Earlier this year I attended Critical Communications Europe, a conference focused on educating end-users and operators on the trends and evolving technologies in mission critical communications, especially TETRA. My mission at the show was to increase cybersecurity awareness. LMR systems like TETRA are no longer entirely closed networks or immune from cyber threats. If anything, serving as a mission-critical, communication component for government and public safety agencies, they have a propensity of gaining the attention of hackers. Government entities are being attacked at twice the rate of other industries across the board.
My goal was to raise awareness about the importance of proactive cybersecurity measures for LMR systems with a live hacking demonstration. From my demos, here were the common insights I gleaned from the LMR end-users and system operators I met:
Cybersecurity education is still needed. Only a small subset of those I spoke to had a sound understanding of their LMR system’s level of risk. Others were aware that their systems are now vulnerable to cyber threats. However, they were not knowledgeable of how their system can be compromised; their risk posture; or how to protect their systems from and respond to cyber intrusions.
Hackers aren’t that sophisticated. Most of the individuals I spoke to weren’t aware that you don’t have to be a brilliant hacker to create something that can comprise a system. Without a great deal of knowledge, hackers can create an exploit that can work on a LMR system. Everything needed is available through a few clicks of the button. A conference attendee that person I spoke to said, “I had no idea it was that simple!”
Chaos and disruption is the end goal. During my demo, I reviewed various examples of the actions hackers can take once in their systems. I explained how a hacker can upload code to overwrite operating software files to disrupt the network, launch web browser that redirect system users to a malicious website, and execute commands that can remotely shutdown and reboot a system server. Most system assaults are directed at disrupting communication at some level.
Most successful attacks are based on known vulnerabilities. The “A Ha!!” moment came when I pointed out that most attacks are based on known system vulnerabilities – 75% according to the Center for Strategic and International Studies. However, the good news is that these vulnerabilities have patches that can be applied to systems. Security patching is one of the first and important steps anyone can take to mitigate cybersecurity threats.
From my conversations at the show, the end-users and operators I spoke to are more aware that their systems are vulnerable to cyber intrusions. However, it’s important that everyone understands their system’s risk posture and how to proactively address cyber threats. There isn’t room for complacency when safeguarding a mission-critical, LMR system. While there are many strategies and options available, there is one action everyone should take to mitigate cyber threats—regular security patching. For our customers, we offer this service with rigour by pre-testing and validating all required patches to ensure they don’t cause any disruption when installed. If you don’t patch, you’re at greater risk to get hacked. Why let that happen? Learn more at motorolasolutions.com/cybersecurity.
Paul Hill is Security Services Delivery Lead
Follow #ThinkPublicSafety, #Cybersecurity and @MotSolsEMEA on Twitter.
Once viewed with a great deal of scepticism, the public cloud is now mainstream. Today, more than 80% of UK organisations have adopted at least one cloud service (source: Cloud Industry Forum). Yet, despite the growing adoption, fear, doubt and uncertainty persist around cloud deployments. Given the potentially transformative benefits of the cloud, I think it is important that we challenge the myths and get to the facts. Let’s take a look at some of the common myths.
#1 There are more data breaches in the cloud
According to the Spring 2014 Alert Logic Cloud Security Report, both on-premise and cloud hosting providers (CHP) saw a dramatic increase in vulnerability scans from 2012 to 2013, with CHPs having a slightly greater increase. But depending on the type of attack, such as malware and botnets, on-premise deployments were far more susceptible.
Source: Alert Logic Cloud Security Report, 2014
#2 Cloud is less secure than on-premise solutions
Public cloud providers benefit from economies of scale and investment resources to deploy and maintain cutting edge security technology. For example, most cloud service providers have better physical security for their datacentres than most companies have for their own facilities. Across both security and compliance, global public cloud providers are able to invest massive amounts of resources that exceed what any one individual organisation can realistically deploy.
#3 You lose control of your data when it is in the cloud
Cloud vendors are not all the same. Terms and conditions and contracts setup between the consumer and the cloud service provider must affirm that you maintain ownership of all data that is ingested or generated from using the service. Furthermore, the contract should prohibit access, sharing or sub-licensing of your data for any reason other than it being used in conjunction with your application subscriptions and comply with the General Data Protection Regulation (GDPR) which goes into effect on 25 May 2018.
#4 The cloud is going to cost you significantly more
Cloud deployments reduce operational expense by minimising your need for complex IT resources, connectivity and infrastructure. For example, compliance with GDPR requirements can be much easier with the cloud, with established service providers offering sophisticated and built-in controls. Also, when it comes to supporting workloads classified as UK OFFICIAL, the leading public cloud providers can readily support a cloud environment that aligns with the National Cyber Security Cloud Security Principles and Center for Internet Security (CIS) Critical Security Controls guidelines.
#5 Your data is centrally located, increasing the risk of data loss
Centralised data actually minimises the attack surface area and decreases the touchpoints for threat actors. The leading cloud infrastructure providers offer redundancy to ensure a single zone failure does not result in loss of data. In general, objects should be redundantly stored on multiple devices across multiple facilities in a data centre region.
By harnessing the cloud, you can benefit from a flexible data platform where security, compliance and performance can all be configured to meet specific service requirements and is easily upgraded to keep pace with future requirements. Moving to cloud-based data management solutions can help you manage and store large volumes of sensitive data with more control, better security, and greater flexibility to enhance your organisation’s capabilities.
Tunde Williams is Head of Field and Solutions Marketing for Europe, Middle-East and Africa
Follow @MotSolsEMEA on Twitter and look out for #Cloud
The Police Twitter Awards are the brainchild of Mike Kenworthy, a member of the public and keen Twitter user. Mike launched the awards in 2011 to recognise how Twitter was connecting communities in conversation, and for the stories being told about Policing. From humble beginnings, the awards have gone from strength to strength.
Voting has now opened for the 2017 Police Twitter Awards. In recognition of the camaraderie and incredible work of Police Departments around the world, this year’s awards include the Motorola Solutions Best International Police Twitter Account category. So we’re calling on people around the world to nominate their favourite International Police Twitter accounts (category 13). Good luck everybody, and let the contest commence!
Awards organiser, Chief Inspector Kerry Blakeman, West Midlands Police spoke with 2016 overall winner Sergeant Harry Tangye, Devon & Cornwall Police about his experiences over the past year and his thoughts on how social media is connecting cops on a global scale:
Q: What’s it been like since you won last year’s Police Twitter Awards?
A: It’s been completely life changing to be honest. It’s opened so many doors and meant that for the things you talk about regarding Road Safety, PTSD, spit hoods, Police dogs etc you get an audience. Of course, you do get extra followers, but through experience you learn how best to harness the potential of that – to get the message out effectively. It’s been an honour to let the public know what we’re all about. It’s been amazing.
Q: How did your visit to Twitter UK go?
A: Twitter were brilliant, we learned so much about tips for using Twitter and how it’s being used by Police Departments around the world. It was so interesting to see how our colleagues in the U.S. are ahead of the game with active shooters, and using Twitter to get the word out and manage the narrative. There were some really interesting case studies on how they’re using Twitter in the U.S. to recruit more Police women – in ways that haven’t been used in Europe, yet.
Q: As winner of last year’s Police Twitter Awards, you were invited to the SMILE Conference in Long Beach, California. Tell us about that.
A: Yes, that’s right. I had the hardship of representing UK Policing at the Social Media Internet Law Enforcement conference in sunny California. By the end of the 4 days, even my wife (who wasn’t into social media) was encouraging me to do more on Periscope, Facebook Live, and Instagram! You could sense the passion from the speakers and delegates, and could see how we’d be left behind if we don’t use social media in certain circumstances. I was honoured to speak during the conference and share how UK Policing are embracing social media and how we’ve progressed. A key thing I learned from the conference was how we learn from each other, and how U.S. Police Departments and forces in the Europe have incredibly similar problems – maybe on slightly different scales, but we’re all cops at the end of the day.
Sgt Harry Tangye of Devon and Cornwall Police swaps hats with Chief Luna of Long Beach Police Department
Q: What’s your view on the relationship with corporate communications teams within forces? And what would your advice be for officers considering Twitter?
A: I was very lucky in my force. My corporate comms team and the top corridor supported me and they believe in this. It’s imperative you work with them. I often get private messages from officers in other forces, and they are frightened rigid. You’ve got The Metropolitan Police for example, a huge animal of a force, they’re more restricted with individual accounts and I totally get that. Even though Devon & Cornwall are quite a big Police force, people know the individuals involved in the social media accounts a lot better. I’m not saying The Met are wrong in what they’re doing, but the important thing is to get the trust of each other. Corporate Communications need to know that your priorities are right and it’s not an ego trip. It has to be for the good of the force. I constantly remind mine that if they want to stop me then that’s fine, I’ll walk away. It’s their Twitter account at the end of the day. It’s important to come to an agreement on how to deal with things when they go wrong. You will get people complaining. How do you deal with that without going over the top? Rest time is vital before you take any action.
Q: What’s your advice for when things go wrong on social?
A: First of all, I wouldn’t be on Twitter if I thought it was seriously risking my career. I think we’ve gone past the stage where Police Forces have the knee-jerk-reaction where they shut down accounts if things go wrong. If you have a post and it gets misconstrued, don’t necessarily delete it. Take a moment. Don’t panic. Politely answer as if you would if you were walking the street. Don’t be afraid to apologise. We’re all human. We all make mistakes. We just have to learn from them. But make sure you have an agreement with corporate communications on how you deal with these types of situations.
Q: Do you think police social media should be centralised or officers given autonomy?
A: You have to look at the culture of your force. If it doesn’t fit, or the Commanders just aren’t comfortable with it, then that’s fine. But like it or not, social media is the way things are going, and in years to come it will be just as commonly used as email or phone calls for having conversations with the public. People want to know what’s happening in their communities, and the best way is to follow their local Police Officer on Twitter. People can then keep up with whatever is happening in their neighbourhoods – right at their fingertips (wherever they are). How powerful is that?
Q: Do you think separate or group Twitter accounts are more valuable for informing the public?
A: I think members of the public like to know who they are talking to. Some people put their initials at the end of Tweets from group accounts. That can give group accounts a slightly more personal flavour. It’s important that you’re authentic, and you use your own strengths – so that can cause a problem with group accounts where different people are posting.
Q: What’s the time spent vs benefit of social media in Policing?
A: There’s a steep learning curve to start with. But as that curve gets shorter, social media just becomes a part of your working life as a Police officer. You do reach a stage where you realise that one Tweet can reach 000s or even 10,000s of people, and all of a sudden, telephones are no longer ringing off the hook. Instead, the public are getting the info they need from your Twitter feed. You can actually do a whole lot with little resource on social media. Its value to Policing has been brought into sharp focus with recent events. Twitter has been instrumental in enabling Greater Manchester Police and The Metropolitan Police to keep members of the public informed and to manage the narrative.
Q-and-As are edited for clarity and length.
Find out more about 2017 Police Twitter Awards
For a full list of categories, how to vote, or to learn more about the Police Twitter Awards, please visit https://www.policetwitterawards.com/
The Police Twitter Awards are supported by Twitter UK and sponsored by Motorola Solutions, Laws Communication, and Police Oracle. This year’s nominated charity is Care of Police Survivors CoPs. The charity does an amazing job in supporting the families of those officers who’ve fallen in the line of duty.
Julian Foster is Global Co-Lead for our Social Media Centre of Excellence.
Follow #PolTAwards (with an L), #ThinkPublicSafety, @MotSolsEMEA, on Twitter.
Thousands of articles, videos and blogs have been written about the importance of software security patching. The simple fact is that most cyber-attacks are based on known system and software vulnerabilities. Patching can correct these vulnerabilities and safeguard your network from intrusions.
And yet around the world, many of us fail to make security patching a priority. This became eminently clear recently in the largest cyber-attack ever. A ransomware known as “WannaCry” resulted in more than 45,000 attacks in at least 100 countries over a 48-hour window. Former Assistant Attorney General for National Security John Carlin stated, “The reason this is hitting so many computers at once is they [the hackers] discovered a vulnerability in the most popular operating system in the world...in Microsoft Windows.”
Companies that were up to date on their patching were not affected by the cyber attack that shocked not only private organisations such as telecom giant Spain's Telefonica, but also government and public safety mission-critical entities such as hospitals and clinics across the United Kingdom and the Andhra Pradesh police in India.
“The fact that so many organisations were vulnerable to this was quite a surprise,” said cyber expert and CEO of Capital Alpha Security in the United Kingdom Matt Tait. “This patch came out three months ago." Yes, Microsoft did announce a fix for the vulnerability, but not everyone acted or even took note when the announcement was made. Some were unaware. Others had budget or resource constraints or simply waited to address due to other priorities.
The main lesson from WannaCry outbreak? Don't delay patching - ever. The political, public relationship and most important, civilian ramifications are enormous, especially for mission-critical organisations that depend on sophisticated IP-based communication networks. Our dedicated security experts help our customers mitigate cybersecurity threats with validated security patches through our Security Update Service (SUS). We analysed, vetted and released the patch which addressed the WannaCry vulnerability to our customer base shortly after its initial release by Microsoft. We installed it and others for customers who opt for remote security patching and encourage those with our self-install patching option to do so immediately and reboot servers if you already haven’t.
The good news is that a security researcher inadvertently discovered a 'kill switch' which has halted the spread of the initial worm that took the world by surprise. In our modern world of cyber-threats, none of us can afford to be complacent any longer. Security patching is one of the core, fundamental steps needed to safeguard your system from cyber threats. For more information, visit our cybersecurity services page.
Paul Hill is Security Services Delivery Lead
Follow #ThinkPublicSafety, #Cybersecurity and @MotSolsEMEA on Twitter.
The evolving world of social is always presenting new challenges (such as ever-changing algorithms), but opening windows on new opportunities for Public Safety too.
Last month, I was fortunate to attend the Social Media Internet Law Enforcement conference (SMILE) – hosted by Chief Luna from Long Beach Police Department. The event saw law enforcement professionals from around the world share their experiences of social media in community policing, intelligence, and emergency management.
Here’s my top 10 tips for effective use of social media in Public Safety:
1. Engage. Engage. Engage.
Think of social media as a conversation with your community. Remember, it’s not just about outbound (no one likes the person at a dinner party who only talks about themselves). Read every comment, it’s important to people – even a “like” is acknowledgement. Being on social and being active on social are quite different things.
2. Build up credit with the “Community Bank”
Building trust is absolutely vital, but takes time, and it’s something you have to earn. It’s important to back up your words on social media with actions in the community. You have to interact physically, emotionally, and socially.
3. Controlled transparency
A lack of transparency breeds mistrust. So open your doors and share behind the scenes tours of the great work that Public Safety professionals do every day. Of course you can’t share everything, citizens understand that – but that’s what makes the moments you do share special.
4. Create a connection
You need to build relationships to rise above the noise of social media.Tell a story that people can relate to, in conversational language people can easily understand. Don’t be afraid of using humour. We’re all human after all.
5. Authenticity trumps production any day
Authentic content will always resonate more strongly with your community than highly polished “Steven Spielberg” masterpieces. Keep it real – you simply don’t need expensive cameras and advanced editing skills to communicate effectively on video.
6. Establish a social media policy for your agency
There’s no “one size fits all” when it comes to social media policy, but key considerations should be; citizen conduct, employee conduct, employee access, acceptable use, content, terms for engagement (when would you delete, hide, leave alone, or engage with a post?), security, data storage, account management, monitoring, listening, measurement, legal issues, crisis escalation, trusted media influencers. It’s also useful to define what success looks like (don’t get hung up on follower numbers, shift your focus towards engagement). But don’t force people to use social. Use willing volunteers.
7. Make friends with social media algorithms
There’s no point in trying to fight against the algorithms that control content display on social media platforms. Adapting is the only option. The subject of social media algorithms is vast, but my top tips would be; always share relevant, high quality content, actively engage with followers, tag relevant accounts in your posts, pay attention to analytics to learn what types of posts are working, seriously consider how you’re hosting video content.
8. Release your inner data scientist with a multi-purpose intelligence hub
Social media has changed our perception and understanding of what intelligence is and who’s responsible for it. Intelligence is useful information that can help inform a decision. But it’s also non-useful information that can help form an opinion. With social media being so immediate it’s essential that you stay in front of the “story”.
Listening and monitoring is absolutely key. Set up passive monitoring (e.g. general keywords such as “riot), and active monitoring (e.g. specific keywords such names of gangs). Set alerts when thresholds are met. Clearly define social media roles for times of crisis. It’s also important to set up listening streams to identify the topics concerning your community.
9. Silence isn’t always golden
Don’t go dark in times of emergency. You must keep the conversation going with your community – even if you explain that the information you’re sharing is preliminary. Get in front of the message, and don’t let negativity build.
10. You can’t win them all
There’ll always be some people where you can’t change their mind in 140 characters – no matter how hard you try. Don’t take it personally! For every negative interaction on social, there’s a 1,000 positive ones around the corner. And not every post will be applicable to everyone. The harder you “try” and create something that will go viral – the more unlikely it will happen. Learn from your experiences, and always be prepared to publicly admit when you make a mistake – people will thank you for it. There’s no room for egos on social media.
I’d like to leave you with one “bonus” tip, check out this road safety video from Indiana State Trooper John Perrine. It’s living proof that humour and authenticity will always come out top:
Julian Foster is Global Co-Lead for our Social Media Centre of Excellence.
Receiving this blog post by email? You may not see the video embedded in this blog – if so you can watch at this URL instead - https://www.youtube.com/watch?v=dTFHCyNVBTk&feature=youtu.be - apologies for any inconvenience.
Follow #ThinkPublicSafety, @MotSolsEMEA, on Twitter.
Useful Resources for Social Media in Public Safety
EENA, the European Emergency Number Association, regularly brings together public authorities, industry experts and researchers to share best practices at an annual conference. This year’s conference was well attended, with about 650 delegates from 55 countries. The conference is just over, but I’d like to take the opportunity to share a few impressions with some photos fresh from the event....
An interview with David Ginola kicked off.....
...a very busy conference:
Dan Sawicki held a very lively session in the Innovation Theatre on ‘Global Solutions for Next Generation Citizen-to-Authority Communications: Providing the Technology and Tools Required by the Next Generation Call Taker’:
Bill Mertka contributed to the conference session on the Future of CAD as well as presenting in the main conference on ‘Smart Cities Public Safety: Advanced Sensors, Automation and the Internet of Things (IoT) in NG112’:
The exhibition was well attended by all the emergency services:
And our demonstration of MACS received a lot of interest:
If you want to catch up with presentations, videos, and more from the conference – you can visit the EENA 2017 conference site - http://www.eena.org/events/eena-conference-2017
Amanda Clifford is Senior Events Manager
Follow @MotSolsEMEA on Twitter and look out for #EENA2017