If your organization has ever wondered whether it is making measurable progress in combating cyber crime, you’re not alone.
The emergence of new technologies have lowered the bar for modern cybercriminals, expanding the cyber crime landscape beyond a limited group of skilled individuals. This widening pool of cybercriminals is creating new vulnerabilities and new threats on an almost daily basis. Amid this evolving reality, it can be difficult to keep up.
According to the seventh annual Allianz Risk Barometer Survey, cyber risk is now one of the top two global business risks. And there are a number of specific attack avenues organizations are increasingly concerned about:
Malware: Fake download links and phony email attachments – we’ve all seen them. When successful, these malware attacks enable criminals to take control of your machine, monitor actions and keystrokes, and send confidential data from your computer and network. Despite our knowledge of these sorts of attacks, nearly 100 percent of companies report having experienced some form of Malware crime. A recent malware attack on Allentown, Pennsylvania struck the city’s most critical systems – including surveillance camera networks – costing nearly $1 million and forcing the shutdown of some public safety operations.
Web-Based Attacks: Much like malware, the majority of organizations have experienced a web-based attack. Unfortunately, these types of crimes can cost companies 100 times more than malware annually. In fact, one recent event saw hackers steal 45 million records, costing the affected organization nearly $260 million.
Botnets: Blending the words “robot” and “network,” botnets are a network of “bots” that criminals can remotely manage to deploy malware, initiate attacks on websites and steal personal information. These attacks can infect a multitude of devices – devastating an organization. In fact, the recent Mirai botnet saw the shut down of major areas of the internet, including Twitter, Netflix and CNN, as well as the entire country of Liberia.
Lost and Stolen Devices: We do everything on our mobile devices and laptops – send emails and text messages, conduct banking, store personal and corporate information and more! With this wealth of information available, it’s no wonder that nearly 54 percent of the major data breaches tracked by federal regulators since 2009 have been the result of lost or stolen devices.
Denial of Service (DoS): Have you ever tried to access a website and failed? Ever tried to reach a number and got a busy signal? The website or phone line may have been the victim of a DoS attack. These attacks overload an organization’s web or telephony service, flooding it with more traffic than it can withstand. As a result, visitors attempting to access the service are unable to view its content or make a call. That was the case with recent attacks on administrative public safety answering points (PSAP) and emergency communications centers. Perpetrators launched a high volume of calls against the target networks, tying up the service and preventing legitimate calls.
Malicious Insiders: Taking a step beyond insider threats caused by employee negligence, malicious insiders include current or former employees, contractors or business associates looking to gain access to insider information on security practices, data and computer systems. These attacks are difficult to detect and remediation can be extremely costly – with fifty-three percent of companies estimating remediation costs of $100,000 or more and 12 percent estimating a cost of more than $1 million.
Ransomware: Much like it’s name conveys, ransomware takes over a computer and denies access to data unless a ransom is paid. These attacks pose a serious organizational threat, with more than one-quarter of cyber insurance claims resulting from ransomware attacks. And no one is immune. In 2017, WannaCry ransomware hit a number of high-profile targets around the world – impacting more than 300,000 organizations worldwide, with victims receiving a note demanding a ransom of $300 in bitcoin. PSAPs are not immune. Baltimore’s 9-1-1 dispatch system recently experienced a ransomware attack, with hackers infiltrating a server that runs the city’s CAD system for 9-1-1 and 3-1-1 calls, causing the city to revert to manual dispatching for nearly 24 hours. This attack is just one of a recent slew of attacks targeting municipal systems across the country.
In the world of cybersecurity, things are changing at a rapid pace. And while organizations continue to acknowledge the importance of protecting their networks, keeping up with reality can be a challenge. That’s where cyber “resilience” comes in. Moving beyond individual cybersecurity efforts, resilience looks at security as an integral part of an organization’s core business – enabling them to better prepare, prevent, respond and recover from cyber breaches.
Read the full Motorola Solutions White Paper here to learn more about cyber resilience and how your organization can better protect against the growing cyber threat.
Attending APCO? Please join me during the Cybersecurity information track (August 6, 4:30 - 5:30 PM) when I will present “Welcome to the ‘No FUD’ Zone”. During my talk I will explore real events, real impacts and offer a view of the trends in public safety technology to combat cyber threats, as well as what Public Safety personnel can do to help manage the risk.
Troy Mattern is AVP of Products and Services Cybersecurity at Motorola Solutions.
In 2018 Waukesha and Milwaukee County will be fully migrating to a joint P25 mission-critical, digital, radio system for first responders and dispatch personnel. The IP-based system has so many benefits over our previous analog systems not the least of which is our ability to talk across two counties and easily coordinate responses and investigations with multiple agencies. But this sophisticated technology, like all IP based technology, is vulnerable to cyber attacks from unauthorized users, looking to take down the system or hold the system ransom for money.
As we built the new radio system we realized we needed to take a look at our cyber security protocols and make sure we have the appropriate support in place to protect the system against potential impacts from cyber threats such as malware, phishing malicious code, botnets and unauthorized users. Routine software updates and patching is one of the best ways to protect a system. In fact, according to the Department of Homeland Security Cyber Emergency Unit, at least 85% of attacks can be prevented by routinely applying security patches.
To protect the system from cyber threats we use a security update service to manage the complexity. System managers review all available software patches, determine if they are necessary and then test them in their lab to make sure there will be no adverse effects on our system when the patches are implemented. When the upgrades are pushed out into the production environment, they are implemented systematically following a rigid set of protocols to make sure there are no unprotected areas of the system and the users are not impacted. This is beneficial because we have a highly available system, relied on by field and dispatch 24x7, and we need to minimize any downtime. It also controls the number of people who are touching the system and possibly opening the system up to outside intrusions.
Just knowing that there are individuals out there that are dedicated to watching the system, have a baseline for what normal traffic is, and can see when the spikes occur that require action definitely allows me, as an administrator of the system, to relax a little bit and focus on the things I need to focus on which is our people and future enhancements.
My advice to other system administrators is to make sure you know what your cyber security protocols are and make sure it's being done effectively because you do not want to be impacted by a downtime event. Today’s IP systems are much different than the old-school, siloed analog systems; everything is interconnected and vulnerable now. So, it is important to make sure that patches are being done by the people who are specifically designed to support that system.
I invite you to watch a newly released Waukesha County Communications operations video and hear from our people how we are keeping our system and our community safe and secure.
To learn more about the importance of cybersecurity and patching please attend Motorola Solutions’ Troy Mattern, VP of Cybersecurity Products and Services during APCO Cybersecurity Speaking Session: “Welcome to the ‘No FUD’ Zone” on August 6 at 4:30 PM - 5:30 PM.
Gary Bell, Director of Emergency Preparedness for Waukesha County Communications, Wisconsin.
From Equifax and Uber to Meltdown and Spectre, cyber attacks and data breaches are making headlines globally. As cyber crime continues to proliferate throughout both the public and private spheres, governments and businesses are becoming increasingly concerned about their cybersecurity – and with good reason.
While the total number of data breaches and record exposures often fluctuates, organizations are seeing a continued upward trend. According to the Identity Theft Resource Center, the number of U.S. data breaches tracked in 2017 hit a new record high, increasing from the previous high established in 2016 by nearly 45 percent and compromising more than 174 million records.
In addition, the cost of cyber crime is accelerating. The Center for Strategic and International Studies now estimates that the annual cost of cybercrime to the global economy is more than $400 billion USD. Rapid digitalization is expected to increase the cost of data breaches to more than $2 trillion globally by 2019.
Cyber threats have evolved rapidly in recent years and are no longer relegated to a limited number of skilled individuals. New threats such as “cyber hurricanes” – a single attack where hackers disrupt large numbers of companies through common internet infrastructure dependencies – mean businesses are more concerned than ever before. In addition, malware-for-hire, bot net, exploit kits and ransomware packages have lowered the bar for cybercriminals and created new vulnerabilities. Cyber risk has now moved into the top two global business risks, according to the seventh annual Allianz Risk Barometer Survey.
It is clear that cyber is becoming a critical threat to both governments – faced with a potential for undermined national security – and businesses – tasked with storing confidential customer and client information. The result is a growing focus on cybersecurity. Cybersecurity products and services are fueling the global market, with spending expected to reach $170 billion by 2020.
Despite the attention cyber attacks continue to garner and despite the growing calls for increased cybersecurity, many organizations struggle to comprehend and manage emerging cyber risks in today’s increasingly complex digital society. This is compounded by an emerging cybersecurity workforce gap. According to the Global Information Security Workforce Study, this gap is on pace to reach nearly 2 million by 2022. Already, 51 percent of agencies report that they could use at least one more employee to cover necessary data security tasks.
In a world which is increasingly dependent on digital technology and interconnectedness – developing resilience to withstand cyber attacks is critical to future success. Advanced cyber attack techniques, new attack vectors from open networks, an industry-wide lack of security expertise and a disconnect between spending on cyber tools and increased security are challenging the implementation of a holistic cyber strategy. Read the full Motorola White Paper here to learn more about the evolving cybersecurity landscape.
Troy Mattern is the Vice President for Product and Services Cybersecurity at Motorola Solutions.
When lives are on the line, you need reliable, secure, unbroken communications. From the most extreme moments to the day-to-day, emergency personnel depend on mission critical communications to do their jobs effectively and keep our communities safe – it is their lifeline.
Today, mission critical communication plays a vital role in enabling emergency personnel to stay connected and protect communities around the world. Public safety organizations and agencies – including national, local, state and regional police, fire, and emergency medical services – have long turned to narrowband, two-way radio for their mission critical communication needs. These land mobile radio (LMR) networks have long served to deliver proven, reliable voice communication in life-and-death situations.
However, public safety needs are evolving – and that evolution requires new forms of communication. The past fifteen years have seen advances in mobile broadband technology drive the growing demand for real time data. Within public safety, agencies are leveraging this advanced mobile intelligence to access video, pictures and location data to resolve incidents and make informed decisions in real time. As organizations continue to incorporate data into their workflow and mobile broadband plays a larger role in the mission critical communications mix, agencies may find themselves struggling to navigate the complex and ever-evolving mission critical public safety communications landscape.
More than 20 years ago, Motorola Solutions recognized the need for an efficient, easy-to-understand benchmark for evaluating technology choices. In response, we introduced the five Cs of critical communication – coverage, capacity, cost, control and capability. Today’s environment requires you to consider a sixth C – cybersecurity.
Together, these six Cs play an important role in effectively assessing mission critical communications. You want to make sure you make the best decisions for the people on the front lines. With a multitude of information discussing the pros and cons of both LMR and mobile broadband, making the right choice can seem like a daunting task.
But maybe it doesn’t have to be! In fact, many industry leaders argue that the right solution for public safety is to leverage both options in order to achieve mission critical communication success. Today, and in the near future, there is no one system that can successfully provide both mission critical voice and broadband data communications. As public safety agencies around the world explore different ways to address their needs for reliable communications, the solution is to leverage both LMR and mobile broadband. These serve as complementary technologies – with LMR providing essential mission critical voice communications and mobile broadband providing additional data-driven capabilities. Together, they provide a collaborative solution that is able to respond effectively and efficiently to today’s public safety communication needs.
By bridging these two technologies and connecting LMR and mobile broadband networks together, public safety agencies are creating forward-thinking, collaborative networks that address all of the six Cs of mission critical communications – coverage, capacity, cost, control, capabilities and cybersecurity.
Capacity: Are your communications systems capable of supporting everything and everyone they need to during times of crisis? Will calls be prioritized so the most important information gets through first? A successful mission critical communication system seamlessly handles mass call volumes, prioritizes important calls and ensures necessary agencies are able to access the network. It must be engineered to address peak usage and right-sized to your organization’s specific needs to ensure calls always get through – regardless of the circumstances. Current LMR networks are designed for emergencies with capacity calibrated for maximum usage. By including mobile broadband, your agency is able to extend your user base and ensure that all critical individuals are able to access the communications network.
Coverage: Does your system meet your unique geographical and performance requirements? No one can predict where the next incident will occur. You need a robust communication system with superior coverage across your entire jurisdiction and sufficient back-up and redundancies to prevent communication gaps and losses. Infrastructure should be easily supported and serviced to ensure your network stays up and running when it’s needed the most. As LMR devices transmit with more power, LMR networks often require less infrastructure to provide the same level of coverage. This streamlined infrastructure is easier to support. In addition, LMR devices also work in Direct Mode Operation (DMO) if the network does goes down, allowing them to communicate device-to-device. Running collaborative LMR and mobile broadband networks means you can have the mission critical voice and data coverage you really need. The resiliency of P25 LMR networks in Florida and Texas was proven during recent events – including Hurricane Irma and Hurricane Harvey – where the systems continued to operate with minimal disruption of coverage.
Control: How much control do you want over system requirements, design, features and operations? Is it important for your organization that your system is configured for a specific use case? Many public safety agencies want a high degree of authority over their systems. They want control over the coverage and capacity of the network. But they also want to control who has access to the system and who has priority, monitor what changes need to be made and when, and track the status of all users. In addition, these controlled networks streamline management and provide network health visibility at all times. Bridging your LMR and mobile broadband networks, giving you unified fleet maps, access rights and prioritizations means you have the control of your network you need.
Costs: How would your return on investment improve if your system supported both voice and data? Your agency doesn’t want to have to compromise mission critical features because of budgetary concerns. Analyzing the cost of both LMR and mobile broadband networks highlights two very unique, divergent financial structures. Traditionally, implementing an LMR network requires a larger one-time initial financial output to develop infrastructure, followed by ongoing, set monthly fees for upkeep and services. Conversely, subscribing to a commercial mobile broadband network is less expensive at the outset, but recurring airtime fees and other data charges can be unpredictable. Determining if the expense scales appropriately with the size of you fleet will be something you need to consider. In addition, mobile broadband requires more bandwidth than narrowband LMR systems, meaning additional sites may be needed to provide the same level of coverage. Building a plan based on collaboration between LMR and mobile broadband networks can provide your organization access to the most up-to-date communications technology for both voice and data and give you access to the capabilities you need while reducing your implementation and operational costs.
Capability: Voice is critical, but does your organization also need data capabilities? Through multiple generations of development and user experiences, LMR systems provide a number of functions essential to mission critical operations. Push-to-talk, intuitive design, rugged construction, unique ergonomics, advanced noise cancellation and high-capacity batteries are all features that have been incorporated into LMR devices with the customer’s environment in mind. Robust priority and pre-emption, dynamic grouping, even low-latency call setup are all inherent to LMR technology, ensuring that a critical call gets through. In addition, LMR technology is decentralized and built for resilience – if part of a network goes down or is disconnected from the rest, LMR continues to operate. Multiple levels of redundancy and fallback modes are built into the networks to minimize service disruptions under even the harshest of conditions. With a design philosophy born in delivering mission critical audio, LMR is unable to support the wide diversity of data-driven applications provided by mobile broadband. Today, 70 percent of agencies believe access to real-time date in the field is ‘critical.’ Mobile broadband continues to open up the world of video streaming and data applications, providing emergency personnel with access to real-time surveillance video, high-resolution photos, bi-directional vehicular video, and dynamic mapping and routing. This, in turn, is improving operational efficiency and promoting intelligent decision making. With LMR and mobile broadband providing their own set of unique capabilities, choosing between the two can be a challenge. By bridging both technologies, your organization is able to take advantage of the robust offerings provided by LMR and mobile broadband - mission critical voice and mission critical data. This synergy between voice and data is the future of mission critical communications.
Cybersecurity: Are your mission critical communications secure? Globally, the number of cybersecurity breaches has increased by nearly 30 percent annually. It is clear that security is a real concern for public safety agencies. As communication evolves to include voice, data and video capabilities, the risk of cyber attacks for both LMR and mobile broadband networks is expanding. Mobile broadbands’ variety of applications and internet connectivity introduces new opportunities for breaches. With LMR voice communications, the movement away from self-contained, proprietary technology toward IP-based infrastructure and broadband interconnectivity is increasing network “attack surfaces.”So whether you are utilising LMR, mobile broadband or both you need to be aware of cyber security threats. Fortunately, both LMR and mobile broadband networks continue to adapt to emerging cyber threats, including additional security measures, continued updates and innovative encryption services. Looking ahead, those networks that utilize security best practices and open standards will be better positioned to protect against cyber attacks.
When it comes to mission critical communications, having the right technology for the right operations is key. As data continues to proliferate and networks become increasingly complex, bridging LMR and mobile broadband enables your organization to combine their unique strengths into a blended network that best meets the complex demands of public safety. Leveraging the best of both LMR and mobile broadband ensures your organization has all of the six Cs of mission critical communications – coverage, capacity, cost, control, capabilities and cybersecurity.
John Kedzierski is Corporate Vice President of Systems and Infrastructure Solutions at Motorola Solutions.
(1) “5 Trends Transforming Public Safety Communications,” Motorola Solutions, 2015.
(2) “Cost of Cyber Crime Study,” Ponemon Institute and Accenture, 2017.
In a new whitepaper, we explain how agencies can shift to a holistic, risk-based approach to security and why it matters now more than ever.
Cyber “resilience” is a term you may have heard in the news lately. While most agencies acknowledge the importance of protecting their networks and are actively creating and refining policies to do so, they still tend to lag behind other industries in terms of overall security scores. So, what exactly is meant by cyber resilience and how can agencies use resilience principles to more effectively defend their infrastructure?
That’s the topic of our new whitepaper Cyber Resilience: Implementing A Holistic, Risk-Based Approach to Security and it’s well worth a read for anyone charged with protecting their agency’s data.
According to the Department of Homeland Security, resilience is “the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”
Cyber resilience is a perspective that marries information security, business continuity, and resilience. It aims to help government and business prepare, prevent, respond and recover from cyber breaches. It is also a wholesale shift in thinking from earlier, individual cybersecurity efforts such as anti-virus programs, firewalls, and perimeter security that were touted as cure-alls that could be bought, installed, and essentially forgot. Cyber resilience counsels that security is an integral part of an organization’s core business, its processes embedded in every level of day-to-day operations with complete buy-in from IT departments, all staff, and the most senior executives and board members.
Compare this to many security strategies in place today that are often driven by the response to specific attacks or the need to meet compliance requirements and deadlines—not by a holistic approach to risk-based security.
The whitepaper lays out four serious challenges to implementing a holistic, risk-based strategy including the advancement of cyber-attack techniques, the fact that spending on cyber tools alone doesn’t ensure security, new attack vectors from open, interconnected networks, and the industry-wide lack of security expertise to tackle the problem. It then argues that The National Institute of Standards and Technology (NIST) Cybersecurity Framework, is the best guide to help meet these challenges and manage cyber planning.
The whitepaper demonstrates how this framework can be simplified and adapted to meet your agency’s need. It then provides a realistic example of a public sector breach to explain how the framework can help agencies in all phases of resilience including Identify, protect, respond and recover.
Read the full Motorola Whitepaper here and learn why forward-looking agencies are shifting to a risk mindset, focusing on mitigation options, continuous monitoring, diagnosis and remediation to evolve security practices.
Troy Mattern is the Vice President for Product and Services Cybersecurity at Motorola Solutions.
It was a nightmare scenario: John Smith (name is changed) the director of a mid-size Midwest PSAP (Public-Safety Access Point), got a call in the middle of the night. His IT manager said there was a possible DDoS attack. Workstations and mobile data began to lock up quickly as the attack spread.
John’s first thought: we just invested in a bunch of anti-virus software and bought new, state of the art firewall and hardware solutions. How did this happen?
John’s experience is one faced by PSAP directors around the country and serves as a cautionary tale from a recent article authored by Motorola Solutions: An Introduction to Cybersecurity for the PSAP.
The article argues that too many PSAPs, like John’s, focus solely on software and hardware solutions instead of a comprehensive cybersecurity strategy. While technology is important, so are well-defined processes and fully trained staff. A thorough understanding and implementation of best practices from standards bodies such as APCO, NENA, CJIS, NIST, and others are also critical.
The article serves a high-level guide to help readers implement an end-to-end cybersecurity solution based on the NIST Cybersecurity framework, including technology, processes, and people.
One of the most important aspects of an end-to-end cyber strategy, according to the article, is getting a handle on its overall scope. PSAPs must define the systems and data to protect, looking at systems such as CAD, reporting, and telecom and especially often overlooked systems such as radio, mobile data applications and devices, access control systems, and IIoT devices. Once the full cybersecurity scope is defined, along with a full understanding of risks and threats, cybersecurity processes can be developed and put into place.
Well-run PSAPs closely adhere to a set of standard operating procedures (SOPs). Cybersecurity should be no different. A well-constructed SOP ensures smooth operations, especially during times of crisis, while helping to manage risk and liability. The SOPs also form the foundation for an employee training program, creating a written record that ensures everyone is clear on their responsibilities and roles within the cyber strategy.
People are the most important element in any cybersecurity strategy. That’s why it’s so important for all employees, not just the IT department, to understand their roles and be able to carry out their responsibilities according to the cyber SOP. Ongoing employee training and testing as well as continuously refreshed risk assessments are critical pieces of the SOP and integral to a successful cybersecurity strategy.
NIST Security Framework
Fortunately, the National Institutes of Standards and Technology (NIST) designed a framework to help agencies create cybersecurity strategies. The NIST Cybersecurity Framework defines the technologies, processes, and people necessary to create a PSAP SOP and provides guidance on five key areas: Identify, Protect, Detect, Respond, and Recover.
For PSAP Director John Smith, and other men and women throughout the country facing the same challenges, a detailed and complete end-to-end cybersecurity solution based on the NIST Framework is the best defense against cyber threats. By integrating technology with processes and people, PSAPs can take a proactive approach to cyber security and will never have to wonder how a devastating breach could have threatened their operations.
Read the full article, An Introduction to Cybersecurity for the PSAP.
Marilyn Barrios is the Senior Cybersecurity Training Specialist at Motorola Solutions.