In today’s world of increasing dependency on computer networks and connected devices, the question of being hit with a lateral cyber-attack is not a matter of “if” but “when”. Cyber hackers work overtime to find any possible open doors or cracks where they can slide in, exploit critical systems, exfiltrate or lock up sensitive data, and extort their victims for ransom. Many Public Safety Answering Points (PSAPs) and Emergency Communication Centers (ECCs) have an inadequate cyber infrastructure, which make them highly vulnerable. Most public safety personnel are not cyber trained increasing risk for a crisis to occur.
The costs associated with ransomware demands are increasing year after year. According to Cybersecurity Ventures, ransomware damage costs will rise to $20 billion by 2021. Based on year over year growth Cybersecurity Ventures estimates global cybercrime costs to reach $10.5 trillion by 2025. CSO Online reported that 94% of all malware is delivered via emails and $17,700 is lost every minute due to phishing attacks. Despite the facts and figures related to cybercrime, it’s hard to put a price tag on public safety. The 24/7/365 first line of defense, to the communities that rely on it, is invaluable. It’s important to note that 421 incidents affected public safety agencies and their connected local governments in 50 states plus Washington, D.C. over the last 24 months.
The following is a list of questions all Emergency Communication Centers (EECs) should take into consideration when determining their cyber health status.
- Do we have a clear understanding of our cyber posture?
- Do we have a resilient infrastructure?
- What are our policies and preventative practices?
- When is the last time our systems were assessed, if at all?
- Is our staff properly trained in cyber awareness?
- What is our contingency plan if we suffer a cyber-attack?
- What resources does our IT team need to help protect our agency?
The building and implementation of an incident response plan can be daunting, fortunately there are plenty of resources to help shape your agency’s cyber protocol.
First and foremost, know what devices are connected to your network and how to disconnect them if infection is suspected. Knowing this can help you isolate your systems and prevent the spread of lateral attacks during an incident.
Second, follow the policy guidelines set forth by SANS for general, network security, server security, and application security.
Third, training is the key prescription for cyber safety. Train your staff to be “cyber aware.” Your people are your first line of defense against cyber attacks. With this in mind, SecuLore has created Cyber Hygiene Training specifically for this purpose.
Fourth, contingency planning is critical. In case you need to take your operations offline your teams should be trained in manual operations. Partner with nearby ECCs for support. Be sure to conduct regular tested backups implementing the 3-2-1 rule and keep hard copies of critical documents.
Fifth, have a patching regimen in place. Upgrade outdated technology, have multiple firewalls in place and make sure that you have end-point security in place. Be sure to conduct annual vulnerability assessments. SecuLore’s™ CyberBenchmark is a cybersecurity risk assessment that is built specifically for public safety incorporating FCC, APCO, DHS, and NIST best practices.
Sixth, look at implementing preventative architecture techniques. Use network segmentation. Limit privileges, not everyone needs access to everything, only provide lowest level privileges. Use different passwords, at least one per network segment, preferably per device.
More often than not PSAP IT departments do not have the resources or the training they need to protect public safety. We have all heard the phrase, “An ounce of prevention is worth a pound of cure.” A staggering 77% of business leaders do not have a cyber incident plan in place. It’s imperative that IT staff have monitoring capabilities, firewalls for each critical network, understand traffic flows, and most importantly, have a response plan in place.
To learn more about cybersecurity and incident preparedness click to watch the webinar below.