New cyber battleground: When geopolitics hits public safety networks

The primary driver of this new front is the alarming rise in Distributed Denial-of-Service (DDoS) attacks. According to the Australian Signals Directorate's Australian Cyber Security Centre (ASD's neACSC) Annual Cyber Threat Report 2024–25, the agency responded to over 200 denial-of-service or DDoS incidents—an increase of more than 280% from the previous year. For critical infrastructure, DDoS attacks are present almost twice as often as they are in other sectors.

The threat landscape is now being fundamentally altered by the introduction of Artificial Intelligence (AI) and autonomous tools.

Collapsed Time-to-Exploit (TTE): The emergence of advanced AI exploit engines has caused the Time-to-Exploit to collapse in under a day. For vulnerability management, this means that organizations can no longer rely on lengthy, routine patching cycles. The race to identify, patch, and remediate weaknesses must now operate at machine speed.

Expanded Capabilities: AI enables state-aligned and hacktivist groups to execute attacks at a larger scale, alter code to evade detection, and continuously scan for internet-facing vulnerabilities.

Botnet Scaling: Threat actors are targeting edge devices—such as IoT routers, firewalls, and VPNs—to build massive botnets, leveraging "living off the land" techniques to blend in with normal network traffic.

For the CISO, this constant barrage acts as a smokescreen, distracting security teams while a more sophisticated adversary attempts a deeper, more damaging intrusion.

While hacktivists make noise at the front door, sophisticated extortion groups are quietly picking the locks on the back windows. Ransomware and data theft pose a severe threat to operational continuity across the region.

• Increasing Incidents: The ASD's ACSC noted that critical infrastructure and vital networks remain a major focus for state-aligned groups. There has been a significant increase in the success rate of targeted compromises against agencies handling essential services.
• Convergence Nightmare: An intrusion starting on an enterprise IT network can easily pivot to Operational Technology (OT).
• LMR Vulnerability: Land Mobile Radio (LMR) networks are no longer isolated, air-gapped walled gardens. They increasingly connect to the broader enterprise via API intelligent middleware, CAD interfaces, remote diagnostics, and cloud applications. CISA-identified risks highlight that vulnerabilities in these connected systems can impact the LMR core, potentially disabling critical communications.

We saw a chilling example of this threat in 2025, when the Qilin ransomware syndicate attacked Fire and Rescue Services globally, showing the clear intent and capability of extortion groups to target emergency networks.

Defending against two distinct types of threats requires a layered, intelligent strategy. You cannot simply build a bigger wall; you must have the visibility and agility to fight in two directions at once.

1. Neutralise the DDoS Noise: Employ provider-led DoS mitigation services to filter malicious traffic before it reaches your network boundary. This preserves internal resources to hunt for more advanced threats.
2. Establish a VulnOps Capability: Adopt AI and automation internally to continuously identify and remediate vulnerabilities before threat actors can exploit them.
3. Reinforce the Core Against Ransomware: The best defence is mastering fundamentals: immutable backups, incident response and recovery plans, and strict network segmentation between IT and mission-critical OT environments.
4. Establish Unified Visibility: Consolidate the view across IT and LMR networks by utilizing our 24/7 Security Operations Center (SOC) equipped with expertise in both enterprise environments and mission-critical radio networks.
5. Leverage Proactive Threat Intelligence: You need to know what's coming over the horizon. Subscribing to threat intelligence services such as the Public Safety Threat Alliance, that specifically monitor threats to public safety and critical infrastructure is no longer a luxury. Understanding the tactics of groups like NoName057(16) and Qilin allows you to tailor your defenses before they launch an attack.

Motorola Solutions understands that cybersecurity and operational resiliency are inextricably linked. Our defense-in-depth approach provides visibility across the entire lifecycle: Identify, Protect, Advisory, Detect, Respond, and Recover.

Through our specialized P25 networks and mission-critical communications,, we enforce modern network segmentation so that an enterprise breach does not compromise the radio network or disable mission-critical channels. By coupling our services with continuous patching, managed detection and response (MDR), and active threat monitoring, we ensure that public safety agencies in ANZ remain resilient against the rapidly evolving threat landscape.