Everything that’s important in life starts with safety. Who doesn’t want their family, their home, their workplace or their local school to be safe? People often rely on public safety agencies like law enforcement, fire departments and EMS to protect them in dangerous situations.
Cyberattacks can impact many types of public safety operations and mission-critical communications. Ransomware attacks, for instance, can force police and corrections officers to go back to pen and paper because they’re locked out of jail booking systems or municipalities to grapple with threats that sensitive community data will be leaked if they don’t pay thousands of dollars to cyber criminals. These are real cybersecurity threats public safety agencies have faced this year.
As public safety agencies across the world increasingly find themselves the targets of sophisticated cyber threat actors, creating a network for cyber threat intelligence sharing is one key way agencies are fighting back.
The Public Safety Threat Alliance (PSTA) has identified some key cyber concerns heading into 2024, along with ways to mitigate them:
Ransomware and extortion threats growing against computer-aided dispatch (CAD)
Let’s say that late one night in a small North American county, a public safety answering point’s (PSAP) personnel noticed they had been locked out of their CAD system. On their printer sat a ransom note from the attacker. Despite pulling the county’s internet connection, the extortion attack had already caused havoc. A six-week CAD shutdown forced dispatchers to track calls with pen and paper, with the agency losing an evidence computer and decades of records as well.
Bad actors who gain access to a CAD system can stop 9-1-1 from dispatching police, fire or EMS to the scene of an emergency until a ransom is paid — with downtime often unacceptable given the mission-critical nature of their work. Security leaders have seen threat actors act more boldly against mission-critical communications infrastructure, with eleven confirmed attacks impacting PSAPs and CAD systems so far this year. Furthermore, with many PSAPs adopting Next Generation 9-1-1 and modernizing their infrastructure to accept text, photo, video and digital content to enhance situational awareness, threat actors may have more entry points to access public safety systems.
Protecting against ransomware attacks requires a multi-layered approach. Regular patching, disabling unused systems that could provide gateways for bad actors and basic cyber hygiene practices like setting up multi-factor authentication can help reduce the risk of a ransomware attack. Ransomware attacks can often originate in adjacent networks that connect to those owned by public safety officials, so it’s also important that public safety agencies have a clear map of the other municipal agencies within their jurisdiction and neighboring jurisdictions that connect to their network which could leave them open to vulnerabilities.
Credential abuse is an easy access point for bad actors
Credential abuse gives threat actors high-level privileges and the ability to deploy malware. These kinds of attacks underscore the vital importance of regular cybersecurity maintenance like enforcing two-factor authentication and patching. It’s also important to restart systems following patches in order to ensure updates are functional.
Public safety agencies’ abilities to keep communities safe starts with the safety and security of their networks, operations and data.