By: Lawrence F. Zorio III, CISO at Mark43
In today’s quickly changing technology landscape, public safety agencies are more at risk of cybersecurity attacks than ever before. There have been more than 1,000 cyberattacks on public safety and government offices in the last two years from ransomware, malware and DDoS attacks and a recent survey of law enforcement professionals found that 84% experienced a cybersecurity issue at their agency in the last year alone. While larger public safety agencies often have cybersecurity systems in place, many small and midsize agencies don’t have the resources to implement security measures themselves or haven’t taken steps to work with third parties that can do so.
A cyberattack on a public safety agency’s operation is devastating and can hinder its ability to serve and protect its community. When ransomware attacks happen and systems go down, agencies must switch to pen and paper for emergency dispatch and report writing. This can have devastating effects on the deployment of ambulances, police and fire calls for service. Law enforcement must be accessible in real time and any barrier to that is an attack on the entire community it serves. Another risk is access to private data. Public safety agencies have a large volume of private information about individuals — including name, birth date, social security number and arrest details — which, if compromised, can be extremely damaging for the department and community members. Finally, a breach harms public trust in an agency, its officers and the future handling of data.
Fortunately, public safety agencies can fortify themselves in a number of ways. Proactive measures include building a long-term cybersecurity strategy inclusive of premier encryption, antivirus and anti-malware software and comprehensive data backup systems. Increasingly as important, shaping and fostering a strong culture of cybersecurity awareness, agencies can substantially increase their defenses and reduce their risk.
As a first step, agencies should adopt a cybersecurity framework to guide their actions. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a widely accepted set of guidelines to shield against cyber threats. The framework includes initiatives such as: identifying assets and risks; protecting via technical and physical security measures; detecting threats and breaches; creating plans for responding to incidents; and preparing recovery plans in the event of a breach. The benefit of this framework for public safety agencies is that it maps to existing Criminal Justice Information Services (CJIS) requirements and can help identify gaps and build both a short and long-term cybersecurity strategy. Then over time, agencies can start to fill in gaps in their plan. These areas could include authentication and access management, malware and antivirus applications and cybersecurity training for staff. At a tactical level, agencies can also leverage cloud native technologies and respective vendors, to help manage and own a number of these routine tasks, such as automatic backups, vulnerability testing, penetration testing and so on.
Once a framework is established, it’s important to protect critical infrastructure and sensitive data. One fundamental action that agencies can take is to use strong encryption protocols for all devices and endpoints such as laptops, desktops, mobile phones and patrol car systems—which can be turned on relatively easily. In addition, both stored data on devices and servers, also known as encryption “at rest”, along with data moving across networks and the internet, or encryption “in transit”, should be encrypted. All vendors that agencies use should have encryption and can help ensure encryption across an agency.
It’s not a question of if, but when a cybersecurity incident or downtime will occur so it’s important to have a thoughtful backup strategy. This is often overlooked because it’s not seen as exciting or urgent but being prepared can make a significant difference. Therefore, agencies should have strong data backup plans which include frequent, automated backups. This ensures that in the event of an incident, agencies can restore quickly, and downtime and data loss can be limited. Manual backups can be very labor intensive, so agencies should consider cloud-native technology providers, since they include automated backup and recovery tools in their systems.
Just as agencies often conduct public safety emergency drills, they should also implement regular “tabletop exercises” to practice data restoration in preparation for cybersecurity emergencies. This proactive approach ensures that your team can restore systems swiftly and systematically across various scenarios, identify which systems should be prioritized, and determine the appropriate contacts for each scenario.
Technology alone cannot solve the threats facing public safety agencies today. Social engineering or other AI-based targeted attacks are also a serious concern. To address this, agencies should not only equip all personal or work devices with malware and antivirus protections but should prioritize security training throughout their organizations. Building strong awareness through training—beyond CJIS-required training—is critical. This includes live or virtual presentations or webinars, ideally in the form of hands-on training for the best results. Topics include email and text message phishing attacks, as well as recognized signs of AI-driven attacks—common and dangerous methods of cyber intrusion. Additionally, make training personally relevant to the real lives of personnel. When training connects with an individual’s personal situation, it resonates more deeply and becomes memorable.
The consequences of prolonged downtime due to cybersecurity attacks can extend for weeks, leading to significant economic impacts. This disruption can affect not just public safety operations but also critical systems such as payroll, budgeting tools, staff scheduling, dispatch and overtime management. Investing in cybersecurity protection not only prevents potential multimillion-dollar losses but also safeguards the reputation and public trust of a public safety agency.
Cybersecurity incidents are not just an IT issue, they’re a threat to public safety. Public safety agencies should handle cybersecurity as they would manage other life-saving investments. By taking proactive steps, agencies can ensure that their systems, data and operations run smoothly, and they can focus on their critical mission of keeping their communities safe.
Original Story: https://www.thefastmode.com/expert-opinion/41323-how-to-strengthen-cybersecurity-in-public-safety-and-prevent-downtime
