Log out

Session expired

Your reply has been posted successfully!

Blog

Publish
 
    • Insights From a Live Hacking Demonstration and Why Security Patching is Critical Author: Paul Hill

      Published Jun 30 2017, 10:31 AM by Paul Jeffs

      Earlier this year I attended Critical Communications Europe, a conference focused on educating end-users and operators on the trends and evolving technologies in mission critical communications, especially TETRA. My mission at the show was to increase cybersecurity awareness. LMR systems like TETRA are no longer entirely closed networks or immune from cyber threats. If anything, serving as a mission-critical, communication component for government and public safety agencies, they have a propensity of gaining the attention of hackers. Government entities are being attacked at twice the rate of other industries across the board.

      Cyber Resilience White Paper

      My goal was to raise awareness about the importance of proactive cybersecurity measures for LMR systems with a live hacking demonstration. From my demos, here were the common insights I gleaned from the LMR end-users and system operators I met:

      Cybersecurity education is still needed. Only a small subset of those I spoke to had a sound understanding of their LMR system’s level of risk. Others were aware that their systems are now vulnerable to cyber threats. However, they were not knowledgeable of how their system can be compromised; their risk posture; or how to protect their systems from and respond to cyber intrusions.

      Hackers aren’t that sophisticated. Most of the individuals I spoke to weren’t aware that you don’t have to be a brilliant hacker to create something that can comprise a system. Without a great deal of knowledge, hackers can create an exploit that can work on a LMR system. Everything needed is available through a few clicks of the button. A conference attendee that person I spoke to said, “I had no idea it was that simple!”

      Chaos and disruption is the end goal. During my demo, I reviewed various examples of the actions hackers can take once in their systems. I explained how a hacker can upload code to overwrite operating software files to disrupt the network, launch web browser that redirect system users to a malicious website, and execute commands that can remotely shutdown and reboot a system server. Most system assaults are directed at disrupting communication at some level.

      Most successful attacks are based on known vulnerabilities. The “A Ha!!” moment came when I pointed out that most attacks are based on known system vulnerabilities – 75% according to the Center for Strategic and International Studies. However, the good news is that these vulnerabilities have patches that can be applied to systems. Security patching is one of the first and important steps anyone can take to mitigate cybersecurity threats.

      From my conversations at the show, the end-users and operators I spoke to are more aware that their systems are vulnerable to cyber intrusions. However, it’s important that everyone understands their system’s risk posture and how to proactively address cyber threats. There isn’t room for complacency when safeguarding a mission-critical, LMR system. While there are many strategies and options available, there is one action everyone should take to mitigate cyber threats—regular security patching. For our customers, we offer this service with rigour by pre-testing and validating all required patches to ensure they don’t cause any disruption when installed. If you don’t patch, you’re at greater risk to get hacked. Why let that happen? Learn more at motorolasolutions.com/cybersecurity.

      Paul Hill is Security Services Delivery Lead

       

      Paul Hill

      Paul is on LinkedIn

       

      Follow #ThinkPublicSafety, #Cybersecurity and @MotSolsEMEA on Twitter.

      Join our community

       

    • 5 Cloud Security Myths Debunked Author: Tunde Williams

      Published Jun 15 2017, 1:30 PM by Paul Jeffs

      Once viewed with a great deal of scepticism, the public cloud is now mainstream. Today, more than 80% of UK organisations have adopted at least one cloud service (source: Cloud Industry Forum). Yet, despite the growing adoption, fear, doubt and uncertainty persist around cloud deployments.  Given the potentially transformative benefits of the cloud, I think it is important that we challenge the myths and get to the facts. Let’s take a look at some of the common myths.

      #1 There are more data breaches in the cloud
      According to the Spring 2014 Alert Logic Cloud Security Report, both on-premise and cloud hosting providers (CHP) saw a dramatic increase in vulnerability scans from 2012 to 2013, with CHPs having a slightly greater increase. But depending on the type of attack, such as malware and botnets, on-premise deployments were far more susceptible.

      Cloud vs On Premise?

      Source: Alert Logic Cloud Security Report, 2014

      #2 Cloud is less secure than on-premise solutions
      Public cloud providers benefit from economies of scale and investment resources to deploy and maintain cutting edge security technology. For example, most cloud service providers have better physical security for their datacentres than most companies have for their own facilities. Across both security and compliance, global public cloud providers are able to invest massive amounts of resources that exceed what any one individual organisation can realistically deploy.

      #3 You lose control of your data when it is in the cloud
      Cloud vendors are not all the same. Terms and conditions and contracts setup between the consumer and the cloud service provider must affirm that you maintain ownership of all data that is ingested or generated from using the service. Furthermore, the contract should prohibit access, sharing or sub-licensing of your data for any reason other than it being used in conjunction with your application subscriptions and comply with the General Data Protection Regulation (GDPR) which goes into effect on 25 May 2018.

      #4 The cloud is going to cost you significantly more
      Cloud deployments reduce operational expense by minimising your need for complex IT resources, connectivity and infrastructure.  For example, compliance with GDPR requirements can be much easier with the cloud, with established service providers offering sophisticated and built-in controls. Also, when it comes to supporting workloads classified as UK OFFICIAL, the leading public cloud providers can readily support a cloud environment that aligns with the National Cyber Security Cloud Security Principles and Center for Internet Security (CIS) Critical Security Controls guidelines.

      #5 Your data is centrally located, increasing the risk of data loss
      Centralised data actually minimises the attack surface area and decreases the touchpoints for threat actors. The leading cloud infrastructure providers offer redundancy to ensure a single zone failure does not result in loss of data. In general, objects should be redundantly stored on multiple devices across multiple facilities in a data centre region.

      By harnessing the cloud, you can benefit from a flexible data platform where security, compliance and performance can all be configured to meet specific service requirements and is easily upgraded to keep pace with future requirements. Moving to cloud-based data management solutions can help you manage and store large volumes of sensitive data with more control, better security, and greater flexibility to enhance your organisation’s capabilities.

      Tunde Williams

      Tunde Williams is Head of Field and Solutions Marketing for Europe, Middle-East and Africa

      Tunde is on LinkedIn

      Follow @MotSolsEMEA on Twitter and look out for #Cloud

      Join our LinkedIn community

       

    • Connecting Cops Across The World With Twitter Author: Julian Foster

      Published Jun 09 2017, 1:51 PM by Paul Jeffs

      The Police Twitter Awards are the brainchild of Mike Kenworthy, a member of the public and keen Twitter user. Mike launched the awards in 2011 to recognise how Twitter was connecting communities in conversation, and for the stories being told about Policing. From humble beginnings, the awards have gone from strength to strength.

      Voting has now opened for the 2017 Police Twitter Awards. In recognition of the camaraderie and incredible work of Police Departments around the world, this year’s awards include the Motorola Solutions Best International Police Twitter Account category. So we’re calling on people around the world to nominate their favourite International Police Twitter accounts (category 13). Good luck everybody, and let the contest commence!

      Awards organiser, Chief Inspector Kerry Blakeman, West Midlands Police spoke with 2016 overall winner Sergeant Harry Tangye, Devon & Cornwall Police about his experiences over the past year and his thoughts on how social media is connecting cops on a global scale:

      Q: What’s it been like since you won last year’s Police Twitter Awards?
      A: It’s been completely life changing to be honest. It’s opened so many doors and meant that for the things you talk about regarding Road Safety, PTSD, spit hoods, Police dogs etc you get an audience. Of course, you do get extra followers, but through experience you learn how best to harness the potential of that – to get the message out effectively. It’s been an honour to let the public know what we’re all about. It’s been amazing.

      Q: How did your visit to Twitter UK go?
      A: Twitter were brilliant, we learned so much about tips for using Twitter and how it’s being used by Police Departments around the world. It was so interesting to see how our colleagues in the U.S. are ahead of the game with active shooters, and using Twitter to get the word out and manage the narrative. There were some really interesting case studies on how they’re using Twitter in the U.S. to recruit more Police women – in ways that haven’t been used in Europe, yet.

      Q: As winner of last year’s Police Twitter Awards, you were invited to the SMILE Conference in Long Beach, California. Tell us about that.
      A: Yes, that’s right. I had the hardship of representing UK Policing at the Social Media Internet Law Enforcement conference in sunny California. By the end of the 4 days, even my wife (who wasn’t into social media) was encouraging me to do more on Periscope, Facebook Live, and Instagram! You could sense the passion from the speakers and delegates, and could see how we’d be left behind if we don’t use social media in certain circumstances. I was honoured to speak during the conference and share how UK Policing are embracing social media and how we’ve progressed. A key thing I learned from the conference was how we learn from each other, and how U.S. Police Departments and forces in the Europe have incredibly similar problems – maybe on slightly different scales, but we’re all cops at the end of the day.

      Sgt Harry Tangye of Devon and Cornwall Police swaps hats with Chief Luna of Long Beach Police Department

      Sgt Harry Tangye of Devon and Cornwall Police swaps hats with Chief Luna of Long Beach Police Department

      Q: What’s your view on the relationship with corporate communications teams within forces? And what would your advice be for officers considering Twitter?
      A: I was very lucky in my force. My corporate comms team and the top corridor supported me and they believe in this. It’s imperative you work with them. I often get private messages from officers in other forces, and they are frightened rigid. You’ve got The Metropolitan Police for example, a huge animal of a force, they’re more restricted with individual accounts and I totally get that. Even though Devon & Cornwall are quite a big Police force, people know the individuals involved in the social media accounts a lot better. I’m not saying The Met are wrong in what they’re doing, but the important thing is to get the trust of each other. Corporate Communications need to know that your priorities are right and it’s not an ego trip. It has to be for the good of the force. I constantly remind mine that if they want to stop me then that’s fine, I’ll walk away. It’s their Twitter account at the end of the day. It’s important to come to an agreement on how to deal with things when they go wrong. You will get people complaining. How do you deal with that without going over the top? Rest time is vital before you take any action.

      Q: What’s your advice for when things go wrong on social?
      A: First of all, I wouldn’t be on Twitter if I thought it was seriously risking my career. I think we’ve gone past the stage where Police Forces have the knee-jerk-reaction where they shut down accounts if things go wrong. If you have a post and it gets misconstrued, don’t necessarily delete it. Take a moment. Don’t panic. Politely answer as if you would if you were walking the street. Don’t be afraid to apologise. We’re all human. We all make mistakes. We just have to learn from them. But make sure you have an agreement with corporate communications on how you deal with these types of situations.

      Q: Do you think police social media should be centralised or officers given autonomy?
      A: You have to look at the culture of your force. If it doesn’t fit, or the Commanders just aren’t comfortable with it, then that’s fine. But like it or not, social media is the way things are going, and in years to come it will be just as commonly used as email or phone calls for having conversations with the public. People want to know what’s happening in their communities, and the best way is to follow their local Police Officer on Twitter. People can then keep up with whatever is happening in their neighbourhoods – right at their fingertips (wherever they are). How powerful is that?

      Q: Do you think separate or group Twitter accounts are more valuable for informing the public?
      A: I think members of the public like to know who they are talking to. Some people put their initials at the end of Tweets from group accounts. That can give group accounts a slightly more personal flavour. It’s important that you’re authentic, and you use your own strengths – so that can cause a problem with group accounts where different people are posting. 

      Q: What’s the time spent vs benefit of social media in Policing?
      A: There’s a steep learning curve to start with. But as that curve gets shorter, social media just becomes a part of your working life as a Police officer. You do reach a stage where you realise that one Tweet can reach 000s or even 10,000s of people, and all of a sudden, telephones are no longer ringing off the hook. Instead, the public are getting the info they need from your Twitter feed. You can actually do a whole lot with little resource on social media. Its value to Policing has been brought into sharp focus with recent events. Twitter has been instrumental in enabling Greater Manchester Police and The Metropolitan Police to keep members of the public informed and to manage the narrative.

      Q-and-As are edited for clarity and length.

      Find out more about 2017 Police Twitter Awards
      For a full list of categories, how to vote, or to learn more about the Police Twitter Awards, please visit https://www.policetwitterawards.com/

      The Police Twitter Awards are supported by Twitter UK and sponsored by Motorola Solutions, Laws Communication, and Police Oracle. This year’s nominated charity is Care of Police Survivors CoPs. The charity does an amazing job in supporting the families of those officers who’ve fallen in the line of duty.

      Julian Foster

       

      Julian Foster is Global Co-Lead for our Social Media Centre of Excellence.

      Connect with Julian on LinkedIn

       

      Follow #PolTAwards (with an L), #ThinkPublicSafety, @MotSolsEMEA, on Twitter.

    Please wait...