FirstNet needs cyber safeguards

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Kathleen Hickey
 

Connecting state and local government leaders

By Kathleen Hickey

|

Public-safety answering points and other 911 service providers need cybersecurity professionals and continuity plans in case of cyber disasters.

Public-safety answering points (PSAPs) and other 911 service providers need to hire cybersecurity professionals and have continuity plans in place for cyber disasters, said Bill Schrier, senior policy analyst and First Responder Network Authority (FirstNet) point of contact for the state of Washington and former CTO for the city of Seattle.

In a podcast with IWCE’s Urgent Communications, Schrier spoke about security and cybersecurity related to PSAPs and 911systems. The discussion on topics broached at the forum on Cyber & ICT Security for Emergency Calling and Communications, held in early March and hosted by the Industry Council for Emergency-Response Technologies (iCERT).

“It is important to have these discussions now, because if we’re going to build a network for public safety, we have to make sure network and device security are primary considerations during the design phase. Not only will building security in at the beginning make security better and more robust, but it also will drive down enterprise cost,” said Patrick Flynn, director, Homeland/National Security Programs, Intel Security and chair of the iCERT Cyber & ICT Security Committee in a Medium article discussing the iCert conference.

PSAPs are responsible for answering calls to an emergency telephone number for police, firefighting and ambulance services and dispatching these services. Today most PSAPs have IP-based networks, although they usually are closed networks, with some leading states having ESInet, said Schrier. The Emergency Services IP Network, or ESInet, delivers voice, video, text and data to the PSAP.

Next Generation 911 (NG911) brings new concerns,” said Schrier. One of the bigger ones: citizens can send texts, documents, pictures and videos to a 911 call center that could hold a virus that could affect the call center or first responders.

FirstNet, which will permit multiple agencies and departments to communicate and share data when responding to a single large event, also has security holes. 

Established through a 2012 law, the FirstNet network will use technology similar to commercial cell phone networks’ 4G broadband service to help connect on-scene data, dashboard cameras, body cameras and other necessary media-linked devices for the best interoperability. Access to 4G will allow for mobile web access, video conferencing and HD video specifically designed for public safety officers and first responders.

While most of the security challenges have been identified, no one has yet come up with solutions, said Schrier.

“One of the issues is identification and access management,” he said. A police officer may use an IP-based network to lookup warrants, while an emergency technician may be accessing or generating HIPAA (the federal Health Insurance Portability and Accountability Act, which, protects the confidentiality and security of healthcare information) data, he said. Both may be using the same device.

“How do you make sure the person using the device has the authority to access the data?” he asked. Currently the cellular networks don’t have the capabilities to identify the individual using the device.

Another concern is putting sensitive public safety information into the cloud – which has had many high profile breaches.

A roundtable at the forum on securing cloud services believed  it was inevitable that PSAP data would move into the cloud. A key to securing this data is the underlying security of cloud technology providers, such as Microsoft and Amazon, which “can hire a lot more people than PSAPs,” said Schrier. These cloud technology providers must be compliant with federal, state and local security regulations. A current example: Microsoft performs background checks on employees in its data centers to meet HIPAA regulations and have built its cloud networks to [certain] specifications, he said.

Still, many data breaches in the private sector have occurred at the point of sale at a merchant, not in the cloud, said Schrier. “The parallel in public safety would be individual systems … in PSAPs or fire departments. The breach might occur when they are disconnected from the cloud,” he said.

All these potential problems are reasons why public safety organizations need disaster plans and cybersecurity professionals on staff, Schrier said.

NEXT STORY: How agencies can tighten personnel security

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.