In a new whitepaper, we explain how agencies can shift to a holistic, risk-based approach to security and why it matters now more than ever.
Cyber “resilience” is a term you may have heard in the news lately. While most agencies acknowledge the importance of protecting their networks and are actively creating and refining policies to do so, they still tend to lag behind other industries in terms of overall security scores. So, what exactly is meant by cyber resilience and how can agencies use resilience principles to more effectively defend their infrastructure?
That’s the topic of our new whitepaper Cyber Resilience: Implementing A Holistic, Risk-Based Approach to Security and it’s well worth a read for anyone charged with protecting their agency’s data.
According to the Department of Homeland Security, resilience is “the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”
Cyber resilience is a perspective that marries information security, business continuity, and resilience. It aims to help government and business prepare, prevent, respond and recover from cyber breaches. It is also a wholesale shift in thinking from earlier, individual cybersecurity efforts such as anti-virus programs, firewalls, and perimeter security that were touted as cure-alls that could be bought, installed, and essentially forgot. Cyber resilience counsels that security is an integral part of an organization’s core business, its processes embedded in every level of day-to-day operations with complete buy-in from IT departments, all staff, and the most senior executives and board members.
Compare this to many security strategies in place today that are often driven by the response to specific attacks or the need to meet compliance requirements and deadlines—not by a holistic approach to risk-based security.
The whitepaper lays out four serious challenges to implementing a holistic, risk-based strategy including the advancement of cyber-attack techniques, the fact that spending on cyber tools alone doesn’t ensure security, new attack vectors from open, interconnected networks, and the industry-wide lack of security expertise to tackle the problem. It then argues that The National Institute of Standards and Technology (NIST) Cybersecurity Framework, is the best guide to help meet these challenges and manage cyber planning.
The whitepaper demonstrates how this framework can be simplified and adapted to meet your agency’s need. It then provides a realistic example of a public sector breach to explain how the framework can help agencies in all phases of resilience including Identify, protect, respond and recover.
Read the full Motorola Whitepaper here and learn why forward-looking agencies are shifting to a risk mindset, focusing on mitigation options, continuous monitoring, diagnosis and remediation to evolve security practices.
Troy Mattern is the Vice President for Product and Services Cybersecurity at Motorola Solutions.
It was a nightmare scenario: John Smith (name is changed) the director of a mid-size Midwest PSAP (Public-Safety Access Point), got a call in the middle of the night. His IT manager said there was a possible DDoS attack. Workstations and mobile data began to lock up quickly as the attack spread.
John’s first thought: we just invested in a bunch of anti-virus software and bought new, state of the art firewall and hardware solutions. How did this happen?
John’s experience is one faced by PSAP directors around the country and serves as a cautionary tale from a recent article authored by Motorola Solutions: An Introduction to Cybersecurity for the PSAP.
The article argues that too many PSAPs, like John’s, focus solely on software and hardware solutions instead of a comprehensive cybersecurity strategy. While technology is important, so are well-defined processes and fully trained staff. A thorough understanding and implementation of best practices from standards bodies such as APCO, NENA, CJIS, NIST, and others are also critical.
The article serves a high-level guide to help readers implement an end-to-end cybersecurity solution based on the NIST Cybersecurity framework, including technology, processes, and people.
One of the most important aspects of an end-to-end cyber strategy, according to the article, is getting a handle on its overall scope. PSAPs must define the systems and data to protect, looking at systems such as CAD, reporting, and telecom and especially often overlooked systems such as radio, mobile data applications and devices, access control systems, and IIoT devices. Once the full cybersecurity scope is defined, along with a full understanding of risks and threats, cybersecurity processes can be developed and put into place.
Well-run PSAPs closely adhere to a set of standard operating procedures (SOPs). Cybersecurity should be no different. A well-constructed SOP ensures smooth operations, especially during times of crisis, while helping to manage risk and liability. The SOPs also form the foundation for an employee training program, creating a written record that ensures everyone is clear on their responsibilities and roles within the cyber strategy.
People are the most important element in any cybersecurity strategy. That’s why it’s so important for all employees, not just the IT department, to understand their roles and be able to carry out their responsibilities according to the cyber SOP. Ongoing employee training and testing as well as continuously refreshed risk assessments are critical pieces of the SOP and integral to a successful cybersecurity strategy.
NIST Security Framework
Fortunately, the National Institutes of Standards and Technology (NIST) designed a framework to help agencies create cybersecurity strategies. The NIST Cybersecurity Framework defines the technologies, processes, and people necessary to create a PSAP SOP and provides guidance on five key areas: Identify, Protect, Detect, Respond, and Recover.
For PSAP Director John Smith, and other men and women throughout the country facing the same challenges, a detailed and complete end-to-end cybersecurity solution based on the NIST Framework is the best defense against cyber threats. By integrating technology with processes and people, PSAPs can take a proactive approach to cyber security and will never have to wonder how a devastating breach could have threatened their operations.
Read the full article, An Introduction to Cybersecurity for the PSAP.
Marilyn Barrios is the Senior Cybersecurity Training Specialist at Motorola Solutions.
Thousands of articles, videos and blogs have been written about the importance of software security patching. The simple fact is that most cyber-attacks are based on known system and software vulnerabilities. Patching can correct these vulnerabilities and safeguard your network from intrusions.
And yet around the world, many of us fail to make security patching a priority. This became eminently clear over the weekend in the largest cyber-attack ever. A ransomware known as “WannaCry” resulted in more than 45,000 attacks in at least 100 countries over a 48-hour window. Former Assistant Attorney General for National Security John Carlin stated, “The reason this is hitting so many computers at once is they [the hackers] discovered a vulnerability in the most popular operating system in the world...in Microsoft Windows.”
Companies that were up to date on their patching were not affected by the cyber attack that shocked not only private organizations such as telecom giant Spain's Telefonica, but also government and public safety mission-critical entities such as hospitals and clinics across the United Kingdom and the Andhra Pradesh police in India.
“The fact that so many organizations were vulnerable to this was quite a surprise,” said cyber expert and CEO of Capital Alpha Security in the United Kingdom Matt Tait. “This patch came out three months ago." Yes, Microsoft did announce a fix for the vulnerability, but not everyone acted or even took note when the announcement was made. Some were unaware. Others had budget or resource constraints or simply waited to address due to other priorities.
The main lesson from WannaCry outbreak? Don't delay patching--ever. The political, public relationship and most important, civilian ramifications are enormous, especially for mission-critical organizations that depend on sophisticated IP-based communication networks. Our dedicated security experts help our customers mitigate cybersecurity threats with validated security patches through our Security Update Service (SUS). We analyzed, vetted and released the patch which addressed the WannaCry vulnerability to our customer base shortly after its initial release by Microsoft. We installed it and others for customers who opt for remote security patching and encourage those with our self-install patching option to do so immediately and reboot servers if you already haven’t.
The good news is that a security researcher inadvertently discovered a 'kill switch' which has halted the spread of the initial worm that took the world by surprise. In our modern world of cyber-threats, none of us can afford to be complacent any longer. Security patching is one of the core, fundamental steps needed to safeguard your system from cyber threats. For more information, visit our cybersecurity services page.
Kelly Miller is Software and Security Product Manager at Motorola Solutions.
I recently attended IWCE, a conference focused on educating end-users and operators on the trends and evolving technologies taking place with Land Mobile Radio (LMR) systems. My mission at the show was to increase cybersecurity awareness. LMR systems are no longer entirely closed networks or immune from cyber threats. If anything, serving as a mission-critical, communication component for government and public safety agencies, they have a propensity of gaining the attention of hackers. Government entities are being attacked at twice the rate of other industries across the board.
My goal was to raise awareness about the importance of proactive cybersecurity measures for LMR systems with a live hacking demonstration. From my demos, here were the common insights I gleaned from the LMR end-users and system operators I met:
Cybersecurity education is still needed. Only a small subset of those I spoke to had a sound understanding of their LMR system’s level of risk. Others were aware that their systems are now vulnerable to cyber threats. However, they were not knowledgeable of how their system can be compromised; their risk posture; or how to protect their systems from and respond to cyber intrusions.
Hackers aren’t that sophisticated. Most of the individuals I spoke to weren’t aware that you don’t have to be a brilliant hacker to create something that can comprise a system. Without a great deal of knowledge, hackers can create an exploit that can work on a LMR system. Everything needed is available through a few clicks of the button. A conference attendee that person I spoke to said, “I had no idea it was that simple!”
Chaos and disruption is the end goal. During my demo, I reviewed various examples of the actions hackers can take once in their systems. I explained how a hacker can upload code to overwrite operating software files to disrupt the network, launch web browser that redirect system users to a malicious website, and execute commands that can remotely shutdown and reboot a system server. Most system assaults are directed at disrupting communication at some level.
Most successful attacks are based on known vulnerabilities. The “A Ha!!” moment came when I pointed out that most attacks are based on known system vulnerabilities – 75% according to the Center for Strategic and International Studies. However, the good news is that these vulnerabilities have patches that can be applied to systems. Security patching is one of the first and important steps anyone can take to mitigate cybersecurity threats.
From my conversations at the show, the LMR end-users and operators I spoke to are more aware that their systems are vulnerable to cyber intrusions. However, it’s important that everyone understands their system’s risk posture and how to proactively address cyber threats. There isn’t room for complacency when safeguarding a mission-critical, LMR system. While there are many strategies and options available, there is one action everyone should take to mitigate cyber threats—regular security patching. For our customers, we offer this service with rigor by pre-testing and validating all required patches to ensure they don’t cause any disruption when installed. If you don’t patch, you’re at greater risk to get hacked. Why let that happen? Learn more at motorolasolutions.com/cybersecurity.
Wendell Robinson is Lead Cybersecurity Services Manager at Motorola Solutions.
Like it or not, even the best technology is destined to fail. With the rapid increase of demands placed on your mission-critical communications infrastructure -- such as adding new applications, expanding users, changing coverage needs or prioritizing data requirements -- outages are inevitable. Fortunately, organizations don’t have to be crippled in handling these challenges.
Developing continuity plans or disaster management plans is not a new concept; yet many tend to delay addressing this need until something bad happens.
What are you doing differently this year to stay better prepared? Applying best practices to maintaining and operating your critical communications system can provide better outcomes to improve your staff performance, system continuity and your bottom line.
How are you evaluating your risk of cyber attacks? Land mobile radio systems are not an exception to hacking and malware. Ransomware continues to be an increasingly costly threat and expected to remain the top cyber malware threat in 2017. Are you vigilant with monitoring this constantly-evolving cyber landscape and incorporating effective situational awareness into your resilience plan? If not now…when? Cybersecurity remains a top challenge and priority for CIOs – don’t ignore your land mobile radio system. By understanding which threats can impact your system, you can plan the appropriate response to cyber attacks. Plan an assessment to help you discover vulnerabilities and best practices to employ. And, invest in a streamlined patching process to help mitigate the threats.
Do you understand your system’s performance indicators and how to take action? Knowing what factors can influence call processing, coverage, equipment stability, false alarms, etc. provides an opportunity to analyze trends and optimize performance. What if you could correlate system information with external data sources to predict how your critical communications system will operate in various operating scenarios? Our recent webinar on Leveraging Performance Data for Operational Excellence explains more about how we’re working with customers to leverage data analytics and improve their system performance for better uptime and connectivity.
Is your network management fully automated? One of the easiest areas to improve network management efficiencies is with proper network monitoring and alerting to detect and diagnose problems. Not all system alerts are created equal. While there is a plethora of monitoring tools available on the market, it requires a combination of tools and skills to understand system behaviors. Knowing which alerts are important and having the knowledge database to effectively prioritize and respond correctly the first time can save thousands of staff hours in a year.
What’s your maintenance process? If you’re applying the “If it ain’t broke, don’t fix it” philosophy and letting your system run on auto-pilot, you’re increasing your chances to experience something bad happening that’s going to potentially be even more costly. Routine preventive maintenance is worth the investment to extend the lifespan of your technology and ensure optimal interoperability. Planned upgrades are also critical to ensure your system is able to support the increasing volume of data from the myriad of applications adopted.
Are you facing staffing challenges? Radio network management expertise is retiring faster than it can be replaced. Hiring comprehensive Cybersecurity expertise may be budget constraining in today’s competitive market. No one knows Motorola Solutions’ mission-critical networks better than Motorola Solutions. We are ready to assist you with over 4,000 specialists worldwide dedicated to ensure our customers’ mission critical systems are reliably operating 24x7x365 – spanning 100+ countries managing over 500,000 devices and over 10,000 sites.
I could go on with the list of questions to consider. It’s always a good practice to take some time and reflect how your organization is changing this year and ensure you have the right support in place.
Robert D. Buethe is MSSSI Global Vice President for Managed and Support Services