Reliable, safe, and efficient communication solutions are always at the core of any emergency services ecosystem — and with so many city-wide organizations, public officials and residential entities passing emergency-sensitive details across these information infrastructures, it’s no surprise that users with nefarious intent can sometimes access sensitive and secure data and threaten the emergency services sector (ESS) process.
As innovative technologies become increasingly incorporated into all aspects of ESS service delivery, hackers have found many opportunities to exploit new vulnerabilities. Communication technologies — including 5G, AI, and IoT-enabled devices — can improve ESS response times and help responders coordinate their efforts. Before implementation, however, vulnerabilities with these technologies must be addressed in order to maintain the integrity of ESS services.
Currently, the biggest cybersecurity threats to ESS services include the following.
While the mechanism of action behind each of these types of attacks varies, they all result in a compromised ability to deliver vital emergency services. Cyberattacks can cripple critical infrastructure, result in the loss of personally identifiable information (PII) or secure medical information, and even block communication channels.
The loss of any functionality or data can be devastating, putting already vulnerable citizens at risk. Without an immediate emergency response, those in medical peril can worsen in condition or even die while waiting. Also, fires may not be brought under control or extinguished as quickly as possible, thereby causing additional damage and possibly contributing to the loss of life. The list of disaster scenarios potentially resulting from the interruption or loss of emergency services is endless — and often tragic.
ESS disruption or loss has caused so much upheaval and disaster that Executive Order 13636: Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD) 21: Critical Infrastructure Security and Resilience were issued in 2013. The executive order helped create a critical national infrastructure composed of a voluntary set of standards, methodologies, procedures, and processes to address cyberthreats. PPD 21 sought to unify efforts across the nation to strengthen and maintain secure, functioning, and resilient critical infrastructure.
Yet, while these documents highlight the need for safe practices, they don’t necessarily tell ESS providers how to accomplish the established goals. The biggest reason for this is that cybersecurity practices are constantly evolving to address the ever-changing nature of cyberattacks, which have consistently become more sophisticated with each passing year.
Being prepared to respond to increasingly complex cybersecurity threats requires significant time and resources from ESS providers. Response plans typically comprise many different processes, systems, and platforms working in tandem to cover all major security vulnerabilities.
Furthermore, keeping networks and systems secure requires constant vigilance. It’s never enough to implement sound security measures and then assume they will continue to keep your organization protected. Security measures should be assessed periodically to ensure they are up to date and evolving with developing threats.
As you evaluate your cybersecurity protocol, the following tips can help determine if you need to implement any additional strategies to keep your ESS safe and secure.
In modern society, there are few things as important as keeping ESS systems secure and operational. These essential organizations and networks exist to ensure the safety and health of citizens who are vulnerable or in danger. While technology continues to enhance and improve emergency responses, it does come with additional risk, however. Any new vulnerabilities with a technology must be addressed before implementation in order to best protect and uphold public safety.
Thomas McElroy is founder of Level-1 Global Solutions. He was recognized by Crain’s in 2020 as Tech Entrepreneur of the Year.