enables unauthorized access. Social engineering relies on exploiting human tendencies rather than technical vulnerabilities. The document explores how Edward Snowden used social engineering to gain access to NSA systems by persuading coworkers to provide their credentials. It examines why information security programs fail to prevent social engineering, despite training, due to human factors like lack of motivation. Common social engineering attack types are discussed, including insider threats, external threats, and the tactics used like appealing to human tendencies like authority, scarcity, and liking. The document argues a new approach is needed that incorporates social intelligence concepts to make employees less susceptible to social engineering.
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
1. Local governments are increasingly being targeted by cyber attacks as more infrastructure becomes internet-
connected. This exposes sensitive data and critical systems to risks.
2. State and local governments are often unprepared to deal with cybersecurity threats due to a lack of skilled
personnel and budgetary resources. They also may not adequately share intelligence about threats.
3. The annual cost of cyber attacks on businesses alone is estimated to be between $400-500 billion. Securing critical
infrastructure like power grids against cyber threats will require tremendous resources, with some projections
putting worldwide annual cybersecurity costs at trillions of dollars by 2020.
The document is a report from IBM analyzing cyber attack data from 2014. Some key findings include:
- Unauthorized access incidents nearly doubled from 2013 and accounted for 37% of all incidents in 2014, likely due to vulnerabilities like Shellshock and Heartbleed.
- Over 62% of incidents targeted just three industries: finance/insurance, information/communications, and retail.
- More than half of all attacks came from internal sources like employees or contractors, though most internal breaches were unintentional.
- The US was both the most attacked country and the origin of over half of all attacks due to its large size and internet infrastructure.
The document discusses cyber security issues and proposes policy solutions. It outlines current problems like a lack of security standards, interconnected systems being vulnerable, and attacks coming from anywhere. The document argues for establishing comprehensive cyber security policies, expanding US CERT, incentivizing businesses to regulate themselves, and addressing human vulnerabilities. The goal is to facilitate technological innovation in a safe, secure environment.
Did you know the average time it takes to remediate a breached social account is 5.5 hours? Our report, The Social Takeover, helps you understand why social media security is important for any organization to address.
Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
Analysis of Rogue Access Points using Software-Defined RadioJuanRios179
This document analyzes how rogue WiFi access points can be created using software-defined radio (SDR) to intercept network traffic. It discusses how SDR allows simulating the physical, link, network, and transport layers needed for an access point. The researchers created a rogue access point using inexpensive SDR hardware and a Raspberry Pi "victim" to capture its network traffic as a proof-of-concept. Their work aims to help prevent such attacks by exposing how cybercriminals could carry them out.
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
This document summarizes different types of web application attacks and proposed preventative measures. It discusses denial of service (DOS) attacks, cross-site scripting (XSS) attacks, SQL injection attacks, and request encoding attacks that have occurred from 2012-2014. Statistics on the financial impact of these attacks on various industries are provided. The document then proposes solutions to prevent DOS attacks, XSS attacks, SQL injection attacks, and request encoding attacks. These include implementing input validation, output encoding, access control, and encryption. Overall, the document aims to survey common web application attacks and identify best practices for building secure applications.
- A majority of state legislators surveyed did not know if their state had a cyber emergency incident response plan in place, indicating a lack of engagement on cybersecurity issues from top government officials.
- Having a formal incident response plan is critical because security breaches are inevitable, and such plans help minimize damage from attacks.
- Elected leaders need to make cybersecurity a priority through activities like budgeting for incident response resources, overseeing development and implementation of response policies, and monitoring agency compliance with plans.
Symantec's Internet Security Threat Report, Volume 18 revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year. Designed to steal intellectual property, these targeted cyberespionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.
It seems like every week there's a new high-profile data breach that takes over news headlines. The quickly changing cyber landscape makes forecasting potential threats difficult. Here are some cybersecurity trends to watch in 2019.
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
Symantec's 2011 Internet Security Threat Report, Volume 17 shows that while the number of vulnerabilities decreased by 20 percent, the number of malicious attacks continued to skyrocket by 81 percent. In addition, the report highlights that advanced targeted attacks are spreading to organizations of all sizes and variety of personnel, data breaches are increasing, and that attackers are focusing on mobile threats.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemLillian Ekwosi-Egbulem
This document discusses several common types of basic cyber attacks including internet fraud, destructive attacks, theft of intellectual property, and denial of service attacks. It provides examples of each type of attack, describing the motives and damages caused. Countermeasures are suggested to prevent each attack, such as installing security software, monitoring network activity, and enforcing access controls and policies. The conclusion emphasizes the importance of protecting information and systems given the economic and security impacts of vulnerabilities.
Cybersecurity and its impact on your commercial real estate portfolioJLL
The global cybersecurity market is currently worth more than $107 billion in 2015 and is expected to grow to more than $170 billion by 2020—an annual growth rate of almost 10 percent. In federally leased real estate, more than $32 billion was spent in the last decade on cybersecurity, with trillions more planned for the decade to come.
Join us as we introduce you to the world of cybersecurity—what it is, where it is, how it’s funded, and most importantly – how it impacts your real estate investments.
The document discusses the debate around cybersecurity, politics, and interests. It summarizes that the threat of cyber attacks has driven increased spending on security by states and corporations. However, critics argue the threats are exaggerated and that the response is overly militarized and risks wasting resources. The debate has implications for the future of internet governance and privacy as states consider greater regulation and monitoring of internet traffic.
This document summarizes a presentation on cybersecurity risks and management practices. It outlines the evolution of cyber threats from less advanced in the past to more sophisticated today. Significant risks to businesses are identified as data theft, malware that destroys systems, denial of service attacks, and reputational attacks. Case studies show how even large companies can be vulnerable to attacks through a single weak point. The document then covers different types of security threats like hacking, phishing, man-in-the-middle attacks, and botnets. It emphasizes the need for senior management leadership on cybersecurity and outlines best practices for managing risks and measuring return on investment in security.
- The document summarizes a Symantec security refresh presentation. It discusses the current threat landscape including targeted attacks, data breaches, mobile threats and email threats.
- It then provides an overview of Symantec's Global Intelligence Network and security solutions portfolio. This includes advanced threat protection, data loss prevention, identity protection, and more.
- The presentation aims to show how Symantec's extensive security offerings and global threat intelligence network can help organizations protect their information, infrastructure, and interactions from today's threats.
This document discusses the challenges that big data poses for cybersecurity. It notes that the volume, variety, and velocity of data has increased dramatically due to factors like the growth of the internet and consumer technology. This has led to unprecedented growth in cyber threats that security companies must address. The document argues that successfully protecting users requires efficiently processing big data to generate intelligence through techniques like specialized search algorithms, machine learning, and analyzing relationships in the data. It maintains that a combination of automated analysis and human insight is needed to understand the evolving threat landscape.
The document provides 10 steps to safeguard a business from growing cyber threats. It notes that 72% of attacks target user identities and applications rather than servers and networks. The document then explores the current security landscape, why and how businesses may be vulnerable, and profiles different types of hackers including cyber criminals, state-sponsored attackers, hacktivists, and cyber terrorists. It discusses how new ways of working and an increasingly digital world have increased complexity and opportunities for cyber attacks.
The document discusses cyber security threats and vulnerabilities. It provides statistics on malware attacks, vulnerable areas when online, and costs of cyber crimes. Emerging technologies like moving target and remote agent technologies are aimed to constantly change networks and monitor security, but collective global measures are still needed to maximize security as cyber attacks can significantly impact individuals, organizations, and entire economies.
The document discusses the growing threat of cyber attacks facing all organizations. It notes that no organization is safe from attacks, which are increasing in scale and sophistication. Some key points made include:
- Cyber attacks range from financially motivated crime to espionage to activism and warfare, with financial crime being the most commonly experienced by organizations.
- The boundary-less nature of cyber space and low costs of attacks relative to their impact make threats unpredictable and difficult to defend against.
- Effective cyber security requires looking outward beyond organizational boundaries and increasing collaboration both within sectors and between public and private sectors. However, collaboration is still not working effectively.
- Understanding online business models and protecting the data that represents organizational value are both critical
This document discusses the growing cyber threats facing organizations today. It notes that as organizations increasingly operate online and digitize their services and information, cyber attacks have risen in scale and sophistication. The document outlines the main types of cyber attacks, including financial crime, espionage, warfare, terrorism, and activism. It emphasizes that effective cyber security requires looking outward beyond organizational boundaries and increasing collaboration between businesses and government. However, the document notes that public-private collaboration on cyber security has not been fully effective so far. Overall, the document argues that as threats in cyberspace escalate, secure information has become a key source of power, and cyber security is a major risk issue that organizations must address.
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
The Biggest Cyber and Physical Security Threats to Critical Infrastructure by Fas Mosleh, ex-HP, ex-IBM, ex-Broadcom. Discusses how critical infrastructure can be compromised by physical and security threats. Critical infrastructure refers to the systems, facilities, and networks that are essential to the functioning of a society and its economy. These are the assets that, if damaged or disrupted, could have a significant impact on public health and safety, economic security, and national security. Social engineering: This involves manipulating people into divulging sensitive information or taking actions that compromise security. Phishing is a primary example of such manipulation and is still one of the most prevalent types of attack. According to the 2021 Data Breach Investigations Report by Verizon, phishing was involved in 36% of all data breaches, making it the top threat action in the report. Phishing attacks are also becoming increasingly sophisticated and targeted, with attackers using social engineering tactics to trick victims into divulging sensitive information or downloading malware. This can include impersonating trusted individuals or organizations, creating convincing fake websites or emails, and using urgent or threatening language to pressure victims into taking action.
According to the 2021 State of the Phish Report by Proofpoint, 75% of organizations surveyed reported being targeted by phishing attacks in 2020, and 59% of those attacks were successful in compromising at least one user account or system. The report also found that COVID-19 related phishing attacks were particularly prevalent in 2020, taking advantage of the pandemic to trick victims into providing personal information or downloading malware.
5. Distributed denial of service (DDoS) attacks: These attacks flood a system with traffic, overwhelming it and causing it to crash or become unavailable.
6. Advanced persistent threats (APTs): APTs are sophisticated, long-term attacks that target specific organizations and can involve multiple stages of infiltration and exfiltration.
According to the 2023 CrowdStrike Global Threat Report, An uptick in social engineering tactics targeting human interactions – Tactics such as vishing direct victims to download malware and SIM swapping to circumvent multi-factor authentication (MFA).
This document discusses how critical infrastructure is increasingly being targeted by cybercriminals and nation-states through cyber attacks. It notes that while most critical infrastructure operators have strong physical security, many lack comprehensive cybersecurity strategies. It advocates for privileged access management solutions to help secure critical infrastructure according to new regulations and guidelines. Such solutions can help prevent attackers from gaining privileged access and help contain threats by isolating and auditing privileged sessions.
The document provides 10 predictions for the cybersecurity industry in 2022. It predicts that critical infrastructure will be a prime target for both cybercriminals and nation-states. Ransomware attacks will grow significantly in scope and impact, potentially disrupting entire societies. Cyber attacks will increasingly be used as a tool of foreign policy and domestic control by oppressive governments. Artificial intelligence and quantum computing developments will further escalate the arms race between attackers and defenders. Overall, 2022 will be a very challenging year for cybersecurity as threats become more powerful and widespread.
Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
Analysis of Rogue Access Points using Software-Defined RadioJuanRios179
This document analyzes how rogue WiFi access points can be created using software-defined radio (SDR) to intercept network traffic. It discusses how SDR allows simulating the physical, link, network, and transport layers needed for an access point. The researchers created a rogue access point using inexpensive SDR hardware and a Raspberry Pi "victim" to capture its network traffic as a proof-of-concept. Their work aims to help prevent such attacks by exposing how cybercriminals could carry them out.
Survey of different Web Application Attacks & Its Preventive MeasuresIOSR Journals
This document summarizes different types of web application attacks and proposed preventative measures. It discusses denial of service (DOS) attacks, cross-site scripting (XSS) attacks, SQL injection attacks, and request encoding attacks that have occurred from 2012-2014. Statistics on the financial impact of these attacks on various industries are provided. The document then proposes solutions to prevent DOS attacks, XSS attacks, SQL injection attacks, and request encoding attacks. These include implementing input validation, output encoding, access control, and encryption. Overall, the document aims to survey common web application attacks and identify best practices for building secure applications.
- A majority of state legislators surveyed did not know if their state had a cyber emergency incident response plan in place, indicating a lack of engagement on cybersecurity issues from top government officials.
- Having a formal incident response plan is critical because security breaches are inevitable, and such plans help minimize damage from attacks.
- Elected leaders need to make cybersecurity a priority through activities like budgeting for incident response resources, overseeing development and implementation of response policies, and monitoring agency compliance with plans.
Symantec's Internet Security Threat Report, Volume 18 revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year. Designed to steal intellectual property, these targeted cyberespionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via “watering hole” techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.
It seems like every week there's a new high-profile data breach that takes over news headlines. The quickly changing cyber landscape makes forecasting potential threats difficult. Here are some cybersecurity trends to watch in 2019.
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
Symantec's 2011 Internet Security Threat Report, Volume 17 shows that while the number of vulnerabilities decreased by 20 percent, the number of malicious attacks continued to skyrocket by 81 percent. In addition, the report highlights that advanced targeted attacks are spreading to organizations of all sizes and variety of personnel, data breaches are increasing, and that attackers are focusing on mobile threats.
Symantec's Internet Security Threat Report for the Government SectorSymantec
Symantec has established the most comprehensive source of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of more than 41.5 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Threat Management System, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.
In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 60,000 recorded vulnerabilities (spanning more than two decades) from over 19,000 vendors representing over 54,000 products.
Spam, phishing, and malware data is captured through a variety of sources including the Symantec Probe Network, a system of more than 5 million decoy accounts, Symantec.cloud, and a number of other Symantec security technologies. Skeptic, the Symantec.cloud proprietary heuristic technology, is able to detect new and sophisticated targeted threats before they reach customers’ networks. Over 8.4 billion email messages are processed each month and more than 1.7 billion web requests filtered each day across 14 data centers. Symantec also gathers phishing information through an extensive anti-fraud community of enterprises, security vendors, and more than 50 million consumers.
Symantec Trust Services provides 100 percent availability and processes over 6 billion Online Certificate Status Protocol (OCSP) look-ups per day, which are used for obtaining the revocation status of X.509 digital certificates around the world. These resources give Symantec analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The result is the annual Symantec Internet Security Threat Report, which gives enterprises, small businesses, and consumers essential information to secure their system effectively now and into the future.
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemLillian Ekwosi-Egbulem
This document discusses several common types of basic cyber attacks including internet fraud, destructive attacks, theft of intellectual property, and denial of service attacks. It provides examples of each type of attack, describing the motives and damages caused. Countermeasures are suggested to prevent each attack, such as installing security software, monitoring network activity, and enforcing access controls and policies. The conclusion emphasizes the importance of protecting information and systems given the economic and security impacts of vulnerabilities.
Cybersecurity and its impact on your commercial real estate portfolioJLL
The global cybersecurity market is currently worth more than $107 billion in 2015 and is expected to grow to more than $170 billion by 2020—an annual growth rate of almost 10 percent. In federally leased real estate, more than $32 billion was spent in the last decade on cybersecurity, with trillions more planned for the decade to come.
Join us as we introduce you to the world of cybersecurity—what it is, where it is, how it’s funded, and most importantly – how it impacts your real estate investments.
The document discusses the debate around cybersecurity, politics, and interests. It summarizes that the threat of cyber attacks has driven increased spending on security by states and corporations. However, critics argue the threats are exaggerated and that the response is overly militarized and risks wasting resources. The debate has implications for the future of internet governance and privacy as states consider greater regulation and monitoring of internet traffic.
This document summarizes a presentation on cybersecurity risks and management practices. It outlines the evolution of cyber threats from less advanced in the past to more sophisticated today. Significant risks to businesses are identified as data theft, malware that destroys systems, denial of service attacks, and reputational attacks. Case studies show how even large companies can be vulnerable to attacks through a single weak point. The document then covers different types of security threats like hacking, phishing, man-in-the-middle attacks, and botnets. It emphasizes the need for senior management leadership on cybersecurity and outlines best practices for managing risks and measuring return on investment in security.
- The document summarizes a Symantec security refresh presentation. It discusses the current threat landscape including targeted attacks, data breaches, mobile threats and email threats.
- It then provides an overview of Symantec's Global Intelligence Network and security solutions portfolio. This includes advanced threat protection, data loss prevention, identity protection, and more.
- The presentation aims to show how Symantec's extensive security offerings and global threat intelligence network can help organizations protect their information, infrastructure, and interactions from today's threats.
This document discusses the challenges that big data poses for cybersecurity. It notes that the volume, variety, and velocity of data has increased dramatically due to factors like the growth of the internet and consumer technology. This has led to unprecedented growth in cyber threats that security companies must address. The document argues that successfully protecting users requires efficiently processing big data to generate intelligence through techniques like specialized search algorithms, machine learning, and analyzing relationships in the data. It maintains that a combination of automated analysis and human insight is needed to understand the evolving threat landscape.
The document provides 10 steps to safeguard a business from growing cyber threats. It notes that 72% of attacks target user identities and applications rather than servers and networks. The document then explores the current security landscape, why and how businesses may be vulnerable, and profiles different types of hackers including cyber criminals, state-sponsored attackers, hacktivists, and cyber terrorists. It discusses how new ways of working and an increasingly digital world have increased complexity and opportunities for cyber attacks.
The document discusses cyber security threats and vulnerabilities. It provides statistics on malware attacks, vulnerable areas when online, and costs of cyber crimes. Emerging technologies like moving target and remote agent technologies are aimed to constantly change networks and monitor security, but collective global measures are still needed to maximize security as cyber attacks can significantly impact individuals, organizations, and entire economies.
The document discusses the growing threat of cyber attacks facing all organizations. It notes that no organization is safe from attacks, which are increasing in scale and sophistication. Some key points made include:
- Cyber attacks range from financially motivated crime to espionage to activism and warfare, with financial crime being the most commonly experienced by organizations.
- The boundary-less nature of cyber space and low costs of attacks relative to their impact make threats unpredictable and difficult to defend against.
- Effective cyber security requires looking outward beyond organizational boundaries and increasing collaboration both within sectors and between public and private sectors. However, collaboration is still not working effectively.
- Understanding online business models and protecting the data that represents organizational value are both critical
This document discusses the growing cyber threats facing organizations today. It notes that as organizations increasingly operate online and digitize their services and information, cyber attacks have risen in scale and sophistication. The document outlines the main types of cyber attacks, including financial crime, espionage, warfare, terrorism, and activism. It emphasizes that effective cyber security requires looking outward beyond organizational boundaries and increasing collaboration between businesses and government. However, the document notes that public-private collaboration on cyber security has not been fully effective so far. Overall, the document argues that as threats in cyberspace escalate, secure information has become a key source of power, and cyber security is a major risk issue that organizations must address.
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
The Biggest Cyber and Physical Security Threats to Critical Infrastructure by Fas Mosleh, ex-HP, ex-IBM, ex-Broadcom. Discusses how critical infrastructure can be compromised by physical and security threats. Critical infrastructure refers to the systems, facilities, and networks that are essential to the functioning of a society and its economy. These are the assets that, if damaged or disrupted, could have a significant impact on public health and safety, economic security, and national security. Social engineering: This involves manipulating people into divulging sensitive information or taking actions that compromise security. Phishing is a primary example of such manipulation and is still one of the most prevalent types of attack. According to the 2021 Data Breach Investigations Report by Verizon, phishing was involved in 36% of all data breaches, making it the top threat action in the report. Phishing attacks are also becoming increasingly sophisticated and targeted, with attackers using social engineering tactics to trick victims into divulging sensitive information or downloading malware. This can include impersonating trusted individuals or organizations, creating convincing fake websites or emails, and using urgent or threatening language to pressure victims into taking action.
According to the 2021 State of the Phish Report by Proofpoint, 75% of organizations surveyed reported being targeted by phishing attacks in 2020, and 59% of those attacks were successful in compromising at least one user account or system. The report also found that COVID-19 related phishing attacks were particularly prevalent in 2020, taking advantage of the pandemic to trick victims into providing personal information or downloading malware.
5. Distributed denial of service (DDoS) attacks: These attacks flood a system with traffic, overwhelming it and causing it to crash or become unavailable.
6. Advanced persistent threats (APTs): APTs are sophisticated, long-term attacks that target specific organizations and can involve multiple stages of infiltration and exfiltration.
According to the 2023 CrowdStrike Global Threat Report, An uptick in social engineering tactics targeting human interactions – Tactics such as vishing direct victims to download malware and SIM swapping to circumvent multi-factor authentication (MFA).
This document discusses how critical infrastructure is increasingly being targeted by cybercriminals and nation-states through cyber attacks. It notes that while most critical infrastructure operators have strong physical security, many lack comprehensive cybersecurity strategies. It advocates for privileged access management solutions to help secure critical infrastructure according to new regulations and guidelines. Such solutions can help prevent attackers from gaining privileged access and help contain threats by isolating and auditing privileged sessions.
The document provides 10 predictions for the cybersecurity industry in 2022. It predicts that critical infrastructure will be a prime target for both cybercriminals and nation-states. Ransomware attacks will grow significantly in scope and impact, potentially disrupting entire societies. Cyber attacks will increasingly be used as a tool of foreign policy and domestic control by oppressive governments. Artificial intelligence and quantum computing developments will further escalate the arms race between attackers and defenders. Overall, 2022 will be a very challenging year for cybersecurity as threats become more powerful and widespread.
Running headEMERGING THREATS AND COUNTERMEASURES .docxrtodd599
Running head: EMERGING THREATS AND COUNTERMEASURES 1
LITERATURE REVIEW
Emerging threats and countermeasures in the U.S. critical infrastructure
Table of content
Background information 3
Research questions 3
Methodological approach 3
Data analysis and findings 3
Challenges in confronting threats 6
Conclusion and discussion 8
References…………………………………………………………………………………………9
Background information
In recent times, the province of security architecture has profoundly transposed by the escalation of threats targeting critical national infrastructure. The rise in such threats is directly related to the rapid integration of the infrastructures with emergent information technologies (IT). That said, it is easy to conclude that the destructive threats to the infrastructures are from cybercrime. Cybercrime manifests in several dimensions from worms, viruses to malware. It would be easy if such threats confronted quickly. However, the state of affairs is that it is not an easy endeavor at all, and hence protecting national infrastructure is even more challenging than it has ever been.Research questions
This essay answers the questions of the literature related to the emergent threats in the protection of critical national infrastructure. More also, it answers the question of the challenges involved in securing the infrastructures.Methodological approach
The study of data collection is conducted using a qualitative approach. Qualitative research is the scientific study of observations that seeks to describe, explore, explain, and diagnose phenomena by gathering non-numerical data.Data analysis and findings
It has not been easy protecting national infrastructure in the last two decades thanks to an increase in cybercrime. Public information systems are lucrative targets for hackers and other ill-motivated criminals. The state affairs have led to a conclusion that in a time in the current generation, the world is increasingly veering toward cyber warfare. The cost of cybersecurity threats is estimated to be over billions of dollars and still learning. Even with new measures, it appears the rate at which cybercriminals are expanding their technological dominion in the deep web is exceedingly strange.
Cybersecurity attacks take different dimensions. Perhaps one of the most devastating has been related to user inefficiency when handling systems. Most cybercriminal activities have shown an impeccable ability to surpass both the human and system shields that protect systems. In the dawn of the early 2000s, for example, the world was in a panic following an attack unleashed by two Philippine students. The attack, known as love bug exposed the value system behind the human-based security system. It is one of the weakness and which is solely flexible to easy manipulation. Following the love bug attack, the national intelligence system had to be switched off for several hours. The cutting-edge world has seen a multiplication in th.
Preparing today for tomorrow’s threats.
When companies hear the word “security,” what concepts come to mind
— safety, protection or perhaps comfort? To the average IT administrator,
security conjures up images of locked-down networks and virus-free devices.
An attacker, state-sponsored agent or hactivist, meanwhile, may view security
as a way to demonstrate expertise by infiltrating and bringing down corporate
or government networks for profit, military goals, political gain — or even fun.
We live in a world in which cybercrime is on the rise. A quick scan of the
timeline of major incidents (See Figure 1, Page 9) shows the increasing
frequency and severity of security breaches — a pattern that is likely
to continue for years to come. Few if any organizations are safe from
cybercriminals, to say nothing of national security. In fact, experts even
exposed authentication and encryption vulnerabilities in the U.S. Federal
Aviation Administration’s new state-of-the-art multibillion-dollar air
traffic control system
Marriage of Cyber Security with Emergency Management -- NEMADavid Sweigert
The document is a statement from the National Emergency Management Association (NEMA) to the House Committee on cyber incident response. It summarizes that a cyber attack could have catastrophic consequences comparable to a major natural disaster. It calls for emergency managers and cybersecurity experts to work together to understand vulnerabilities, plan coordinated responses, and ensure authorities and resources are adequate to address consequences. The threat is complex, involving threats from nations, hackers, and terrorists, and attacks could impact critical infrastructure systems. States are still determining roles and responsibilities for cyber response, so federal coordination and support is needed.
How to take down the 911 call center -- NFPA 1221 , Chapter 13David Sweigert
This document discusses potential cyber attacks on public safety answering points (PSAPs) that handle 911 calls. It notes that past attacks have disrupted PSAP operations and stolen data. The document argues that national standards for PSAP cybersecurity like NFPA 1221 Chapter 13 are not sufficient, as they focus on paperwork compliance rather than active security measures like penetration testing. It calls for greater integration of cybersecurity experts into emergency response through frameworks like Emergency Support Function 18. The document warns that adversaries are already gathering intelligence on PSAPs to identify vulnerabilities to exploit in future blended physical and cyber attacks.
1) The document discusses the evolving nature of cyber security threats and how both nations and individuals are vulnerable due to increased connectivity and interdependence on internet-connected systems and infrastructure.
2) It notes that as critical systems like elections and power grids become networked and accessible online, national security will require addressing potential cyber attacks.
3) The document examines different types of cyber attacks and challenges like attribution, and argues that governments need to take cyber security seriously and invest appropriately in defenses given their growing reliance on digital technologies.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
This document discusses the need for organizations to shift from a prevention-focused approach to cybersecurity to one focused on rapid detection and response. It notes that most organizations have mean times to detect threats of weeks or months, leaving critical systems vulnerable. The document introduces the concept of security intelligence and outlines a threat detection and response lifecycle that organizations should optimize to reduce their mean time to detect and respond to threats. This involves processes like discovering threats, qualifying them, investigating incidents, and mitigating risks.
This seminar discusses cyberterrorism, defined as disruptive or threatening activities against computers and networks to cause harm or further social, political, or ideological objectives. It provides an overview of the topic, including background information on the development of public interest in cyberterrorism since the late 1980s. The document outlines forms of cyberterrorism like privacy violations, secret information theft, demolishing e-governance systems, and distributed denial of service attacks. It also examines who may carry out cyberterrorism and why, as well as its potential impacts.
Online security – an assessment of the newsunnyjoshi88
This document discusses online security risks and recommendations. It begins with definitions of online security, information security, information warfare, and internet security risk. It then reviews literature finding increasing dependence on the internet, expansion of criminal activity online like identity theft, and growing demand for cybersecurity specialists. Specific examples of data breaches at major organizations are provided. The document recommends a multi-layered approach to online security including collaboration between governments, businesses, and individuals. It also recommends businesses reconsider security strategies with trends like cloud computing and social media increasing risk.
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
Cyberterrorism involves using computer systems to disrupt or shut down critical national infrastructures like transportation and government operations. As countries rely more on computer systems, new vulnerabilities have emerged. Cyberterrorism is an attractive option for modern terrorists as it allows for large scale harm, psychological impact, and media attention while maintaining secrecy. While experts warn of possible cyber attacks crippling infrastructure systems, to date no confirmed acts of genuine cyberterrorism have occurred. National security and the IT industry are working to address this threat.
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
globalaviationairospace.com
Cyber security for telecommunications companies
The rewards and risks of the cloud, devices, and data
The fastest growing sources of security incidents, increase over 2013
Security strategies for evolving technologies
Strategic initiatives to improve cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
The document discusses cybersecurity and how simple it is for hackers to breach corporate networks. It finds that over 90% of successful breaches only require basic hacking techniques that use tools freely available online. The document recommends that companies implement four risk reduction measures - whitelisting authorized software, rapidly patching systems, minimizing administrator privileges, and continuous monitoring - to significantly reduce their risks of being hacked as these measures address the most common vulnerabilities exploited. It argues companies need to better secure their networks to meet their fiduciary responsibilities and due diligence in protecting shareholder value from the persistent cyber threats faced.
This document discusses the growing threat of cybercrime and cyberterrorism as American society becomes increasingly interconnected through digital technology and the internet. It notes that critical infrastructure systems like transportation, energy, water, healthcare and financial services all rely on internet-connected digital systems, making them vulnerable to cyber attacks that could disrupt services or endanger lives. The document advocates for improved cybersecurity measures to protect personal information, businesses, governments and critical infrastructure from online threats.
The frequency and impact of cyber attacks have escalated cybersecurity to the top of Board agendas. Institutions are no longer asking if they are vulnerable to cyber attacks. Instead, the focus has shifted to how the attack might be executed, risks and impact. Most importantly, their organisational readiness and resilience to such threats.
Similar to Cyber Threat to Public Safety Communications (20)
1. Cyber Threat to Public Safety Communications
Kory W. Edwards
Webster University
May 2016
2. Abstract
Public safety communications are the most crucial point of defense within the communication
critical infrastructure (CI) sector. This paper explores the past mistakes, the threats, challenges,
vulnerabilities and solutions in protecting public safety communications systems to ensure
communications flow from the public to the first responder and all the coordination between
them. This research paper traces the progression of public safety communications during the 9/11
attacks to modern infrastructure changes and the new threats they pose. Once identified,
solutions are offered for those vulnerabilities.
Keywords: Cybersecurity, Public Safety Communications, Cyberattack, Communications
Security, Disaster Response
Post 9/11 Connectivity Created Ubiquity
Public safety communication vulnerabilities attained prominence in the aftermath of the
September 11th
, 2001 terrorist attacks. Once the two planes hit the World Trade Center,
approximately 55,000 calls went out to the 911 emergency call center, of which 3,000 were
received within the first few minutes. (Sharp, et al 2011) Cell phone networks promptly became
overloaded as well, thus complicating first responder communications which typically used cell
phones as a back-up to land mobile radio (LMR) systems.
Radio repeaters on the Twin Towers were damaged and LMRs being used by police and
firefighters could not operate at a power strong enough to hear the evacuation calls from within
the buildings. (Sharp, et al 2011) With the addition of noise, operators talking over each other,
incompatible systems, differences in radio jargon and the confusion, public safety
communications underwent a significant break down during the crisis. America needed a remedy
for the future.
Since 9/11, the most common buzz words in emergency management are “redundancy” and
“interoperability”. Federal funding continues to flow to agencies of all levels of government,
Federal, state and local in order to procure systems that can operate in the same network or
bridge into each other’s networks. The big push for more powerful radios, converters for cell
phones to talk to LMRs, audio bridges to link LMR networks into a single channel, converters to
merge LMR and other communication platforms into a voice-over-IP communication and
broadband communications that ride over the internet have all increased interoperability and
redundancy of public safety communications significantly. But emergency managers often
overlook a key fact- connectivity creates ubiquity.
The ability to connect all these platforms together offers many benefits, but the more
components connected to the internet also provides for more entrances for cyber-attack.
Components linking systems then become single points of failure that a cyber attacker can reach
from literally anywhere around the world with the right skills.
Attacks on Public Safety Communications
3. What is an attractive target?
Just in the year 2013, there were over 600 instances where citizens were denied emergency
services as a result of a cyber-attack; 200 of these attacks directly targeted offices of public
safety and their systems. (Macri 2014) Since 9/11, significant emphasis is placed on
interoperability between agencies and levels of government. Interoperability plans often rely on
increased connectivity to the open internet for remote maintenance, remote diagnostics and
conversion of signals between networks. Each of these connections offer a cyber attacker
additional access points from which they can monitor public safety communications, intercept
sensitive data or conduct a cyber-attack.
Aside from the actual public safety communications systems, which are increasingly more
complex and composed of more secure components, the public’s ability to communicate with
911 services presents a prime target. Cyber-attacks have become so increasingly routine that IT
professionals and their executive chain no longer focus on individual or repetitive attacks. The
sheer volume and variety of penetrations and probes do not garner attention unless there is a
significant loss of data or productivity. As Federal funds flow to agencies large and small to
improve interoperability and redundancy, few agencies invested in protecting the public’s link to
911 call centers. As of May, 2015, over 200 attacks were conducted against 911 call centers
using a telephone denial-of-service (TDOS) attack. (Viebeck 2015) Similar to a distributed
denial-of-service (DDOS) attack, the attackers launch a large volume simultaneous calls to 911
which ties up the system and prevents the receipt of legitimate emergency calls.
The most attractive targets are those easiest to get access to and most likely to cause the biggest
effect. These would be the ability of the public to call 911, 911 call center’s ability to receive and
process calls, and the single points of failure within interoperable bridge systems.
The Attacks
In recent years, we’ve seen sporadic attacks on both 911 systems, other public safety networks or
supporting companies and infrastructure. Here’s just a small sample:
In early 2016, a cyberattack flooded Spartanburg County, SC non-emergency
phone lines and pushed the calls onto the 911 system which jammed the 911 call center
and slowed dispatching to respond to emergencies. (Stone 2016)
In April 2016, a cyberattack shut down various public safety systems of the
Newark Police Department, NJ. The virus used in the attack prevented staff from
accessing criminal data and the primary system used to dispatch first responders for 3
days. The police had to use their back-up system until the virus was remediated.
(Coleman 2016)
In March 2016, a cyberattack flooded VOIP Innovations, a leading provider of
voice over IP services, with service requests and denied their customers access to the
system. The attack was so intense and so frequent that the FBI considered the attack a
national security threat. (Hartmans 2016) Why? Because first responder agencies use
VOIP in their primary networks or use components such as the Raytheon ACU-1000 for
interoperability. The ACU-1000 converts numerous land-mobile-radio (LMR) and other
communications systems to a single VOIP signal, which allows them to talk to each
4. other. (Raytheon 2012) This becomes a single point of failure in a mass casualty of major
event situation management.
In December 2014, cyber attackers disrupted the emergency 911 system in
Indianapolis, IN for several days. The attackers either entered the system directly or by
way of an individual computer. Not only did the penetration of the system occur, but the
attackers stayed within the system to see how police responded to the incident. (Brilliant
2015)
Threat of Secondary Attacks
If the inability to contact emergency services were not concerning enough, the combination of a
major terrorist attack followed by a cyber-attack on first responder systems could significantly
compound the loss of life. Currently, cyberattacks from terrorist organizations have inflicted
minimal damage and mostly consist of nuisance attacks. The concern with cyberattacks being
combined with a physical attack within the U.S. relates to both future capabilities and the
organizations’ ability to purchase cyberattack capabilities. The Islamic State of Iraq and the
Levant (ISIL) obtained significant financial support from oil field seizures and other means.
These funds could easily be used to recruit a successful cyber attacker to provide a secondary
attack in the aftermath of a physical attack.
Security Challenges of Public Safety Communications
Complacency
Recent mass casualty incidents in previously little known locations like San Bernardino, CA,
Charleston, SC, Colorado Springs, CO, and Fort Hood, TX show us that public safety
communications are of concern in places outside of the major metropolitan areas that most often
receive attention. Many agencies and local governments believe that their city, county or town
will never see such an event occur. And they might be right. Especially when facing significant
expenses in upgrading their public safety networks, why put forth the effort and funding for a
small possibility?
Between frequently changing legal and technological requirements and the massive coordination
needed to improve interoperability and continuity between agencies, most heads of agencies are
not willing to dedicate time, manpower and a large portion of their budget to fix their
cybersecurity vulnerabilities. (Burger, et al 2016) Public safety officials are not likely to pay
close attention to cyber-attacks that happened “over there” in a distant city or state. In fact, many
heads of agencies that hire security experts become complacent over the daily threat briefs and
worries of their security staff. The security director who constantly cries wolf cannot get the
action they need when it is significant. So, should a cyber security professional not mention the
daily threats? Our society has become tone deaf to the headlines about cybersecurity issues. And
our complacency becomes a major challenge in address the security needs to public safety
communications.
Expense/Funding
Budgets always have been a battle for any security professional. The biggest challenge facing a
Chief Information Security Officer (CISO) is normally not identifying the vulnerabilities and
5. solutions, but obtaining the budget necessary to fortify their networks. Take for example the
following headlines over just the last year:
How to be a successful CISO without a “real” cybersecurity budget (SEP 2015)
How to calculate ROI and justify your cybersecurity budget (DEC 2015)
Rebalancing your cybersecurity budget with deception technology (APR 2016)
A recent study showed that across all industries, government failed industry-standard security
tests the worst. In fact, government agencies fixed fewer than 1/3 of detected cyber-security
problems and most often due to budget constraints. (Ward 2015) Whereas private companies
such as Target have been financially and legally held accountable for data theft, government
agencies are often not held to the same standards. The theft of millions of Federal employee
personal information during the Office of Personnel Management data breach is a perfect
example of why government should dedicate more funds to cybersecurity, but do not have the
same legal and financial incentives to do so as a private company does through litigation risks.
Interoperability
Since 9/11, many agencies have progressed in the issue of interoperability between agencies.
With the support of the Department of Homeland Security, universal standards of data
management, enabling of broadband capabilities for voice, data and video, and hardware
solutions such as audio bridges and higher-power land-mobile-radio systems have become
commonplace. Even joint command centers have sprung up to bring crisis management
participants face-to-face when needed.
The increased interoperability also comes with its own set of challenges though. Not every
agency can afford to participate in these joint interoperability ventures due to funding or
incompatible systems. Expenses often are cost prohibitive for smaller or rural agencies using
outdated and incompatible systems meaning they must bear a larger expense in order to become
interoperable. Instead, they end up relying on less expensive options such as augmenting LMR
networks with broadband. Aside from the broadband cyber vulnerabilities, this option typically
uses first responder commercial smartphones that lack mission-critical voice capabilities such as
radio-to-radio and one-to-many communications. (DHS 2014)
Shared systems between agencies also run the risk of being tied into an agency that has not
employed security measures, that lacks diverse routing or redundancy in electrical power. When
agencies lack common security policies and training, one of the agencies might be enabling
insiders to accidentally or intentionally disrupt operations or security throughout the share
network.
Vulnerabilities of Public Safety Communications
Next Generation 911 Systems
Today’s trend in 911 systems is the implementation of Next Generation 911 (NG911) systems
which operate on an Internet Protocol (IP). These systems offer a wide range of broadband
options for voice, data, video and interconnection of public and private networks. Unfortunately,
this new system subjects 911 communications to significant vulnerabilities that come with an IP
6. connected system. In order to be functional for a wide array of agencies, these systems require
standardized identity management and credentialing system-wide. The use of credentials allows
a potential attacker numerous attack vectors and wide-spanning access which would allow the
attack to spread quickly and proliferate across systems. (DHS 2015) DHS is of the opinion that
these risks do not undermine the benefits of the NG911 system; however, they acknowledge that
as attacks increase in complexity and sophistication beyond the TdoS attacks currently used, the
system will be more at risk. But such a statement begs two questions, how do we know these
more sophisticated attacks do not already exist? And, how soon before we begin to see these new
attack strategies. By ascribing to a new system with known flaws and multiple chokepoints, and
especially by publishing these vulnerabilities, are we not encouraging new attack development?
Reliance Upon Telephony
Modern public safety communications systems rely heavily upon telephony. The New York
Police and Fire Departments, for example, operate a dedicated, private LTE carrier using the 2.5
GHz spectrum leased by the Brooklyn Archdiocese. (Careless, et al 2011) This now subjects the
entire New York emergency response to standard LTE attacks on the commodity hardware and
software used, rogue base stations renegotiation attacks (forcing the communications to less
secure GSM channels), man-in-the-middle (MiM) attacks, jamming, attacks using stolen secret
key (K) attained from the carrier’s HSS/AuC or the UICC manufacturer, physical attacks on base
stations or availability attacks on eNodeB and Core. (Bartock, et al 2015)
Those public safety communications systems that rely on VOIP communications for
interoperability also have significant vulnerabilities to deal with. Internet bound packets can be
intercepted or significant strain on VPN hardware can cause delays and broken communications.
These VOIP systems all lead to virtual chokepoints at gateways and base station control
functions (BCFs) and securing them at a firewall is challenging. Other VOIP security is
depended upon updated patches to phones, good underlying network security, operating system
security, DoS attacks, packet interception, unsecure open ports, wireless connectivity exposure
and spam over IP telephony. (Ruck 2010)
The ability to conduct attacks on telephony is not complicated but does require specialized
equipment that is not difficult to obtain. Especially when dealing with cellular systems, the most
secure operating system is the Android or iOS operating system on the phones; however, at least
two other operating systems exist on handsets and they have significantly more vulnerabilities.
The base board operating system controls all functions involving radio frequency (RF)
transmission and controls. They rely on signals being dent on the downlink from a tower as
being both secure and direct commands. Shifting an LTE signal to GSM or UMTS where
security flaws are more exploitable can be done with a cause code 8 which bricks the handset
and instructs it to stop looking for LTE. This would knock a first responder’s handset off the
secure LTE network and since most of these specialized LTE systems do not have a GSM
channel in their neighbor list, the phone becomes dead at least until power cycled away from the
rogue base station’s reach.
SIM cards on cellular devices are also a vulnerability. Reverse engineering of a SIM card can
grant unauthorized access, or hacking of an authorized SIM card can give a cyber attacker access
7. to about 13% of authorized devices in order to steal data or conduct a TDoS attack from within
the specialized network. (Anthony 2013)
Shortage of Cyber Security Professionals
Despite all the improving hardware, software, encryption, awareness and companies willing to
sell and install the latest and greatest in cyber security and cyber defense systems, one final
vulnerability remains and is growing. This would be the shortage of cyber security professionals
to employ and acknowledgment of the need for these professionals. Many companies and
government entities have shifted their hiring practices to ensure new head of security are also
information security or cyber security trained; however, the fact remains that roughly 300,000
cyber security jobs remain unfilled in the U.S. and that number is likely to grow to over 1.5
million in the next 5 years. (Zarya 2016)
This shortage means that public safety agencies must compete for this talent pool with private
corporations which typically offer higher salaries than government entities can afford to pay. The
shortage also leads to expansion of the talent pool by hiring foreign cyber security experts or
relying on offsite cyber security companies for support through consulting roles or crisis
assistance. Hiring foreign professionals runs the risk of terrorist sympathizers infiltrating these
agencies to either conduct cyber reconnaissance or an attack. And the hiring of consultants or
outside crisis management companies means a delayed response to these attacks and a response
to only attacks that are blatantly noticeable.
What does a public safety agency do about the daily attacks that do not rise to the crisis threshold
but could be indicative of probing or planning for a larger attack? How can an agency respond
rapidly and effectively if their support is not onsite? It is imperative that we recognize the
vulnerability within our employee talent in addition to the hardware and software security issues.
Solutions for First Responder Communications
Communication of Information Via Fusion Center Network
One of the benefits of the actions taken by the Department of Homeland Security after the 9/11
Report was issued was the establishment of a state fusion center network. Federal funding
supports these state and major metropolitan area analysis centers that now exist in every state
and territory, with the exception of Wyoming. Embedded analysts and liaisons at these fusion
center connect agencies of all levels of government and private sector partners through face-to-
face interaction at the center. In addition, useful tools such as Adobe Connect sessions are
offered for free through the DHS portals. These communications systems remove crisis
discussions from the agency’s standard networks and onto an internet based platform that may
not be linked to the victim agency’s networks and therefore not targeted in the cyber-attack.
Use of these fusion center tools can allow access to key personnel using any device that is able to
connect to the internet via cellular or land-based Ethernet connections, regardless of the ISP or
connection. Voice, data, messaging and video are all offered on the platform and through the
embedded DHS Intelligence Officers, information can travel rapidly through the fusion center
network to other state, localities and centers which may need to prepare for subsequent or
simultaneous attacks. These DHS Intelligence Officers have already established rapport and
8. contact with key players within their area of responsibility. This is a significant resource that is
often under-utilized.
Network In-A-Box
An alternate cellular back-up solution would be a closed cellular network such as the Multi-
Radio Network-in-a-Box system offered by a joint venture between Radisys, Octasic and
Quortus. (Radisys 2015) This product is a portable cellular base station platform that can handle
up to 32 cellular devices per box and is deployable via UAV, vehicle or backpack. It uses
4G/LTE, 3G and 2G air interfaces, allowing any cellular device to connect to it but allows the
agency to restrict which devices can connect to the platform by using a whitelist/blacklist
authentication.
In order to cover larger distances or urban environments, the system can be deployed with
multiple platforms and establishing a crisis specific cellular channel, frequency and neighbor list.
How is this platform different from a carrier platform? It offers the security of being a closed
network that does not connect to outside carrier networks. This inhibits a rogue tower or internet
attack since it is detached from public cellular networks. If the frequency were to be intercepted,
that frequency can be changed for the authorized devices. A visual log of SMS transmissions
between devices can also serve as a time-stamped record of the event management and decisions.
Satellite Backup
There is a common misperception that redundancy and diversity of communications can be
achieved through multiple options of terrestrial communications. Unfortunately, this ends up
leading to diversity of the carrier but not the pathway. (Bardo 2015) If the entire infrastructure
collapses due to a major terrorist attack or natural disaster (as in 9/11), what options remain?
This is where satellite communications become essential. Just as satellite communications can be
deployed at sea or on a battlefield without significant infrastructure, these satellite
communications systems are a fail-safe in a catastrophic event. Modern satellite communications
allow for sleeve devices that can be added to off-the-shelf cellular devices to convert them to
satellite capable handsets. Satellite communications should be an integral part of any continuity
of operations planning.
Recruitment of Cyber Security Professionals
As mentioned in the vulnerabilities section of this paper, there is a shortage of cyber security
professionals. A solution to this problem is to recruit or train IT personnel within the agency to
understand cyber security issues. Agency sponsorship of certification courses such as Certified
Information Systems Security Professional (CISSP) and Security + courses, attached with an
employment commitment obligation (to prevent employee loss) could augment the agency’s IT
skills.
In addition to training and recruitment, executives must break the complacency mindset and
dedicate resources and attention to improving their cyber security status. In government, where
loss is not as much of a concern, policies must be adopted to hold government executives
accountable in the event that their agency suffers a significant loss of data or service capability.
9. Conclusion
No public safety communications system is 100% secure from cyber-attack and no agency has
the funding to reach the pinnacle of cyber security. However, it is incumbent upon public safety
leadership to seek out solutions to improve their security standing. Lives are on the line, as we
learned during the 9/11 attacks, those lives can be first responders and citizens. Communications
are the key to an effective disaster response and our attackers understand that by disrupting these
communications they can maximize the effects of their attack. The solutions outline above are
just a few of the possibilities and as technology evolves, so must our communications defenses.
10. References
Sharp, K.; Losavio, K. (2011) 9/11, 10 Years Later., PSC Online, Retrieved from:
http://psc.apcointl.org/2011/09/06/911-10-years-later
Macri, G. (2014) Emergency services like 911 n longer cyber-safe, GAO reports.
TheDailyCaller.com, Accessed from: http://dailycaller.com/2014/01/30/emergency-
services-like-911-no-longer-cyber-safe-gao-reports/
Viebeck, E. (2015). DHS: 911 Call Centers Vulnerable to Cyber-Attack. TheHill.com, Retrieved
from: http://thehill.com/policy/cybersecurity/241442-dhs-911-call-centers-vulnerable-to-
cyberattack
Stone, A. (2014) Cyberattack: The Possibilities Emergency Managers Need to Consider.
EmergencyMgmt.com, Retrieved from:
http://www.emergencymgmt.com/safety/Cyberattack-Emergency-Managers.html
Coleman, V. (2016) Cyber Attack Temporarily Shut Down Newark Police Computer Systems.,
NJ.com, Retrieved from:
http://www.nj.com/essex/index.ssf/2016/04/cyber_attack_shuts_down_newark_police_co
mputer_sys.html
Hartmans, A. (2016) VOIP Innovations Suffers Cyberattack., Pittsburgh Business Times.
Retrieved from: http://www.bizjournals.com/pittsburgh/news/2016/03/17/voip-
innovations-suffers-cyberattack.html
Raytheon (2012) ACU-1000 Datasheet. PSI Company. Retrieved from:
http://www.psicompany.com/man-prod-info/Raytheon-JPS/Control-Equipment/ACU-
1000/ACU-1000-Datasheet.pdf
Brilliant, J. (2015) Hackers Target Indianapolis 911 Center. WTHR.com Retrieved from:
http://www.wthr.com/story/27897557/hackers-target-indianapolis-911-center
Burger, E.; Welch, T. (2016) Complacency in the Face of Evolving Cybersecurity Norms is
Hazardous, Legaltech News, Retrieved from:
http://poseidon01.ssrn.com/delivery.php?ID=04310512712102512509107200409409412
100903600008206109110602100102511101202308307301112005810012204202405311
407111201207411107602009003403703409907012109909207106504204600000007712
5102095114095093001086003092000106100109001126026102125106089113097006&
EXT=pdf
Ward, M. (2015) All Industries Fail Cybersecurity, Govt The Worst., CNBC.com, Retrieved
from: http://www.cnbc.com/2015/06/23/all-industries-fail-cybersecurity-govt-the-
worst.html
Department of Homeland Security (DHS) (2014), The Hybrid Public Safety Microphone (Turtle
Command) Land Mobile Radio Converging with Broadband., Retrieved from:
11. https://www.dhs.gov/sites/default/files/publications/The%20Hybrid%20Public%20Safety
%20Microphone-Turtle%20Command-
Land%20Mobile%20Radio%20Converging%20with%20Broadband_0.pdf
Department of Homeland Security (DHS) (2015) Cyber Risks to Next Generation 911., Retrieved
from:
https://www.dhs.gov/sites/default/files/publications/NG911%20Cybersecurity%20Primer
%20FINAL%20508C%20(003).pdf
Careless, J. and Bischoff, G. (2011) What a Difference a Decade Makes., Urgentcomm.com,
Retrieved from: http://urgentcomm.com/networks-amp-systems-mag/what-difference-
decade-makes
Bartock, M.; Cichonski, J.; and Franklin, J. (2015) LTE Security – How Good Is It?, National
Institute of Standards and Technology (NIST), Retrieved from:
http://csrc.nist.gov/news_events/cif_2015/research/day2_research_200-250.pdf
Ruck, M. (2010) Top Ten Security Issues Voice Over IP (VOIP), Designdata.com, Retrieved
from: http://www.designdata.com/wp-
content/uploads/sites/321/whitepaper/top_ten_voip_security_issue.pdf
Anthony, S. (2013) The Humble SIM Card Has Finally Been Hacked: Billions of Phones at Risk
of Data Theft, Premium Rate Scams., Extremetech.com, Retrieved from:
http://www.extremetech.com/computing/161870-the-humble-sim-card-has-finally-been-
hacked-billions-of-phones-at-risk-of-data-theft-premium-rate-scams
Zarya, V. (2016) How These Mormon Women Became Some of the Best Cybersecurity Hackers
in the U.S., Fortune.com, Retrieved from: http://fortune.com/2016/04/27/mormon-
women-cybersecurity/
Radisys (2015) Radisys, Octasic and Quortus Partner to Deliver a Multi-Radio Network-in-a-
Box for Defense and Public Safety Sectors., Radisys.com, Retrieved from:
http://www.radisys.com/press-releases/radisys-octasic-and-quortus-partner-deliver-multi-
radio-network-box-defense-and-public-safety
Bardo, T. (2015), Why Public Safety Plans Should Include Satellite Communications.,
Hughes.com, Retrieved from: http://www.hughes.com/resources/why-public-safety-
plans-should-include-satellite-communications?locale=en