Earlier this year I attended Critical Communications Europe, a conference focused on educating end-users and operators on the trends and evolving technologies in mission critical communications, especially TETRA. My mission at the show was to increase cybersecurity awareness. LMR systems like TETRA are no longer entirely closed networks or immune from cyber threats. If anything, serving as a mission-critical, communication component for government and public safety agencies, they have a propensity of gaining the attention of hackers. Government entities are being attacked at twice the rate of other industries across the board.
My goal was to raise awareness about the importance of proactive cybersecurity measures for LMR systems with a live hacking demonstration. From my demos, here were the common insights I gleaned from the LMR end-users and system operators I met:
Cybersecurity education is still needed. Only a small subset of those I spoke to had a sound understanding of their LMR system’s level of risk. Others were aware that their systems are now vulnerable to cyber threats. However, they were not knowledgeable of how their system can be compromised; their risk posture; or how to protect their systems from and respond to cyber intrusions.
Hackers aren’t that sophisticated. Most of the individuals I spoke to weren’t aware that you don’t have to be a brilliant hacker to create something that can comprise a system. Without a great deal of knowledge, hackers can create an exploit that can work on a LMR system. Everything needed is available through a few clicks of the button. A conference attendee that person I spoke to said, “I had no idea it was that simple!”
Chaos and disruption is the end goal. During my demo, I reviewed various examples of the actions hackers can take once in their systems. I explained how a hacker can upload code to overwrite operating software files to disrupt the network, launch web browser that redirect system users to a malicious website, and execute commands that can remotely shutdown and reboot a system server. Most system assaults are directed at disrupting communication at some level.
Most successful attacks are based on known vulnerabilities. The “A Ha!!” moment came when I pointed out that most attacks are based on known system vulnerabilities – 75% according to the Center for Strategic and International Studies. However, the good news is that these vulnerabilities have patches that can be applied to systems. Security patching is one of the first and important steps anyone can take to mitigate cybersecurity threats.
From my conversations at the show, the end-users and operators I spoke to are more aware that their systems are vulnerable to cyber intrusions. However, it’s important that everyone understands their system’s risk posture and how to proactively address cyber threats. There isn’t room for complacency when safeguarding a mission-critical, LMR system. While there are many strategies and options available, there is one action everyone should take to mitigate cyber threats—regular security patching. For our customers, we offer this service with rigour by pre-testing and validating all required patches to ensure they don’t cause any disruption when installed. If you don’t patch, you’re at greater risk to get hacked. Why let that happen? Learn more at motorolasolutions.com/cybersecurity.
Paul Hill is Security Services Delivery Lead
Follow #ThinkPublicSafety, #Cybersecurity and @MotSolsEMEA on Twitter.
Once viewed with a great deal of scepticism, the public cloud is now mainstream. Today, more than 80% of UK organisations have adopted at least one cloud service (source: Cloud Industry Forum). Yet, despite the growing adoption, fear, doubt and uncertainty persist around cloud deployments. Given the potentially transformative benefits of the cloud, I think it is important that we challenge the myths and get to the facts. Let’s take a look at some of the common myths.
#1 There are more data breaches in the cloud
According to the Spring 2014 Alert Logic Cloud Security Report, both on-premise and cloud hosting providers (CHP) saw a dramatic increase in vulnerability scans from 2012 to 2013, with CHPs having a slightly greater increase. But depending on the type of attack, such as malware and botnets, on-premise deployments were far more susceptible.
Source: Alert Logic Cloud Security Report, 2014
#2 Cloud is less secure than on-premise solutions
Public cloud providers benefit from economies of scale and investment resources to deploy and maintain cutting edge security technology. For example, most cloud service providers have better physical security for their datacentres than most companies have for their own facilities. Across both security and compliance, global public cloud providers are able to invest massive amounts of resources that exceed what any one individual organisation can realistically deploy.
#3 You lose control of your data when it is in the cloud
Cloud vendors are not all the same. Terms and conditions and contracts setup between the consumer and the cloud service provider must affirm that you maintain ownership of all data that is ingested or generated from using the service. Furthermore, the contract should prohibit access, sharing or sub-licensing of your data for any reason other than it being used in conjunction with your application subscriptions and comply with the General Data Protection Regulation (GDPR) which goes into effect on 25 May 2018.
#4 The cloud is going to cost you significantly more
Cloud deployments reduce operational expense by minimising your need for complex IT resources, connectivity and infrastructure. For example, compliance with GDPR requirements can be much easier with the cloud, with established service providers offering sophisticated and built-in controls. Also, when it comes to supporting workloads classified as UK OFFICIAL, the leading public cloud providers can readily support a cloud environment that aligns with the National Cyber Security Cloud Security Principles and Center for Internet Security (CIS) Critical Security Controls guidelines.
#5 Your data is centrally located, increasing the risk of data loss
Centralised data actually minimises the attack surface area and decreases the touchpoints for threat actors. The leading cloud infrastructure providers offer redundancy to ensure a single zone failure does not result in loss of data. In general, objects should be redundantly stored on multiple devices across multiple facilities in a data centre region.
By harnessing the cloud, you can benefit from a flexible data platform where security, compliance and performance can all be configured to meet specific service requirements and is easily upgraded to keep pace with future requirements. Moving to cloud-based data management solutions can help you manage and store large volumes of sensitive data with more control, better security, and greater flexibility to enhance your organisation’s capabilities.
Tunde Williams is Head of Field and Solutions Marketing for Europe, Middle-East and Africa
Follow @MotSolsEMEA on Twitter and look out for #Cloud
Thousands of articles, videos and blogs have been written about the importance of software security patching. The simple fact is that most cyber-attacks are based on known system and software vulnerabilities. Patching can correct these vulnerabilities and safeguard your network from intrusions.
And yet around the world, many of us fail to make security patching a priority. This became eminently clear recently in the largest cyber-attack ever. A ransomware known as “WannaCry” resulted in more than 45,000 attacks in at least 100 countries over a 48-hour window. Former Assistant Attorney General for National Security John Carlin stated, “The reason this is hitting so many computers at once is they [the hackers] discovered a vulnerability in the most popular operating system in the world...in Microsoft Windows.”
Companies that were up to date on their patching were not affected by the cyber attack that shocked not only private organisations such as telecom giant Spain's Telefonica, but also government and public safety mission-critical entities such as hospitals and clinics across the United Kingdom and the Andhra Pradesh police in India.
“The fact that so many organisations were vulnerable to this was quite a surprise,” said cyber expert and CEO of Capital Alpha Security in the United Kingdom Matt Tait. “This patch came out three months ago." Yes, Microsoft did announce a fix for the vulnerability, but not everyone acted or even took note when the announcement was made. Some were unaware. Others had budget or resource constraints or simply waited to address due to other priorities.
The main lesson from WannaCry outbreak? Don't delay patching - ever. The political, public relationship and most important, civilian ramifications are enormous, especially for mission-critical organisations that depend on sophisticated IP-based communication networks. Our dedicated security experts help our customers mitigate cybersecurity threats with validated security patches through our Security Update Service (SUS). We analysed, vetted and released the patch which addressed the WannaCry vulnerability to our customer base shortly after its initial release by Microsoft. We installed it and others for customers who opt for remote security patching and encourage those with our self-install patching option to do so immediately and reboot servers if you already haven’t.
The good news is that a security researcher inadvertently discovered a 'kill switch' which has halted the spread of the initial worm that took the world by surprise. In our modern world of cyber-threats, none of us can afford to be complacent any longer. Security patching is one of the core, fundamental steps needed to safeguard your system from cyber threats. For more information, visit our cybersecurity services page.
Paul Hill is Security Services Delivery Lead
Follow #ThinkPublicSafety, #Cybersecurity and @MotSolsEMEA on Twitter.
The evolving world of social is always presenting new challenges (such as ever-changing algorithms), but opening windows on new opportunities for Public Safety too.
Last month, I was fortunate to attend the Social Media Internet Law Enforcement conference (SMILE) – hosted by Chief Luna from Long Beach Police Department. The event saw law enforcement professionals from around the world share their experiences of social media in community policing, intelligence, and emergency management.
Here’s my top 10 tips for effective use of social media in Public Safety:
1. Engage. Engage. Engage.
Think of social media as a conversation with your community. Remember, it’s not just about outbound (no one likes the person at a dinner party who only talks about themselves). Read every comment, it’s important to people – even a “like” is acknowledgement. Being on social and being active on social are quite different things.
2. Build up credit with the “Community Bank”
Building trust is absolutely vital, but takes time, and it’s something you have to earn. It’s important to back up your words on social media with actions in the community. You have to interact physically, emotionally, and socially.
3. Controlled transparency
A lack of transparency breeds mistrust. So open your doors and share behind the scenes tours of the great work that Public Safety professionals do every day. Of course you can’t share everything, citizens understand that – but that’s what makes the moments you do share special.
4. Create a connection
You need to build relationships to rise above the noise of social media.Tell a story that people can relate to, in conversational language people can easily understand. Don’t be afraid of using humour. We’re all human after all.
5. Authenticity trumps production any day
Authentic content will always resonate more strongly with your community than highly polished “Steven Spielberg” masterpieces. Keep it real – you simply don’t need expensive cameras and advanced editing skills to communicate effectively on video.
6. Establish a social media policy for your agency
There’s no “one size fits all” when it comes to social media policy, but key considerations should be; citizen conduct, employee conduct, employee access, acceptable use, content, terms for engagement (when would you delete, hide, leave alone, or engage with a post?), security, data storage, account management, monitoring, listening, measurement, legal issues, crisis escalation, trusted media influencers. It’s also useful to define what success looks like (don’t get hung up on follower numbers, shift your focus towards engagement). But don’t force people to use social. Use willing volunteers.
7. Make friends with social media algorithms
There’s no point in trying to fight against the algorithms that control content display on social media platforms. Adapting is the only option. The subject of social media algorithms is vast, but my top tips would be; always share relevant, high quality content, actively engage with followers, tag relevant accounts in your posts, pay attention to analytics to learn what types of posts are working, seriously consider how you’re hosting video content.
8. Release your inner data scientist with a multi-purpose intelligence hub
Social media has changed our perception and understanding of what intelligence is and who’s responsible for it. Intelligence is useful information that can help inform a decision. But it’s also non-useful information that can help form an opinion. With social media being so immediate it’s essential that you stay in front of the “story”.
Listening and monitoring is absolutely key. Set up passive monitoring (e.g. general keywords such as “riot), and active monitoring (e.g. specific keywords such names of gangs). Set alerts when thresholds are met. Clearly define social media roles for times of crisis. It’s also important to set up listening streams to identify the topics concerning your community.
9. Silence isn’t always golden
Don’t go dark in times of emergency. You must keep the conversation going with your community – even if you explain that the information you’re sharing is preliminary. Get in front of the message, and don’t let negativity build.
10. You can’t win them all
There’ll always be some people where you can’t change their mind in 140 characters – no matter how hard you try. Don’t take it personally! For every negative interaction on social, there’s a 1,000 positive ones around the corner. And not every post will be applicable to everyone. The harder you “try” and create something that will go viral – the more unlikely it will happen. Learn from your experiences, and always be prepared to publicly admit when you make a mistake – people will thank you for it. There’s no room for egos on social media.
I’d like to leave you with one “bonus” tip, check out this road safety video from Indiana State Trooper John Perrine. It’s living proof that humour and authenticity will always come out top:
Julian Foster is Global Co-Lead for our Social Media Centre of Excellence.
Receiving this blog post by email? You may not see the video embedded in this blog – if so you can watch at this URL instead - https://www.youtube.com/watch?v=dTFHCyNVBTk&feature=youtu.be - apologies for any inconvenience.
Follow #ThinkPublicSafety, @MotSolsEMEA, on Twitter.
Useful Resources for Social Media in Public Safety
EENA, the European Emergency Number Association, regularly brings together public authorities, industry experts and researchers to share best practices at an annual conference. This year’s conference was well attended, with about 650 delegates from 55 countries. The conference is just over, but I’d like to take the opportunity to share a few impressions with some photos fresh from the event....
An interview with David Ginola kicked off.....
...a very busy conference:
Dan Sawicki held a very lively session in the Innovation Theatre on ‘Global Solutions for Next Generation Citizen-to-Authority Communications: Providing the Technology and Tools Required by the Next Generation Call Taker’:
Bill Mertka contributed to the conference session on the Future of CAD as well as presenting in the main conference on ‘Smart Cities Public Safety: Advanced Sensors, Automation and the Internet of Things (IoT) in NG112’:
The exhibition was well attended by all the emergency services:
And our demonstration of MACS received a lot of interest:
If you want to catch up with presentations, videos, and more from the conference – you can visit the EENA 2017 conference site - http://www.eena.org/events/eena-conference-2017
Amanda Clifford is Senior Events Manager
Follow @MotSolsEMEA on Twitter and look out for #EENA2017
Let’s start with a stat: 80% of government IT leaders experienced at least 1 critical network outage in the last 3 months.(1)
Public safety mission critical systems have to stay available 24 x 7 x 365. Period. A Public Safety system is not a “normal” IT network. Your technology needs to keep first responders safe and needs to be uniquely supported and managed to operate under all circumstances and events – planned or unplanned. You have to prepare to fail.
Understanding how your system operates in various failure modes is critical. How well can you identify an outage versus a maintenance check? What types of contingency plans do you have defined in your organisation and with third-party vendors and agencies? How often are you accessing wireless coverage information to ensure you don’t have any new blind spots from when the system was first installed? If and when a failure does happen, how responsive you are to minimising the downtime can make a significant difference in the outcome you experience.
Mission-critical network management takes rigour and expertise that requires a comprehensive approach with the right team, processes and tools.
You can read more about best practices you need to adopt in our new whitepaper: Critical Steps to Prevent Network Downtime.
Find out more about our range of services for mission-critical networks and more at www.motorolasolutions.com/services
John Moule is Public Safety Sales Lead – EIA
SOURCES: (1) 2016 Survey by the Center for Digital Government.
Follow @MotSolsEMEA on Twitter and look out for #NetworkDowntime