Thousands of articles, videos and blogs have been written about the importance of software security patching. The simple fact is that most cyber-attacks are based on known system and software vulnerabilities. Patching can correct these vulnerabilities and safeguard your network from intrusions.
And yet around the world, many of us fail to make security patching a priority. This became eminently clear over the weekend in the largest cyber-attack ever. A ransomware known as “WannaCry” resulted in more than 45,000 attacks in at least 100 countries over a 48-hour window. Former Assistant Attorney General for National Security John Carlin stated, “The reason this is hitting so many computers at once is they [the hackers] discovered a vulnerability in the most popular operating system in the world...in Microsoft Windows.”
Companies that were up to date on their patching were not affected by the cyber attack that shocked not only private organizations such as telecom giant Spain's Telefonica, but also government and public safety mission-critical entities such as hospitals and clinics across the United Kingdom and the Andhra Pradesh police in India.
“The fact that so many organizations were vulnerable to this was quite a surprise,” said cyber expert and CEO of Capital Alpha Security in the United Kingdom Matt Tait. “This patch came out three months ago." Yes, Microsoft did announce a fix for the vulnerability, but not everyone acted or even took note when the announcement was made. Some were unaware. Others had budget or resource constraints or simply waited to address due to other priorities.
The main lesson from WannaCry outbreak? Don't delay patching--ever. The political, public relationship and most important, civilian ramifications are enormous, especially for mission-critical organizations that depend on sophisticated IP-based communication networks. Our dedicated security experts help our customers mitigate cybersecurity threats with validated security patches through our Security Update Service (SUS). We analyzed, vetted and released the patch which addressed the WannaCry vulnerability to our customer base shortly after its initial release by Microsoft. We installed it and others for customers who opt for remote security patching and encourage those with our self-install patching option to do so immediately and reboot servers if you already haven’t.
The good news is that a security researcher inadvertently discovered a 'kill switch' which has halted the spread of the initial worm that took the world by surprise. In our modern world of cyber-threats, none of us can afford to be complacent any longer. Security patching is one of the core, fundamental steps needed to safeguard your system from cyber threats. For more information, visit our cybersecurity services page.
Kelly Miller is Software and Security Product Manager at Motorola Solutions.
May 15-20th is Police Week in the US, a time to honor law enforcement personnel. Take the time to say thanks this week. “Walk in Your Shoes” is the first in a series where we will highlight our commitment to building experience focused software applications to support the important job of protecting citizens of this great nation.
Sirens blare as we speed to an incident; a 9-1-1 potential domestic abuse call requires us to proceed with caution; a downed tree on a conservation trail means we trek through a muddy field. I’ve experienced it all, as I have walked in the shoes of many different public safety personnel. This is an important part of my job at Motorola Solutions – experiencing and documenting the working environment of public safety personnel.
Showing up for roll call and getting assigned to shadow an officer for the day always gets my adrenaline pumping because each ride-along is unique. But what they all have in common is the ability for me to interact with public safety personnel in their environment, not a lab. I get to join police officers, firefighters, and EMS personnel as they go about their daily tasks while I observe, question, and learn about their interactions and technology needs.
From ride-alongs, walk-alongs, and station visits, the knowledge gained goes into the development of new mobile and handheld software applications and also helps our customers realize the full potential of a software platform. Spending 4-6 hours with an officer really gives me a sense of what their day is like. I watch them interact with their current equipment; understand what they like, what they do not like, what they wish they had. I document how new applications or changes to a current product can enhance their job function and then I work with design engineers to implement.
An example of something we learned from walking in our customers' shoes is the difference between law enforcement and fire incident management. As a result we do not have a one size fits all product. We have adapted the dashboard to make them different. The police dashboard offers field initiation and queries while the Fire Dashboard is more status monitor focused.
As a software product manager, having the ability to spend time with end users has resulted in the PremierOne Mobile and Handheld software portfolio being intuitive and easy to use. In the words of the Ventura Police Department, California:
“PremierOne is so much more user-friendly than anything we’ve seen or used before. Everything is right at your fingertips both for dispatchers and for officers in the field. Once you enter a call and are looking at an incident, you can click on tabs to get everything you need about the incident, such as prior incident information, potential hazards, maps, and multimedia attachments. It’s much easier to operate the system to get the job done.”
– Commander David Wilson, Ventura PD, California.
For more information, check out the Ventura PD Case study.
Julie Folden is Mobility Product Manager at Motorola Solutions.
Her job is to understand and document the daily activities of police, fire, and EMS personnel to help software development teams to create the best mobile and handheld applications for both today and tomorrow. She takes her job seriously having completed over 500 public safety experiential visits over the past 15 years.
I recently attended IWCE, a conference focused on educating end-users and operators on the trends and evolving technologies taking place with Land Mobile Radio (LMR) systems. My mission at the show was to increase cybersecurity awareness. LMR systems are no longer entirely closed networks or immune from cyber threats. If anything, serving as a mission-critical, communication component for government and public safety agencies, they have a propensity of gaining the attention of hackers. Government entities are being attacked at twice the rate of other industries across the board.
My goal was to raise awareness about the importance of proactive cybersecurity measures for LMR systems with a live hacking demonstration. From my demos, here were the common insights I gleaned from the LMR end-users and system operators I met:
Cybersecurity education is still needed. Only a small subset of those I spoke to had a sound understanding of their LMR system’s level of risk. Others were aware that their systems are now vulnerable to cyber threats. However, they were not knowledgeable of how their system can be compromised; their risk posture; or how to protect their systems from and respond to cyber intrusions.
Hackers aren’t that sophisticated. Most of the individuals I spoke to weren’t aware that you don’t have to be a brilliant hacker to create something that can comprise a system. Without a great deal of knowledge, hackers can create an exploit that can work on a LMR system. Everything needed is available through a few clicks of the button. A conference attendee that person I spoke to said, “I had no idea it was that simple!”
Chaos and disruption is the end goal. During my demo, I reviewed various examples of the actions hackers can take once in their systems. I explained how a hacker can upload code to overwrite operating software files to disrupt the network, launch web browser that redirect system users to a malicious website, and execute commands that can remotely shutdown and reboot a system server. Most system assaults are directed at disrupting communication at some level.
Most successful attacks are based on known vulnerabilities. The “A Ha!!” moment came when I pointed out that most attacks are based on known system vulnerabilities – 75% according to the Center for Strategic and International Studies. However, the good news is that these vulnerabilities have patches that can be applied to systems. Security patching is one of the first and important steps anyone can take to mitigate cybersecurity threats.
From my conversations at the show, the LMR end-users and operators I spoke to are more aware that their systems are vulnerable to cyber intrusions. However, it’s important that everyone understands their system’s risk posture and how to proactively address cyber threats. There isn’t room for complacency when safeguarding a mission-critical, LMR system. While there are many strategies and options available, there is one action everyone should take to mitigate cyber threats—regular security patching. For our customers, we offer this service with rigor by pre-testing and validating all required patches to ensure they don’t cause any disruption when installed. If you don’t patch, you’re at greater risk to get hacked. Why let that happen? Learn more at motorolasolutions.com/cybersecurity.
Wendell Robinson is Lead Cybersecurity Services Manager at Motorola Solutions.
April is 9-1-1 Education Month. Throughout the month this blog series will highlight different aspects of the emergency response process, including what happens when you text or call 9-1-1, and will pay tribute to the women and men behind the phones. This April, take some time to learn something new about America’s emergency response system.
In late December 2014, Shannell Anderson was delivering papers in Atlanta around 4 a.m when she accidentally drove into a lake. She did what anyone would do, she took out her cell phone and dialed 9-1-1. Unfortunately, her call was routed to a neighboring county’s 9-1-1 center and her location wasn’t showing up on the dispatcher’s maps. Shannell knew her exact cross streets, but unfortunately the dispatcher wasn’t familiar with the area and didn’t have access to good wireless caller location or map data.
It ultimately took responders over 20 minutes to get to her, and she tragically died a week later in the hospital. Unfortunately, and surprisingly to some, this story isn’t unique to Shannell. This story highlights some important facts to consider when you are calling 9-1-1 from a mobile phone.
RAPIDSOS + MOTOROLA SOLUTIONS: SOLVING THE MOBILE LOCATION CHALLENGE
The first thing dispatchers ask you when you call 9-1-1 is “What’s the location of your emergency?” That is because if you are calling from a mobile phone, the location information that dispatchers initially receive is based on the location of the cell-tower, not the caller, and can be of limited use in pinpointing a caller’s location, especially for calls made from indoor environments. The FCC estimates that over 10,000 lives could be saved annually with better location data. As people ditch landlines and rely solely on their mobile phones, the location technologies used by wireless carriers are just not quick enough to provide timely, accurate caller location.
INTRODUCING AN INTEGRATED SOLUTION FOR FASTER, MORE ACCURATE 9-1-1 LOCATION
Through the RapidSOS integration with Motorola Solutions Emergency CallWorks software, call takers are able to query the RapidSOS NG911 (Next Generation 9-1-1) Clearinghouse to get precise handset location for 9-1-1 calls through technology that is already installed on millions of smartphone devices (no app required!). Rather than relying on imprecise and often delayed Phase 2 location, dispatchers are now able to get more closer and faster location that automatically updates.
Location from RapidSOS does not rely on a singular source like GPS (which only works outdoors) or cell tower triangulation (which works everywhere, but is very imprecise). Instead, RapidSOS leverages all enabled sensors on the device, including WiFi access Points, Bluetooth beacons and more. For the first time in Public Safety, location accuracy will be similar to the capabilities of commercial hybrid location services like Google Maps that citizens are used to.
It doesn’t stop at location for wireless 9-1-1 calls. Motorola Solutions is working to integrate the full capabilities of the RapidSOS NG9-1-1 Clearinghouse into the entire emergency response workflow so first responders have unprecedented situational awareness.
Want to learn more? Attend the upcoming Motorola Solutions Smart Public Safety Webinar about how RapidSOS and Motorola are working together to provide precise location and enhanced data to 9-1-1 call takers, dispatchers and first responders through the newest version of Emergency CallWorks products.
Reinhard Ekl is RapidSOS Director of Product and 9-1-1.
April is 9-1-1 Education Month. Throughout the month this blog series will highlight many aspects of the emergency response and pay tribute to the men and women behind the call for help.
Within the deaf community, the process to get emergency help can be cumbersome. It often requires the hearing-disabled person to use an older analog TDD system or contact a 711 relay center which then translates text and voice between a deaf individual and the 9-1-1 operator.
Technology has evolved over the years whereas TTY devices have commonly become less essential for day to day interactions for the hearing or speech disabled. Many now use mobile apps, instant messaging, E-mail, video chat or text messages as a form of communications with close family, friends and other associates.
The latest technology, Text to 9-1-1, can be a life and time saving tool for about 15% of the population(1), those suffering from a hearing loss. The person in need simply uses a familiar cell phone text process to send a message directly to the 9-1-1 center. No need to go through a relay center or use antiquated analog TDD technology.
Empowering citizens in uncomfortable situations to contact our 9-1-1 center in the most convenient way possible is Waukesha County’s goal. What we want to teach our citizens is “CALL IF YOU CAN, TEXT IF YOU CAN’T “. A voice call is still the best choice since the dialog between the dispatcher and citizen is valuable, but text is a viable alternative and critical for those who are unable to speak.
Not only can Text to 9-1-1 help the hearing and speech disabled community, but it is also a critical tool for those in difficult situations where a voice call might put them in harm’s way, for example a home invasion or domestic abuse.
Whereas the Text to 9-1-1 can be a life saving addition to any 9-1-1- system, there are some limitations. Carriers do not provide location information with a text, so it is imperative the user sends location information along with the call for help. And just like regular text messages, they can take longer to receive and may be received out of order or not at all.
Only about 700 of the over 5800 PSAPS in the US have text to 9-1-1 capabilities. This technology is a critical addition to any NG9-1-1 system, not as a standalone system but as an integrated, public safety grade process with other voice handling operations. Answering the call from the hearing and speech disabled community is a critical benefit of adding Text-to 9-1-1.
Gary Bell, ENP, Director of the Waukesha County Department of Emergency Preparedness.
Waukesha County, Wisconsin recently went live (March 2017) with a public safety grade text to 9-1-1 solution utilizing Motorola Solutions Emergency CallWorks 9-1-1 system. Our system can now receive voice calls and text messages. Currently Waukesha, along with the rest of the state of Wisconsin does not receive MMS messaging to include: group text, pictures or videos but through an ESINet implementation, plans to address this in the future.
For more information on Waukesha County Text to 9-1-1 capabilities check out the following news articles:
If you’re operating a mission-critical network with hundreds to thousands of APX radios, you already know that device management is an arduous undertaking. With all the maintenance, programming and changes you make, it still doesn’t guarantee you’ll maximize performance. How can you ensure your devices operate effectively and that every critical call gets through?
If you don’t have the time and resources to adequately support your mission-critical devices, you should seek experienced resources that can help. You can now enlist device management experts at Motorola Solutions who can expedite programming, ensure correct connectivity, help you take advantage of all the applications available to you, and provide the right hardware and software support needed.
Top Three Reasons To Seek Expert Device Management Services:
If minimizing downtime, increasing operational readiness and lowering your costs related to managing your two-way radio fleet sounds appealing, discover how we can help you today with APX Services.
We also held a webinar on Improving Device Management that expands further on how you can take action to improve your land mobile radio performance.
Robert D. Buethe is MSSSI Global Vice President for Managed and Support Services.