Are wearables reliable enough for public safety?
- By Matt Leonard
- Oct 24, 2017
Technology products designed for public safety must be reliable under extreme conditions. That’s why the National Institute of Standards and Technology will begin testing wearables marketed to first responders.
Through its Public Safety Communication Research Division, NIST has been working on technology issues specific to the first responder community, including finding appropriate mobile device management solutions. This look into wearables builds on that past work, according to Joshua Franklin, an IT security specialist in the National Cybersecurity Center of Excellence.
“When a new product class arises, it's not always up to snuff in terms of security,” Franklin said about the expanding market for wearables. “But sometimes it is, so we would love to be pleasantly surprised when we’re looking at these devices.”
NIST has been talking with first responders across the country about what they’d like to see in wearable technology.
“We’ve been finding that they all are about availability,” he told a crowd at the Oct. 24 Advanced Technology Academic Research Center Federal Mobility Summit. “Confidentiality and integrity are great, but availability is the priority.”
That means building in backups. Devices should be able to switch to Wi-Fi if cell service is unavailable and then to Bluetooth if Wi-Fi goes down. Some consumer devices on the market have this capability, Franklin said, pointing to the new Apple Watch on his wrist.
This ability to communicate and spread information is by far the top priority, he said. Some responders said they’re even okay with using unsecure communication channels for backup because “they need to make sure they can get information out,” he added.
These conversations with first responders will inform a publication that NIST will release “as soon as possible,” Franklin said. The document is meant to help guide vendors toward what the responder community is looking for.
Then early next year, NIST plans to begin testing products at the National Cybersecurity Center of Excellence in Rockville, Md. About 20 devices will be tested, including both phones and wearables (headsets, smart clothing, body cameras, and heads-up displays).
Franklin said he isn’t sure yet how NIST will test the network availability that is so critical to first responders, though he said it can test network agility by looking at how many different kinds of networks devices can easily connect to.
Security of these wearable devices will also be considered in these tests, he said. That includes a device's updating policy and the state in which it’s shipped.
“I bet a lot of public safety devices are going to be shipping with old versions of Bluetooth that aren’t using the confidentiality protection that law enforcement needs,” he told GCN, adding that some devices don’t require authentication at setup, allowing anyone to connect. NIST will also be checking for broken or outdated algorithms.
A device's ability to update or patch its software is also vital to security. The main way to evaluate this is to read the updating policy, Franklin said.
“That’s one of the big differentiators between a secure device and a device that’s sort of lacking in that arena.”
Matt Leonard is a former reporter for GCN.