Why Public Safety is Under Cyber Attack and How to Prepare For It

By: Tom Breen, Cybersecurity Liaison, SecuLore Solutions, LLC

Did you know October was National Cybersecurity Awareness Month (NCSAM)? Yes, October is now officially in the books, but cybersecurity is a topic that needs to be top of mind twelve months a year. NCSAM is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners — including the National Cyber Security Alliance — to ensure every American has the resources they need to stay safe and secure online. This is especially important in public safety and organizations that provide critical communications for obvious reasons. As such, in tribute to NCSAM, and as a reminder that it needs to be a priority year round, Zetron is pleased to provide the following guest post by one of our trusted technology partners, SecuLore.

Cyber-attacks on government networks are growing exponentially, and in some cases – with lethal consequences! Public Safety networks are under cyber-attack because they are a high value/high vulnerability target to hackers. The very nature of ‘always-on’ computers and mission-critical 9-1-1 services make Public Safety networks the perfect target for ransomware and cryptomining/cryptojacking, and the impacts are significant.

For the first six months of 2021 cryptojacking volume hit 51.1 million registered attacks, as published in the 2021 mid-year SonicWall Cyber Threat Report. Similarly, SecuLore’s Cybersecurity Attack Archive indicates there have been over 100 Public Safety cyber-attacks and more than 250 Local Government cyber-attacks (disclosed) in the USA in the past 24 months (a rolling quantity, often higher). By the end of 2021 Cybersecurity Ventures reports that ransomware is expected to attack a business every 11 seconds, and ransomware damages are estimated to hit $20 BILLION.

How Are Hackers Attacking Public Safety?

The most common attack methods used by hackers against Public Safety include (not limited to):

Brute force attacks, compromised Remote Desktop Protocol and Virtual Private Network credentials are the top three common infection vectors. Reciprocity reports there were 377.5 million brute force attacks on RDPs in Q1 of 2021.

• Phishing / Social engineering

• Compromise of Active Directory via various techniques including credential stuffing. Enables the intruders to effectively distribute malware and collect data using AD itself.

• Hackers probe targets using Exploit Kits to deposit various malicious “payloads” e.g., ransomware. Exploit kits can be acquired as a service (RAAS) via the dark web (Internet, the cloud, etc.

• TDoS and DDoS attacks cause service disruptions at PSAPs that can be life-affecting when real callers cannot reach the help they need. Additionally, there can be costs associated with these attacks that certainly include the time wasted when Telecommunicators have to triage between real and fraudulent calls.

Steps Public Safety Should Take to Harden the Target

Holistic Security Approach

Continuous behavior-based cybersecurity monitoring of your network is the most important aspect of protection!

Vulnerability assessments – Per the Task Force on Optimal PSAP Architecture (TFOPA), vulnerability assessments should occur at a minimum of every 90 days across the whole of the infrastructure to ensure your cyber-defense preparations are functioning as expected. Exception per CSRIC VII: if the type of cyber monitoring in use provides weekly reports and regular external analysis, then vulnerability assessments could instead be done annually.

NIST 800-53 Rev 5 CA-7(1) recommends employing independent assessors or assessment teams to monitor the controls in the system on an ongoing basis.

Recommended Mitigation Methods for Ransomware include:
• Comprehensive backup strategy which includes frequent backup testing (see below). It is the most important step in ransomware recovery.

• Preventative architecture techniques including employing least privilege, especially with admin credentials (Limit admin permissions to the lowest level required to perform each person’s job responsibilities).

• Endpoint protection

Create strong passwords, requiring sufficiently high entropy. SecuLore recommends 12+ character password from an unrestricted alphabet (include special characters!). A computer-generated password ensures a high entropy result. (NIST SP 800-132 Recommendation for Password-Based Key Derivation – December 2010 describes Entropy as; “A measure of the amount of uncertainty in an unknown value”).

✓ Train your staff in cyber hygiene. Training is widely available and can help reduce risk by up to 40%
(e.g., SecuLore’s Cybersecurity Hygiene Training).

Hide your super-secret info (encryption keys, API keys, etc.), in an encrypted wallet or vault rather than plain text files.

Use MFA (Multi-Factor Authentication) and only access the network via IT approved devices.

Lock down remote access. Any remote access to critical systems should first enter a sandboxed environment (i.e., via VPN). If it is not operationally necessary to provide remote access, remove it entirely.

Secure your ports by controlling access with a firewall and closing ports that are not being used.

Keep patches up to date (police your vendors too!)

Have a well-thought-out Incident Response Plan in place and test it on a timely basis. See TFOPA.

✓ Keep complete/regular backups using the 3-2-1 approach and test them on a prescribed schedule to ensure they will work when needed.

Questions to consider when testing your backups:
• What needs to be backed up? Are you considering all your critical data?
• How often should you test? Are you testing too often or too little?
• Are you able to restore the data?
• Was the recovery accurate and effective?
• Was the recovery reliable?
• How to test without putting your “production” system at risk?

Implementation Planning Considerations
• Have contingency plans for offline operations
• Ensure personnel are trained in offline operations
• Have manual methods of performing mandatory functions
• Partner with nearby ECCs for support
• Consider vendor and 3rd party services, and make sure they have contingencies too!
• Prepare physical copies of critical documents and store them safely and keep them updated
• Have printed lists of emergency contacts and store them safely and keep them updated
• Consider cyber insurance to help pay for 3rd party assistance, NOT for paying ransom (paying ransom should be an absolute last resort)

Cybersecurity References Applicable to Public Safety

DHS Cyber Risks to Next Generation 9-1-1

DHS Cybersecurity Directives

APCO Cybersecurity Introduction

TFOPA Reports

NIST Cybersecurity Framework

NENA Security for Next-Generation 9-1-1 Standard (NG-SEC) NENA-STA-040.2-201X (originally 75-001, v1) (under rewrite at this time)

CISA & SAFECOM Transition Resources for NG9-1-1

CYBERSECURITY | iCERT 2021 (theindustrycouncil.org)

Cybersecurity Guidelines | Resources | SecuLore Solutions

911.gov Cybersecurity

The National Institute of Technology (NIST) Cybersecurity Framework is an excellent source of best practices to defend against or improve the odds of recovering from a successful cyber-attack.

• In August 2020 the FCC’s Advisory Committee, CSRIC-VII included reference to the ‘Center for Internet Security® (CIS) model for improving cybersecurity practices. CSRIC-7 also formally recommended implementing the appropriate industry-recognized cybersecurity controls in their entirety where possible, or in phases if necessary, during the transition to NG9-1-1. See Appendix D of the CSRIC Report. On September 30, 2021 while announcing CIS Community Defense Model 2.0, CIS stated that the bottom line is that implementation of CIS Controls, and specifically IG1, are a robust foundation for your cybersecurity program.

• The NIST’s “A Guide for Managed Service Providers to Conduct, Maintain and Test Backup Files” is a great resource for the Managed Service Providers (MSP) that typically operate the ESInet for Public Safety to use to improve their cybersecurity and the cybersecurity of their PSAP customers.

Additional details relating to topics mentioned herein may be found at SecuLore’s Webinar Archive, or contact info@seculore.com.

Want to know about new posts? Subscribe today and receive periodic alerts on what’s new on the Zetron Z-wire blog!


Popular Posts

Subscribe to our Blog

Subscribe to Z-Wire today to get updates on new content.

Have a question about the Blog?

Send us your questions, comments or if you’d like to contribute a post click here.

Related Posts

Person in wheelchair and service dog

Helping Paws

Humans have been relying on dogs for years and they’ve become highly visible in law enforcement or military roles, increasing their familiarity to the public. However, canines as individual service animals and those working in other industries are lesser known. Service and support animals are vital to the health and well-being of many. With the increased visibility through the media and social media, it’s becoming clear to the wider public that service animals perform a vital role in the health and well-being of people.

Read More
NG9-1-1 -person dialing 9-1-1

NextGen is NOWGen: Why Is NG9‑1‑1 Important?

Since public safety emergency call centers work well today, what is NG9-1-1 and why is it so important? NG9-1-1 is an advanced emergency response system that leverages modern digital technology to enhance communication and data sharing capabilities, enabling faster and more efficient responses to emergency situations. It supports multimedia inputs such as text, images and video, improving situational awareness for first responders. The primary answer to “why?” though, is to improve the safety of both the public and the first responders.

Read More
Cartoon image of phone and person with 911

The History of 9-1-1

The idea of having a nationwide number to call for help during emergencies began almost 70 years ago. Research, studies and updates to technology made that idea a reality, and those working in public safety, especially the telecommunicators who answer emergency calls, helped to make 9-1-1 the number in the United States for police, fire, and ambulance services.

Read More

National Public Safety Telecommunicators Week and the Second Annual Golden Headset Awards

Recently, for its second consecutive year, Zetron had the privilege of hosting the Golden Headset Awards in honor of National Public Safety Telecommunicators Week (NPSTW). The awards are a celebration of the outstanding contributions and dedication of the extraordinary individuals who work as public safety telecommunicators. This year’s awards were a resounding success, with an overwhelming number of participants compared to the first year and an abundance of incredible entries that truly showcased the remarkable work done by these heroes across the nation.

Read More