Cyber Security Tips for 911 Centers

Cybersecurity: How You Can Help Protect Your Communication Center

By The VFIS Team on June 4, 2020

Why cyber safety is important (now more than ever) and free resources to help protect your 911 system

You might not be afraid of the dark – but you should at least be concerned with the very real threats of the dark web. In fact, cybersecurity should be an area of concern for all emergency service organizations, businesses and individuals.

Research from the University of Maryland estimates there’s a hacker attack every 39 seconds – impacting one in three Americans each year – and the results are costly. Cybersecurity Ventures projects that cybercrime damages will hit $6 trillion annually by 2021! What’s worse (if that’s possible) is that attackers are using the chaos of the current climate to target some industries harder than ever, including increasing PPE phishing scams.

Public safety agencies and local governments have found themselves especially vulnerable to these incidents. According to NBC News, there were 184 cyberattacks against these types of organizations between 2016 and 2018 – and 42 of these were against 911 centers. The general public is becoming more and more aware of these risks after nightmare attacks on Atlanta and Baltimore made national headlines – but is enough being done to help prevent them?

When cyberattacks target communication centers – the dangers go far beyond loss of money; there can be loss of life. Sadly, a 6-month-old baby in Dallas showed many people these devastating risks after he died when his babysitter’s 911 calls were delayed during an apparent DDoS (disrupted denial-of-service) attack.

Cyber Tips For 911 Call Centers

How can you help protect your communication center and the entire 911 response system? Know the threats, develop a plan and train your crew.


Understanding what you’re up against

As 911 centers continue to evolve and more functions move to an Internet Protocol (IP) platform, Public Safety Answering Points (PSAPs) will need to continue to stay up-to-date on the latest threats facing their organization.

According to Homeland Security, most cyber tactics against 911 centers fit into these 3 categories:
  1. Threats from users and devices, including:
    • Data breaches – techniques that steal, access or manipulate data
    • Malware – convinces victims to download malicious software onto devices
    • Ransomware – this blocks or holds systems for ransom
    • Phishing – the use of fraudulent emails that appear to be coming from a trusted source
    • Insider threats – people who have authorized access to data but intend to do something malicious
    • Spoofing – criminals appearing to be unauthorized members of the organization
  2. Attacks against network infrastructure and connections, including:
    • Denial-of-service attacks – attackers overload and strain the capacity of a network
    • Man-in-the-middle attacks – when a middle point of communication (like a tower) is breached
    • Telephone-denial-of-service attacks – voice over systems overwhelm or prohibit calls
    • Unauthorized network access – authentication measures are bypassed
  3. The use of malicious data, applications and services, including:
    • Malicious applications – apps that appear safe (or are in disguise) but are intended to steal, corrupt, eavesdrop or acquire data
    • Swatting – manipulates the location of a 911 call and prompts action
    • Unauthorized data access – getting access to and/or manipulating sensitive information

Yup… that’s a lot of threats – many of which most people don’t fully understand. But there is some good news. Now that you have a general idea of the risks you face and the current landscape of cyber threats against public safety organizations, you can implement some basic security plans that can go a long way to helping improve your safety.


Fighting back against cybercriminals

Step 1: Develop a plan.

Your data security plan should address who is responsible for security, who will train the team, what policies should be implemented, the current safety of your data (both physical and on your network), what measures should be taken to increase safety, protocol for ongoing safety checks and how to address suspicious activity.


Step 2: Implement policies + train your crew.

Do your 911 operators know the signs of a phishing email? Are they using your facility’s computers for personal reasons? Do they know not to open attachments from unknown sources? Do they know if they hover over a hyperlink that it will tell them where that link is actually going? How “safe” are their passwords?

There are a variety of free resources online to help you implement cyber policies and train your team – here are just a few:

The cyber world can be scary – but it’s important to realize that we don’t have to wear a hoodie, sit in front of 10 computer screens and hide out in a basement in order to fight back against these criminals. Most of their tactics count on us to make mindless mistakes; so it’s our job to hold ourselves accountable, take a few extra moments to really assess our online behavior and continue to talk about these potentially life-saving measures. Together, we can make a big difference.

How Can I Help Protect My 911 Center Against a Data Breach? Ask

The VFIS Team

VFIS is the largest provider of insurance, education and consulting services for fire departments, ambulance and rescue squads and 911 centers in North America, having pioneered the first tailored insurance package for this industry in 1969.


The information contained in this blog post is intended for educational purposes only and is not intended to replace expert advice in connection with the topics presented. Glatfelter specifically disclaims any liability for any act or omission by any person or entity in connection with the preparation, use or implementation of plans, principles, concepts or information contained in this publication.

Glatfelter does not make any representation or warranty, expressed or implied, with respect to the results obtained by the use, adherence or implementation of the material contained in this publication. The implementation of the plans, principles, concepts or materials contained in this publication is not a guarantee that you will achieve a certain desired result. It is strongly recommended that you consult with a professional advisor, architect or other expert prior to the implementation of plans, principles, concepts or materials contained in this publication.

This blog post may contain the content of third parties and links to third party websites. Third party content and websites are owned and operated by an independent party over which Glatfelter has no control. Glatfelter makes no representation, warranty, or guarantee as to the accuracy, completeness, timeliness or reliability of any third party content. References to third party services, processes, products, or other information does not constitute or imply any endorsement, sponsorship or recommendation by Glatfelter, unless expressly stated otherwise.

Related posts

Real-life tips to help your emergency service organization recruit and retail more volunteers.

Continue Reading

How you can help protect your most important asset: your people, and how to help them set up their insurance benefits so that they reflect their wishes.

Continue Reading

Agreed value eliminates many of the downsides that emergency service organizations may experience from traditional auto policies.

Continue Reading

Submit a Comment