Cybersecurity: How You Can Help Protect Your Communication Center

Why cyber safety is important (now more than ever) and free resources to help protect your 911 system

You might not be afraid of the dark – but you should at least be concerned with the very real threats of the dark web. In fact, cybersecurity should be an area of concern for all emergency service organizations, businesses and individuals.

Research from the University of Maryland estimates there’s a hacker attack every 39 seconds – impacting one in three Americans each year – and the results are costly. Cybersecurity Ventures projects that cybercrime damages will hit $6 trillion annually by 2021! What’s worse (if that’s possible) is that attackers are using the chaos of the current climate to target some industries harder than ever, including increasing PPE phishing scams.

Public safety agencies and local governments have found themselves especially vulnerable to these incidents. According to NBC News, there were 184 cyberattacks against these types of organizations between 2016 and 2018 – and 42 of these were against 911 centers. The general public is becoming more and more aware of these risks after nightmare attacks on Atlanta and Baltimore made national headlines – but is enough being done to help prevent them?

When cyberattacks target communication centers – the dangers go far beyond loss of money; there can be loss of life. Sadly, a 6-month-old baby in Dallas showed many people these devastating risks after he died when his babysitter’s 911 calls were delayed during an apparent DDoS (disrupted denial-of-service) attack.

How can you help protect your communication center and the entire 911 response system? Know the threats, develop a plan and train your crew.

Understanding what you’re up against

As 911 centers continue to evolve and more functions move to an Internet Protocol (IP) platform, Public Safety Answering Points (PSAPs) will need to continue to stay up-to-date on the latest threats facing their organization.

According to Homeland Security, most cyber tactics against 911 centers fit into these 3 categories:

1. Threats from users and devices, including:
   • Data breaches – techniques that steal, access or manipulate data
   • Malware – convinces victims to download malicious software onto devices
   • Ransomware – this blocks or holds systems for ransom
   • Phishing – the use of fraudulent emails that appear to be coming from a trusted source
   • Insider threats – people who have authorized access to data but intend to do something malicious
   • Spoofing – criminals appearing to be unauthorized members of the organization
2. Attacks against network infrastructure and connections, including:
   • Denial-of-service attacks – attackers overload and strain the capacity of a network
   • Man-in-the-middle attacks – when a middle point of communication (like a tower) is breached
   • Telephone-denial-of-service attacks – voice over systems overwhelm or prohibit calls
   • Unauthorized network access – authentication measures are bypassed
3. The use of malicious data, applications and services, including:
   • Malicious applications – apps that appear safe (or are in disguise) but are intended to steal, corrupt, eavesdrop or acquire data
   • Swatting – manipulates the location of a 911 call and prompts action
   • Unauthorized data access – getting access to and/or manipulating sensitive information

Yup… that’s a lot of threats – many of which most people don’t fully understand. But there is some good news. Now that you have a general idea of the risks you face and the current landscape of cyber threats against public safety organizations, you can implement some basic security plans that can go a long way to helping improve your safety.

Fighting back against cybercriminals

Step 1: Develop a plan.

Your data security plan should address who is responsible for security, who will train the team, what policies should be implemented, the current safety of your data (both physical and on your network), what measures should be taken to increase safety, protocol for ongoing safety checks and how to address suspicious activity.

Step 2: Implement policies + train your crew.

Do your 911 operators know the signs of a phishing email? Are they using your facility’s computers for personal reasons? Do they know not to open attachments from unknown sources? Do they know if they hover over a hyperlink that it will tell them where that link is actually going? How “safe” are their passwords?

There are a variety of free resources online to help you implement cyber policies and train your team – here are just a few:

• Free SOG: Computer Use Policy to help you develop a protocol on who uses your facility’s computers and why
• Cyber Self Assessment to help you evaluate your risks on a regular basis
• Printable Phishing Precautions to help your crew understand and recognize the signs of a malicious email
• Data Breach Best Practices to help everyone avoid costly mistakes
• Resources from security experts
• Industry resources on ResponderHelp.com designed for firefighters, EMTs, 911 dispatchers and other responders

The cyber world can be scary – but it’s important to realize that we don’t have to wear a hoodie, sit in front of 10 computer screens and hide out in a basement in order to fight back against these criminals. Most of their tactics count on us to make mindless mistakes; so it’s our job to hold ourselves accountable, take a few extra moments to really assess our online behavior and continue to talk about these potentially life-saving measures. Together, we can make a big difference.