Your session has expired.

Your authenticated session has expired due to inactivity. You can close this message and continue as a guest or log in again before proceeding.

FRESH IDEAS IN PUBLIC SAFETY


    Specified user is not valid
    Publish
     
      • Cyber Attack Techniques Continue to Evolve and Advance

        Published 13 days ago by Troy Mattern
        • Cybersecurity
        • Services

        If your organization has ever wondered whether it is making measurable progress in combating cyber crime, you’re not alone.

        The emergence of new technologies have lowered the bar for modern cybercriminals, expanding the cyber crime landscape beyond a limited group of skilled individuals. This widening pool of cybercriminals is creating new vulnerabilities and new threats on an almost daily basis. Amid this evolving reality, it can be difficult to keep up.

        According to the seventh annual Allianz Risk Barometer Survey, cyber risk is now one of the top two global business risks. And there are a number of specific attack avenues organizations are increasingly concerned about:

        1. Malware: Fake download links and phony email attachments – we’ve all seen them. When successful, these malware attacks enable criminals to take control of your machine, monitor actions and keystrokes, and send confidential data from your computer and network. Despite our knowledge of these sorts of attacks, nearly 100 percent of companies report having experienced some form of Malware crime. A recent malware attack on Allentown, Pennsylvania struck the city’s most critical systems – including surveillance camera networks – costing nearly $1 million and forcing the shutdown of some public safety operations.

        2. Web-Based Attacks: Much like malware, the majority of organizations have experienced a web-based attack. Unfortunately, these types of crimes can cost companies 100 times more than malware annually. In fact, one recent event saw hackers steal 45 million records, costing the affected organization nearly $260 million.

        3. Botnets: Blending the words “robot” and “network,” botnets are a network of “bots” that criminals can remotely manage to deploy malware, initiate attacks on websites and steal personal information. These attacks can infect a multitude of devices – devastating an organization. In fact, the recent Mirai botnet saw the shut down of major areas of the internet, including Twitter, Netflix and CNN, as well as the entire country of Liberia.

        4. Lost and Stolen Devices: We do everything on our mobile devices and laptops – send emails and text messages, conduct banking, store personal and corporate information and more! With this wealth of information available, it’s no wonder that nearly 54 percent of the major data breaches tracked by federal regulators since 2009 have been the result of lost or stolen devices.

        5. Denial of Service (DoS): Have you ever tried to access a website and failed? Ever tried to reach a number and got a busy signal? The website or phone line may have been the victim of a DoS attack. These attacks overload an organization’s web or telephony service, flooding it with more traffic than it can withstand. As a result, visitors attempting to access the service are unable to view its content or make a call. That was the case with recent attacks on administrative public safety answering points (PSAP) and emergency communications centers. Perpetrators launched a high volume of calls against the target networks, tying up the service and preventing legitimate calls.

        6. Malicious Insiders: Taking a step beyond insider threats caused by employee negligence, malicious insiders include current or former employees, contractors or business associates looking to gain access to insider information on security practices, data and computer systems. These attacks are difficult to detect and remediation can be extremely costly – with fifty-three percent of companies estimating remediation costs of $100,000 or more and 12 percent estimating a cost of more than $1 million.

        7. Ransomware: Much like it’s name conveys, ransomware takes over a computer and denies access to data unless a ransom is paid. These attacks pose a serious organizational threat, with more than one-quarter of cyber insurance claims resulting from ransomware attacks. And no one is immune. In 2017, WannaCry ransomware hit a number of high-profile targets around the world – impacting more than 300,000 organizations worldwide, with victims receiving a note demanding a ransom of $300 in bitcoin. PSAPs are not immune. Baltimore’s 9-1-1 dispatch system recently experienced a ransomware attack, with hackers infiltrating a server that runs the city’s CAD system for 9-1-1 and 3-1-1 calls, causing the city to revert to manual dispatching for nearly 24 hours. This attack is just one of a recent slew of attacks targeting municipal systems across the country.

        In the world of cybersecurity, things are changing at a rapid pace. And while organizations continue to acknowledge the importance of protecting their networks, keeping up with reality can be a challenge. That’s where cyber “resilience” comes in. Moving beyond individual cybersecurity efforts, resilience looks at security as an integral part of an organization’s core business – enabling them to better prepare, prevent, respond and recover from cyber breaches.

        Read the full Motorola Solutions White Paper here to learn more about cyber resilience and how your organization can better protect against the growing cyber threat.

        Attending APCO? Please join me during the Cybersecurity information track (August 6, 4:30 - 5:30 PM) when I will present “Welcome to the ‘No FUD’ Zone”. During my talk I will explore real events, real impacts and offer a view of the trends in public safety technology to combat cyber threats, as well as what Public Safety personnel can do to help manage the risk.

        Troy Mattern is AVP of Products and Services Cybersecurity at Motorola Solutions.

      • Security Updates Can Prevent Cyber Attacks

        Published 15 days ago by Gary Bell
        • Cybersecurity
        • Services

        In 2018 Waukesha and Milwaukee County will be fully migrating to a joint P25 mission-critical, digital, radio system for first responders and dispatch personnel. The IP-based system has so many benefits over our previous analog systems not the least of which is our ability to talk across two counties and easily coordinate responses and investigations with multiple agencies. But this sophisticated technology, like all IP based technology, is vulnerable to cyber attacks from unauthorized users, looking to take down the system or hold the system ransom for money.

        As we built the new radio system we realized we needed to take a look at our cyber security protocols and make sure we have the appropriate support in place to protect the system against potential impacts from cyber threats such as malware, phishing malicious code, botnets and unauthorized users. Routine software updates and patching is one of the best ways to protect a system. In fact, according to the Department of Homeland Security Cyber Emergency Unit, at least 85% of attacks can be prevented by routinely applying security patches.  

        To protect the system from cyber threats we use a security update service to manage the complexity. System managers review all available software patches, determine if they are necessary and then test them in their lab to make sure there will be no adverse effects on our system when the patches are implemented. When the upgrades are pushed out into the production environment, they are implemented systematically following a rigid set of protocols to make sure there are no unprotected areas of the system and the users are not impacted. This is beneficial because we have a highly available system, relied on by field and dispatch 24x7, and we need to minimize any downtime. It also controls the number of people who are touching the system and possibly opening the system up to outside intrusions.  

        Just knowing that there are individuals out there that are dedicated to watching the system, have a baseline for what normal traffic is, and can see when the spikes occur that require action definitely allows me, as an administrator of the system, to relax a little bit and focus on the things I need to focus on which is our people and future enhancements.  

        My advice to other system administrators is to make sure you know what your cyber security protocols are and make sure it's being done effectively because you do not want to be impacted by a downtime event.  Today’s IP systems are much different than the old-school, siloed analog systems; everything is interconnected and vulnerable now. So, it is important to make sure that patches are being done by the people who are specifically designed to support that system.

        I invite you to watch a newly released Waukesha County Communications operations video and hear from our people how we are keeping our system and our community safe and secure.  

        To learn more about the importance of cybersecurity and patching please attend Motorola Solutions’ Troy Mattern, VP of Cybersecurity Products and Services during APCO Cybersecurity Speaking Session: “Welcome to the ‘No FUD’ Zone” on August 6 at 4:30 PM - 5:30 PM.

        Gary Bell, Director of Emergency Preparedness for Waukesha County Communications, Wisconsin.

      • When Complexity is Managed, Calm Prevails.

        Published 47 days ago by Josie Slaughter
        • Services

        Expertise, vigilance and responsiveness in managing your mission critical communication system can give people back the time and peace of mind they need to be their best.

        Ever had a leaky faucet? A broken toilet? It happens in our homes, often at an inconvenient time. You have two ways to fix the problem, do-it-yourself or call an expert. Doing it yourself often requires multiple trips to the hardware store, reading a few manuals, searching on line, giving up a few hours of your time and experiencing a lot of frustration. Calling in an expert you trust means the job gets done right, you can go about your daily activities and you eliminate irritations; staying calm. 

        Do-It-Yourself Can Lead to Worry and Frustration

        Much like a leaky faucet but on a grander scale, a mission critical communications system is a complex set of technologies woven together. Managing all the complexity can cause your work teams to constantly need to develop new skill sets, worry about what might happen next, address fire drills and become frustrated and exhausted keeping everything working right.  

        Use Experts to Manage the Complexity 

        When a natural disaster strikes such as a tornado, flood or hurricane, you’ve purposely designed your communication network to be always available keeping your workforce mobilized end-to-end.

        But even with all of the best plans, natural disasters can tax a system as complex as a public safety communication system. Off-loading the seamless deployment and management of your communication system to a trusted, capable partner can leave your team free to focus, on your operations, the mission and not the systems you use. A team of specialists will work side-by-side with your team, anticipating problems before they are problems and putting corrective actions into place. Now you can simplify the complexity of deploying and managing technology with support from mission-critical communication experts, who deliver an always on, resilient, private and secure communication network. 

        Let Calm Prevail

        Having a comprehensive service plan is not just about managing the technology; it is about giving your organization back time and peace of mind. Allowing your personnel to feel calm and confident that the right plans are in place, the right people with the right skills are on the job and peace of mind that everything will work. It’s what it feels like when you trust your technology partner and move forward with minimal second guesses or what if’s.

        Free your teams to move faster and think further ahead with mission critical communications that maximize your operational efficiencies. Watch Manage the Complexity. Calm Prevails.

        Josie Slaughter is Head of Services Marketing at Motorola Solutions.

        Check out our Managed and Support Service offerings and get peace of mind from a company you trust.

      • The Evolving Landscape of Cybersecurity

        Published 48 days ago by Troy Mattern
        • Cybersecurity
        • Services

        From Equifax and Uber to Meltdown and Spectre, cyber attacks and data breaches are making headlines globally. As cyber crime continues to proliferate throughout both the public and private spheres, governments and businesses are becoming increasingly concerned about their cybersecurity – and with good reason.

        While the total number of data breaches and record exposures often fluctuates, organizations are seeing a continued upward trend. According to the Identity Theft Resource Center, the number of U.S. data breaches tracked in 2017 hit a new record high, increasing from the previous high established in 2016 by nearly 45 percent and compromising more than 174 million records.

        In addition, the cost of cyber crime is accelerating. The Center for Strategic and International Studies now estimates that the annual cost of cybercrime to the global economy is more than $400 billion USD. Rapid digitalization is expected to increase the cost of data breaches to more than $2 trillion globally by 2019.

        Cyber threats have evolved rapidly in recent years and are no longer relegated to a limited number of skilled individuals. New threats such as “cyber hurricanes” – a single attack where hackers disrupt large numbers of companies through common internet infrastructure dependencies – mean businesses are more concerned than ever before. In addition, malware-for-hire, bot net, exploit kits and ransomware packages have lowered the bar for cybercriminals and created new vulnerabilities. Cyber risk has now moved into the top two global business risks, according to the seventh annual Allianz Risk Barometer Survey.

        It is clear that cyber is becoming a critical threat to both governments – faced with a potential for undermined national security – and businesses – tasked with storing confidential customer and client information.  The result is a growing focus on cybersecurity. Cybersecurity products and services are fueling the global market, with spending expected to reach $170 billion by 2020.

        Despite the attention cyber attacks continue to garner and despite the growing calls for increased cybersecurity, many organizations struggle to comprehend and manage emerging cyber risks in today’s increasingly complex digital society. This is compounded by an emerging cybersecurity workforce gap. According to the Global Information Security Workforce Study, this gap is on pace to reach nearly 2 million by 2022. Already, 51 percent of agencies report that they could use at least one more employee to cover necessary data security tasks.

        In a world which is increasingly dependent on digital technology and interconnectedness – developing resilience to withstand cyber attacks is critical to future success. Advanced cyber attack techniques, new attack vectors from open networks, an industry-wide lack of security expertise and a disconnect between spending on cyber tools and increased security are challenging the implementation of a holistic cyber strategy. Read the full Motorola White Paper here to learn more about the evolving cybersecurity landscape.

        Troy Mattern is the Vice President for Product and Services Cybersecurity at Motorola Solutions.

      • How Cyber Resilient Is Your Agency?

        Published Jun 13 2018, 1:38 PM by Troy Mattern
        • Cybersecurity
        • Services

        In a new whitepaper, we explain how agencies can shift to a holistic, risk-based approach to security and why it matters now more than ever.

        Cyber “resilience” is a term you may have heard in the news lately. While most agencies acknowledge the importance of protecting their networks and are actively creating and refining policies to do so, they still tend to lag behind other industries in terms of overall security scores. So, what exactly is meant by cyber resilience and how can agencies use resilience principles to more effectively defend their infrastructure?

        That’s the topic of our new whitepaper Cyber Resilience: Implementing A Holistic, Risk-Based Approach to Security and it’s well worth a read for anyone charged with protecting their agency’s data.   

        According to the Department of Homeland Security, resilience is “the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”

        Cyber resilience is a perspective that marries information security, business continuity, and resilience. It aims to help government and business prepare, prevent, respond and recover from cyber breaches. It is also a wholesale shift in thinking from earlier, individual cybersecurity efforts such as anti-virus programs, firewalls, and perimeter security that were touted as cure-alls that could be bought, installed, and essentially forgot. Cyber resilience counsels that security is an integral part of an organization’s core business, its processes embedded in every level of day-to-day operations with complete buy-in from IT departments, all staff, and the most senior executives and board members.

        Compare this to many security strategies in place today that are often driven by the response to specific attacks or the need to meet compliance requirements and deadlines—not by a holistic approach to risk-based security.

        The whitepaper lays out four serious challenges to implementing a holistic, risk-based strategy including the advancement of cyber-attack techniques, the fact that spending on cyber tools alone doesn’t ensure security, new attack vectors from open, interconnected networks, and the industry-wide lack of security expertise to tackle the problem. It then argues that The National Institute of Standards and Technology (NIST) Cybersecurity Framework, is the best guide to help meet these challenges and manage cyber planning.

        The whitepaper demonstrates how this framework can be simplified and adapted to meet your agency’s need. It then provides a realistic example of a public sector breach to explain how the framework can help agencies in all phases of resilience including Identify, protect, respond and recover.

        Read the full Motorola Whitepaper here and learn why forward-looking agencies are shifting to a risk mindset, focusing on mitigation options, continuous monitoring, diagnosis and remediation to evolve security practices.

        Troy Mattern is the Vice President for Product and Services Cybersecurity at Motorola Solutions.

      • Technology, Process, and People: Proactive Cybersecurity for PSAPs

        Published Apr 13 2018, 2:35 PM by Marilyn Barrios
        • NG9-1-1 Dispatch
        • Cybersecurity
        • Services

        It was a nightmare scenario: John Smith (name is changed) the director of a mid-size Midwest PSAP (Public-Safety Access Point), got a call in the middle of the night. His IT manager said there was a possible DDoS attack. Workstations and mobile data began to lock up quickly as the attack spread.

        John’s first thought: we just invested in a bunch of anti-virus software and bought new, state of the art firewall and hardware solutions. How did this happen?

        John’s experience is one faced by PSAP directors around the country and serves as a cautionary tale from a recent article authored by Motorola Solutions: An Introduction to Cybersecurity for the PSAP.

        The article argues that too many PSAPs, like John’s, focus solely on software and hardware solutions instead of a comprehensive cybersecurity strategy. While technology is important, so are well-defined processes and fully trained staff. A thorough understanding and implementation of best practices from standards bodies such as APCO, NENA, CJIS, NIST, and others are also critical.

        The article serves a high-level guide to help readers implement an end-to-end cybersecurity solution based on the NIST Cybersecurity framework, including technology, processes, and people.

        Technology

        One of the most important aspects of an end-to-end cyber strategy, according to the article, is getting a handle on its overall scope. PSAPs must define the systems and data to protect, looking at systems such as CAD, reporting, and telecom and especially often overlooked systems such as radio, mobile data applications and devices, access control systems, and IIoT devices. Once the full cybersecurity scope is defined, along with a full understanding of risks and threats, cybersecurity processes can be developed and put into place.

        Processes

        Well-run PSAPs closely adhere to a set of standard operating procedures (SOPs). Cybersecurity should be no different. A well-constructed SOP ensures smooth operations, especially during times of crisis, while helping to manage risk and liability. The SOPs also form the foundation for an employee training program, creating a written record that ensures everyone is clear on their responsibilities and roles within the cyber strategy.

        People

        People are the most important element in any cybersecurity strategy. That’s why it’s so important for all employees, not just the IT department, to understand their roles and be able to carry out their responsibilities according to the cyber SOP. Ongoing employee training and testing as well as continuously refreshed risk assessments are critical pieces of the SOP and integral to a successful cybersecurity strategy.

        NIST Security Framework

        Fortunately, the National Institutes of Standards and Technology (NIST) designed a framework to help agencies create cybersecurity strategies. The NIST Cybersecurity Framework defines the technologies, processes, and people necessary to create a PSAP SOP and provides guidance on five key areas: Identify, Protect, Detect, Respond, and Recover.

        For PSAP Director John Smith, and other men and women throughout the country facing the same challenges, a detailed and complete end-to-end cybersecurity solution based on the NIST Framework is the best defense against cyber threats. By integrating technology with processes and people, PSAPs can take a proactive approach to cyber security and will never have to wonder how a devastating breach could have threatened their operations.

        Read the full article, An Introduction to Cybersecurity for the PSAP.

        Marilyn Barrios is the Senior Cybersecurity Training Specialist at Motorola Solutions.

      3 pages