Five Keys to Transforming your PSAP into a Cyber Fortress
By Paresh Patel, VP of Information Security, Carbyne
As our world turns more and more towards technology, it’s important to consider the potential security threats that come with relying on technology for critical infrastructure. One area where these concerns are extremely pertinent is in the realm of 911 emergency services cyber security. 9-1-1 emergency services are the backbone of communication between civilians and emergency responders during times of crisis. In an age where cyber threats are increasingly prevalent, the security of these services is of the utmost importance. Unfortunately, many of these services are vulnerable to cyber attacks, as cyber criminals continue to develop new and sophisticated methods of infiltration. The good news is by addressing the following five recommendations, you could go a long way towards transforming your PSAP into a Cyber Fortress.
- DODGE D-DoS and TDoS ATTACKS
Two common methods of attack are Distributed Denial of Service (DDoS) and Telephone Denial of Service (TDoS) attacks. These attacks aim to overload the 9-1-1 systems with a huge volume of traffic from many different sources including simulated telephone lines, effectively blocking legitimate traffic from getting through. This can cause a critical delay in the ability of emergency responders to receive and respond to requests. The increasing use of Internet of Things (IoT) devices, which are often poorly secured, increases the potential for these types of attacks. Modern cloud-native call-handling solutions with call-triage technology can deflect this surge in calls to automated workflows, presenting only the more verified and urgent calls to your limited staff, thereby neutralizing the attack.
- ENCRYPT COMMUNICATION CHANNELS
Another major concern is the potential for hackers to compromise the communication channels between 9-1-1 call centers and emergency responders. This could manifest in various ways; attackers could disrupt the flow of data between call centers and responders or even manipulate the data, causing emergency responders to be sent to the wrong location or arrive without proper equipment or information. This is why security-minded PSAPs use solutions like Carbyne Responder Connect utilizing encryption technologies such as HyperText Transfer Protocol – Secure (HTTPS) that ensure communication channels are off-limits to hackers on the internet.
- OPT FOR CLOUD NATIVE
In order to protect against these types of attacks, 9-1-1 call centers must take several measures. First, the physical security of the infrastructure should be a top priority, including the security of servers, routers, and other network equipment. Strong firewalls and intrusion detection systems should be put in place to detect and prevent attacks. Second, individual devices, such as desktop computers and mobile devices, should be secured with up-to-date anti-virus, anti-malware and anti-spyware software, and regular software updates. Third, robust communication encryption and authentication protocols should be used to protect sensitive data shared between call centers and emergency responders. Fourth, work with your technology team to implement secure tiered architecture across your center and insist on hardened baseline images to avoid data corruption. If all this sounds like a lot of overhead for your center, you are not alone. In fact this is why more and more PSAPs are opting for cloud-native technologies so that their vendors do the heavy lifting of keeping everything up to date, so PSAPs can focus on what they do best – provide life-saving emergency response minute after minute, day after day.
- INSIST ON CERTIFICATIONS
Furthermore, 9-1-1 centers need to ensure their vendors adhere to best practices and industry certifications to ensure proper security of sensitive data. These certifications include SOC II (System and Organization Controls – II), HIPAA (Health Insurance Portability and Accountability Act of 1996), and ISO 27001 (by the International Standards Organization) among others. While these certifications cannot guarantee your PSAP will never suffer a security breach, they are some of the best precautions you can take to ensure that not only are your operations intruder-proof, but so are those of your vendors.
- SHARPEN THE SAW
Finally, it is important to recognize that cyber security is an ongoing process that requires constant vigilance and attention. As new threats emerge and cyber criminals develop new and sophisticated tactics, emergency services must remain up-to-date with the latest techniques and technologies to ensure their systems remain secure. Ensure you and your staff are stay abreast of emerging trends in cyber security by attending industry conferences, watching industry webinars, and enrolling in industry training sessions.
In conclusion, 9-1-1 emergency services cyber security is a critical issue that demands attention and action. The security threats that exist can have devastating consequences, both for the responders who rely on these systems and for the civilians who call upon them for help during times of crisis. By taking proactive steps to secure their systems, emergency services can help ensure that they are able to respond quickly and effectively to any emergency situation. And you will be well on your way to transforming your PSAP into a Cyber Fortress.
To download your free copy of the Carbyne Security Handbook for Emergency Communications Centers, please click here.