Cyberattackers are coming for public safety; prepare now

Organizations and citizens have a “shared responsibility” to defend their data, computer hardware and software systems from ransomware attacks


All public safety leaders and personnel share the responsibility of understanding the risks of cyberattacks, educating themselves and taking action to protect their organizations, as well as their private information.


The threat of cyberattacks, especially ransomware attacks, against public safety is real. In early June, Christopher Wray, FBI director, made clear the significance in a “Wall Street Journal” interview when he described malware and ransomware attacks as similar to the challenges posed to national security in the aftermath of the Sept. 11, 2001, terrorist attacks. Wray also said, “There’s a shared responsibility, not just across government agencies, but across the private sector and even the average American. The scale of this problem is one that I think the country has to come to terms with.”

All public safety leaders and personnel share the responsibility of understanding the risks of cyberattacks, educating themselves and taking action to protect their organizations, as well as their private information.

Public safety is a target

Ransomware attacks are increasing in cost and frequency. In the private sector, 37-61% of businesses report being attacked, with an average financial impact of $1.85 million and six days of downtime per attack. In a Police1 poll, 21% of respondents said their department had been a victim of a ransomware attack.

Public safety organizations, the local governments they are part of, as well as hospitals are a target rich environment for attack because:

  • Attackers, especially novices, might seek out public safety organizations because too many departments have soft security protocols, a patchwork of out-of-date software and vulnerable mobile hardware systems in patrol cars, fire apparatus and ambulances.

  • Public safety organizations may have invested less in prevention and preparedness while cyberattacks were focused on the private sector. As businesses and private industry harden systems against infiltration, attackers may turn their attention to soft targets.

  • Public safety organizations have a statutory obligation to protect some of the information they collect and store, like electronic patient care records, thus making those records valuable to an attacker threatening to release those records if a ransom is not paid.

What public safety leaders need to know about cyberattacks

Wray has made clear that the threat of cyberattacks is significant. In the months and years after 9/11 fire, police and EMS organizations trained for new CBRNE threats, developed new protocols and procedures for investigating and mitigating those threats, and updated training requirements and programs. Ransomware attacks warrant the same level of focus and funding.

Ransomware attackers seek to take control of computer operating systems until a ransom is paid. The Colonial Pipeline systems were breached through a single compromised password from an inactive account. Attackers may also threaten to publish confidential or sensitive information, such as intra-organizational emails, personnel files or patient care records, unless a ransom is paid.

As public safety leaders consider the significance of the threat, keep in mind that service disruptions after software is compromised by a cyberattack can have short- and long-term consequences to organization operations. After an attack on the City of Tulsa, police officers had to write paper reports that were hand-delivered to the courthouse. Because computer systems were down, police were unable to response to non-injury traffic collisions and firefighters used map books to navigate to calls. It may take days or weeks to restore computer operating systems and months before the depth of the attack is fully understood and cyber forensic investigators can declare that all malware has been removed and systems are no longer vulnerable.

What leaders can do to prepare

Respondents to the annual EMS Trend Report acknowledge their organizations are poorly prepared for a cyberattack. More than half (56%) of 2021 respondents say their organization is “slightly prepared” or “not prepared at all.” This represents a slight improvement from 2020, when 64% of respondents answered either “slightly prepared” or “not prepared at all.”

The first preparedness step is to increase your knowledge of cyberattack methods, terminology, prevention tactics and response techniques. Here are some ideas:

  • Attend the June 24 expert panel discussion, “Understand the risks and prepare your department for a cyberattack,” co-hosted by Police1, FireRescue1 and EMS1.

  • Increase your knowledge of department cybersecurity prevention and response protocols by meeting with information technology staff and contractors.

  • Monitor and understand the actions vendors take to secure your department’s data and software systems.

  • Read this White House Memo to corporate executives and business leaders, “What we urge you to do to protect against the threat of ransomware.”

Next, cyberattack preparedness, defense, response and recovery represent a new budget line item for public safety organizations. If your organization hasn’t already begun to request funding for these new expenses, begin as soon as possible to budget for:

  • Increased information technology staffing through additional employees or contractors
  • Software as a service products to protect operating systems and hardware
  • Cyberattack and ransomware insurance that may help investigate a claim, negotiate a ransom payment and reimburse for damages after an attack
  • Additional expenses for cyberattack forensic investigations that may not be included in insurance coverage
  • Operating reserve or a rainy-day fund that could be used to pay a ransom to restore software operating systems and secure data

Along with budgeting and increasing your knowledge of cyberattacks and cybersecurity, check on the content and frequency of training offered to staff. Training should include:

  • Protection of usernames and passwords, as well as other best practices for data and software protection

  • Recognizing a ransomware attack and the process for reporting an attack to department leadership and IT administrators

  • Tabletop exercises for department leaders to respond to a ransomware attack

  • Ongoing reading about ransomware attacks in public safety and other industries to understand attack tactics and how other organizations respond to a ransom demand

The time to prepare for a cyberattack on your department is now. Learn more from these additional resources:

White House Memo by epraetorian on Scribd

Greg Friese, MS, NRP, is the Lexipol Editorial Director, leading the efforts of the editorial team on PoliceOne, FireRescue1, Corrections1, EMS1 and Gov1. Greg has a bachelor’s degree from the University of Wisconsin-Madison and a master’s degree from the University of Idaho. He is an educator, author, paramedic and runner. Greg is a three-time Jesse H. Neal award winner, the most prestigious award in specialized journalism, and 2018 and 2020 Eddie Award winner for best Column/Blog. Ask questions or submit article ideas to Greg by emailing him at and connect with him on LinkedIn.