Cyber Threats to PSAP Increase as IP and Broadband Public Safety Networks Loom
By Stephen Martini
While IP-based public safety networks, such as FirstNet and NG9-1-1, promise to deliver mountains of data to aid responders in faster, more efficient responses, they also introduce equally large threats never before seen in the PSAP environment.
Kansas City Regional Terrorism Early Warning Fusion Center Director Troy Campbell and APCO Communications Center & 9-1-1 Services Director Jay English addressed these rising concerns on Wednesday with attendees at APCO’s Emerging Technology Forum in Kansas City, Mo.
Campbell listed a series of known cyber threats from a variety of sources, highlighting spearfishing and spoofing emails as the most common threats, and Iran as the most aggressive state-sponsored cyber threat source.
“Spearfishing and spoofing emails are probably 90 percent of how activists gain access to a network,” Campbell said.
Spearfishing describes an email that appears to come from a credible source, such as your bank or employer, with a malicious attachment appearing legitimate—perhaps named “Bank Statement” or “W2 Information.” Once clicked, the attachment activates an executable virus that could do anything from sit and gather data from your system undetected to completely reformat all hard drives on any computer on a given network.
The Cyber Threat Nightmares Campbell shared with the room intended to scare all attendees into taking the situation seriously. The scenario started with a simple spearfishing email sent from a ‘.gov’ email address with an attachment titled, “Incident Response Plan.” A user clicks it, allowing hackers access to the network.
Or they take control of a network, locking users out of folders and drives so no one can access anything. Or they activate a wiper reformatting hard drives on computers across the network—deleting years of data in moments.
Campbell then played audio and video of an Emergency Alert System Warning broadcast live across multiple states, reporting the dead were rising from the grave and attacking the living in areas including Montana, Michigan, Utah, New Mexico and California. Hackers hit EAS software still using the default password to gain access to the system and launch the ridiculous message.
After opening attendees’ eyes, English followed Campbell’s scenario with additional statistics. “There were 360 Telephony Denial of Service (TDoS) attacks on public safety institutions—PSAPs, law enforcement headquarters, hospitals—in the past 18 months,” he said. “Russia has hacked all the way to a California Highway Patrol trooper’s MDT more than once. Hackers in India enacted a TDoS on a U.S. Coast Guard Cutter.”
What Can You Do?
Defending against attacks is difficult for a variety of reasons. Websites that publish known sites distributing threats are at least 72 hours old while most threats are less than 48 hours old, leaving firewalls constantly one step behind.Cyber attacks often originate out-of-state or international, leaving law enforcement without effective recourse.
While tech-savvy personnel may be surprised to learn people open the attachments, Campbell said, on average, 15 percent of personnel in any given corporation will attempt to open the attachment.
English agrees. “We are only as strong as our weakest link—people,” English said. “They’re also our greatest strength, but we don’t live up to our responsibility to train them.”
Personnel must know to avoid some of the common mistakes—clicking mysterious attachments from unsolicited emails, plugging USB drives into network-connected PCs, and sharing their login credentials with other employees. And training has to continue early and often—at least quarterly, according to Campbell and English.
Beyond the human element, Campbell said it’s important for agencies to take at least six steps to protect their network; three on either side of the firewall. “I don’t care what you choose to do—whatever fits your network and your installation,” Campbell said, “but if you do six things you will reduce your risk by 85 percent.”
Agencies must be willing to share information about attacks in real time with their neighbors and state fusion centers to quickly identify similar attacks nearby. English referenced TDoS attacks near Naples, Fla., affecting both Naples and Collier County within 4 hours on the same day, but neither knew of the other being attacked for two weeks.
“What if that attack had extended to ten counties?” English asked. Along with sharing news of attacks with neighbors, agencies need to report attacks to federal assets using this website ensuring to note at they are public safety agency at the top of the complaint. English encouraged all states to consider implementing an emergency communications cybersecurity center to act as a filter for potentially harmful communications.
“That filtering must occur without slowing down services or hampering operations,” English said.
A list of resources with whom to speak is included in the FCC’s recently published Task Force on Optimal PSAP Architecture Report, Appendix 3 – PSAP Cybersecurity Resources. No matter what solution people choose, English encourages everyone in public safety communications to initiate these conversations with local, state, and federal representatives in their region to develop a plan because the threat is already here.
“I’m not afraid of the people who want Bitcoin—they want money,” English said. “They’re a pain in the neck and take up my time, but they don’t scare me. The people who scare me don’t want money—they want to hurt me. And we are a target for those attacks.”