Earlier this year I attended Critical Communications Europe, a conference focused on educating end-users and operators on the trends and evolving technologies in mission critical communications, especially TETRA. My mission at the show was to increase cybersecurity awareness. LMR systems like TETRA are no longer entirely closed networks or immune from cyber threats. If anything, serving as a mission-critical, communication component for government and public safety agencies, they have a propensity of gaining the attention of hackers. Government entities are being attacked at twice the rate of other industries across the board.
My goal was to raise awareness about the importance of proactive cybersecurity measures for LMR systems with a live hacking demonstration. From my demos, here were the common insights I gleaned from the LMR end-users and system operators I met:
Cybersecurity education is still needed. Only a small subset of those I spoke to had a sound understanding of their LMR system’s level of risk. Others were aware that their systems are now vulnerable to cyber threats. However, they were not knowledgeable of how their system can be compromised; their risk posture; or how to protect their systems from and respond to cyber intrusions.
Hackers aren’t that sophisticated. Most of the individuals I spoke to weren’t aware that you don’t have to be a brilliant hacker to create something that can comprise a system. Without a great deal of knowledge, hackers can create an exploit that can work on a LMR system. Everything needed is available through a few clicks of the button. A conference attendee that person I spoke to said, “I had no idea it was that simple!”
Chaos and disruption is the end goal. During my demo, I reviewed various examples of the actions hackers can take once in their systems. I explained how a hacker can upload code to overwrite operating software files to disrupt the network, launch web browser that redirect system users to a malicious website, and execute commands that can remotely shutdown and reboot a system server. Most system assaults are directed at disrupting communication at some level.
Most successful attacks are based on known vulnerabilities. The “A Ha!!” moment came when I pointed out that most attacks are based on known system vulnerabilities – 75% according to the Center for Strategic and International Studies. However, the good news is that these vulnerabilities have patches that can be applied to systems. Security patching is one of the first and important steps anyone can take to mitigate cybersecurity threats.
From my conversations at the show, the end-users and operators I spoke to are more aware that their systems are vulnerable to cyber intrusions. However, it’s important that everyone understands their system’s risk posture and how to proactively address cyber threats. There isn’t room for complacency when safeguarding a mission-critical, LMR system. While there are many strategies and options available, there is one action everyone should take to mitigate cyber threats—regular security patching. For our customers, we offer this service with rigour by pre-testing and validating all required patches to ensure they don’t cause any disruption when installed. If you don’t patch, you’re at greater risk to get hacked. Why let that happen? Learn more at motorolasolutions.com/cybersecurity.
Paul Hill is Security Services Delivery Lead
Follow #ThinkPublicSafety, #Cybersecurity and @MotSolsEMEA on Twitter.