APCO: Cybersecurity 101 (What Every PSAP Needs to Know)
Evolving PSAP technology makes it easier to save lives, but also makes it more difficult to protect from cyber threats.
At the Association of Public-Safety Communications Officials’ (APCO’s) annual conference last year, the organization hosted a professional development session titled Cybersecurity 101: What Every PSAP Needs to Know. The seminar featured Gilles Ferland, vice president of product management at Solacom Technologies; Chris Tucker, director of the Huntsville-Madison County 911 Center and Chris Marsh, principal sales consultant at Oracle Communications.
Ferland examined two photos. One showed a PSAP center as it functioned 20 years ago, with a landline telephone, desktop computer monitor and modem and a simple terminal.
Setups like these weren’t fancy, but without network connectivity and the ability to load applications, they were very secure, Ferland explained.
The other photo showed a contemporary PSAP center, with multiple flat-screen monitors connected to servers for call-taking, mapping and CAD systems, as well as multiple networks, a radio dispatch console and the ability to access other online databases for information.
This evolving PSAP technology means it is easier to save lives now than 20 years ago, but it also means emergency communications centers are more difficult to protect from cyber attacks, malware, viruses and data breaches, he said.
Ferland, Tucker and Marsh explained what PSAP managers can do to best protect their systems, examined cybersecurity issues facing emergency communications centers and how PSAPs can recover from a cybersecurity problem.
5 Key Takeaways for PSAP Cybersecurity
#1 The threats have changed.
The days of bored teenagers hacking websites for fun from their dorm rooms are long gone. In their place, new -- and more dangerous -- adversaries have emerged.
“The kind of attacks we had two, three years ago, they’re different from today,” Ferland said. “Software gets updated, it’s a very changing world, and that’s the difficulty.”
These adversaries, called threat actors, come in all forms, Ferland explained. They can be as isolated as a lone-wolf anarchist looking to make a statement by infiltrating a sensitive database. Those with more formal support may be government agents such as spies trying to gather information, or nation-states looking for political leverage.
In the worst case, terrorists … could go into the power grid and seriously affect a city, especially a big city, and cause havoc in that city,” Ferland said.
But it’s not only threat actors who have evolved -- their attacks have changed, too.
The risk landscape facing PSAPs today ranges from device-based threats, such as malware and spoofing, to network infrastructure and connection attacks like denial of service attacks, and data and service attacks in the form of swatting.
At best, one of these cyber threats from a determined attacker on a vulnerable PSAP can be an interruption, Ferland said. At worst, it can cost lives.
#2 Cyber attacks are on the rise.
According to a report from Positive Technologies, the first quarter of 2018 saw a 32% increase in the number of cyber incidents over the first quarter of 2017, Ferland said.
Hit hardest were individuals, with malware contracted by unsafe downloads and lack of anti-virus protection, the report detailed.
“Malware was used for five out of six attacks,” Ferland said. “This is a key attack vector that allows the system to be infected.”
However, cyber attacks on government systems rose as well, making up 16% of all cyber attacks in the first quarter of 2018. These attacks most commonly involved spyware accidentally downloaded from phishing email.
When opening email on PSAP devices and networks, “you need to be extremely diligent,” Ferland cautioned.
For an emergency call center director like Tucker, the main concern is a TDOS -- a telephony denial of service -- attack.
“Robo-dialers and intelligent programs can use AI to create human-sounding robots and natural conversation capabilities that keep 911 centers and call-takers so busy that callers with real emergencies can’t [get through],” he said.
#3 Interruption of 911 call services will continue to be a risk.
Unfortunately, cyber criminals show no sign of slowing down. In fact, Ferland predicted cyber attacks will only continue to rise, with ransomware attacks as a particular threat to PSAPs.
“In your call center, you might have call-taking, you might have call-taking and dispatch, you might have other types of applications and services you use,” he said. “The data is valuable -- it takes time to build. There’s a cost.”
But it’s really interruption of service, especially for the call-taking, that Ferland described as the most critical.
So if [your center] was put under ransomware, and none of your computers work, what do you do?” he asked. “It could be a number of hours, even days, where you cannot take any 911 calls. This is critical. This cannot happen.”
Ferland emphasized that cybersecurity experts named ransomware as the fastest growing security threat, with 75% of organizations targeted by ransomware fending off as many as five attacks in the last year, and 25% of organizations fighting more than six.
“It’s not only once,” Ferland warned. “Let’s say that you were not protected properly, and you didn’t have any good procedures, [so you were attacked]. You need to deal with the crisis of restoring your call center, and you need to prepare for the next attack, because these attackers will come back, and come back and come back.”
#4 Cybersecurity solutions for PSAPs are out there.
If these numbers and warnings are disheartening, don’t despair.
There are systems now that will detect anomalies and intrusions and patterns, and these systems will also provide more protection in terms of detection for these attacks,” Ferland said.
In fact, Ferland noted that endpoint security tools were responsible for identifying 83% of ransomware attacks, email and web gateways identified 64%of attacks, and intrusion detection systems 46%.
In terms of prevention, experts consider user awareness training to be the most effective way to keep cyberattacks from occurring.
“You can put an antivirus on, you can use monitoring systems, but user awareness training is key,” Ferland said.
Ferland identified a list of cybersecurity must-haves for PSAPs, including:
- Computer/Internet usage policies
- Patch and updates
- Backup/disaster recovery
- Audit logs
- Regular audits
“Because of the prevalence of cyber attacks, it is now essential that all networks and systems are monitored 24/7, with immediate notifications of intruder detection,” Tucker added.
#5 Updating PSAP continuity and recovery plans are a must.
Most operations have plans in place for how business should proceed following a fire or other emergency, but does your PSAP’s emergency plans include recovering from a cyber attack?
“It could be flooding or a fire, or all kinds of reasons your call center might be affected in terms of operations, but what’s key is that you need to include cyber attacks as one of the possibilities to cause disruption in your call center,” Ferland said.
Emergency communications centers should look closely at their continuity plans now, before a cyber attack strikes.
Have you identified the systems and processes that can be attacked? If so, have you identified who can resolve [those issues]?” Ferland asked. “Which systems should be brought up first? The call-taking system?”
He listed the elements a good recovery plan should have, including:
- Alternate site selection
- Contingency plan development
- Emergency notification list
- Vital records or system backup and recovery