Mitigating ESS Cybersecurity Challenges

Reliable, safe, and efficient communication solutions are always at the core of any emergency services ecosystem — and with so many city-wide organizations, public officials and residential entities passing emergency-sensitive details across these information infrastructures, it’s no surprise that users with nefarious intent can sometimes access sensitive and secure data and threaten the emergency services sector (ESS) process.

As innovative technologies become increasingly incorporated into all aspects of ESS service delivery, hackers have found many opportunities to exploit new vulnerabilities. Communication technologies — including 5G, AI, and IoT-enabled devices — can improve ESS response times and help responders coordinate their efforts. Before implementation, however, vulnerabilities with these technologies must be addressed in order to maintain the integrity of ESS services.

Currently, the biggest cybersecurity threats to ESS services include the following.

• Distributed denial of service attacks (DDoS).
• Advanced persistent threats (APTs).
• Phishing, malware, and ransomware.
• Increased connectivity and disruptive technology.

While the mechanism of action behind each of these types of attacks varies, they all result in a compromised ability to deliver vital emergency services. Cyberattacks can cripple critical infrastructure, result in the loss of personally identifiable information (PII) or secure medical information, and even block communication channels.

The loss of any functionality or data can be devastating, putting already vulnerable citizens at risk. Without an immediate emergency response, those in medical peril can worsen in condition or even die while waiting. Also, fires may not be brought under control or extinguished as quickly as possible, thereby causing additional damage and possibly contributing to the loss of life. The list of disaster scenarios potentially resulting from the interruption or loss of emergency services is endless — and often tragic.

ESS disruption or loss has caused so much upheaval and disaster that Executive Order 13636: Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD) 21: Critical Infrastructure Security and Resilience were issued in 2013. The executive order helped create a critical national infrastructure composed of a voluntary set of standards, methodologies, procedures, and processes to address cyberthreats. PPD 21 sought to unify efforts across the nation to strengthen and maintain secure, functioning, and resilient critical infrastructure.

Yet, while these documents highlight the need for safe practices, they don’t necessarily tell ESS providers how to accomplish the established goals. The biggest reason for this is that cybersecurity practices are constantly evolving to address the ever-changing nature of cyberattacks, which have consistently become more sophisticated with each passing year.

Being prepared to respond to increasingly complex cybersecurity threats requires significant time and resources from ESS providers. Response plans typically comprise many different processes, systems, and platforms working in tandem to cover all major security vulnerabilities.

Furthermore, keeping networks and systems secure requires constant vigilance. It’s never enough to implement sound security measures and then assume they will continue to keep your organization protected. Security measures should be assessed periodically to ensure they are up to date and evolving with developing threats.

As you evaluate your cybersecurity protocol, the following tips can help determine if you need to implement any additional strategies to keep your ESS safe and secure.

1. Know what resources are available. As maintaining the integrity of ESS networks across the country is imperative for the health and safety of U.S. citizens, numerous resources are available to keep ESS employees informed and assist with the implementation of cybersecurity protocols and measures. The Cybersecurity and Infrastructure Security Agency (CISA) publishes a free list of resources that protect and enable the mission of the ESS as it relates to managing cybersecurity. While ESS organizations should not rely on CISA to provide the entire scope of their cybersecurity measures, these resources offer a reliable starting point.
2. Conduct a cyber risk assessment. Just as in private organizations, the best way to understand an ESS network’s vulnerabilities is to conduct a comprehensive risk assessment to identify what areas, infrastructure, platforms, and solutions are most vulnerable to an attack. Ongoing periodic risk assessments are crucial in order to continually evaluate cyber assets in light of new and emerging threats.
3. Prepare a backup plan. Emergency responders are taught to be prepared. They often bring backups for essential tools, for example, so if a primary piece of equipment fails, there is still a Plan B. This process can be useful for some network elements, too, such as selecting network connectivity options that include a solution supporting dual modems, for instance, as well as failover provision (a system’s capacity to fail to a secondary provider, which will ensure continued service). Public safety networks, such as Verizon Frontline and AT&T’s FirstNet, are also options that provide priority access for emergency communications systems.
4. Train employees effectively. In every industry, one of the biggest threats to a network’s integrity is employee vulnerabilities. Employees who do not properly store and protect devices are a tremendous risk for potential loss of data and the allowance of unauthorized access. Regular refresher training on network security can help employees understand how essential it is to follow proper protocol. In addition, incorporating strategies that help employees learn to spot suspicious communication can also be useful in preventing certain types of attacks.

In modern society, there are few things as important as keeping ESS systems secure and operational. These essential organizations and networks exist to ensure the safety and health of citizens who are vulnerable or in danger. While technology continues to enhance and improve emergency responses, it does come with additional risk, however. Any new vulnerabilities with a technology must be addressed before implementation in order to best protect and uphold public safety.

Thomas McElroy  

Thomas McElroy is founder of Level-1 Global Solutions. He was recognized by Crain’s in 2020 as Tech Entrepreneur of the Year.