Our cybersecurity expert, Gilles Ferland, summarizes the key actions every PSAP should take as they build cybersecurity into business continuity plans.
Your business plan already covers contingencies and processes for just about every man-made or natural disaster that could affect your operations. But, with the move to IP-based Next Generation 9-1-1 (NG9-1-1) systems, new cybersecurity threats are emerging. That means you need to build robust cyberattack mitigation and containment measures into your business continuity plan.
As you update your business continuity plan for cybersecurity, there are three steps you can’t afford to skip.
Understand the Threat and Risk Landscape
Before you can put cybersecurity measures in place, you first need to understand what and where the risks are. Here are three examples to get you started.
The most important thing to realize is that the network is like a doorway to all of your systems. Once hackers gain access to your network, they can potentially access every computer and system that is directly and indirectly connected to it.
Voice over IP (VoIP) phone systems are another key risk area. You may have heard of, or read about, telephony denial-of-service (TDoS) attacks that overload PSAP phone systems with bogus 9-1-1 calls.
An incident earlier this year in Baltimore proved that PSAPs are also targets for ransomware attacks. These attacks block access to computer systems until a ransom is paid to “free” the system. In the Baltimore attack, the city had to revert to manual dispatching for almost 24 hours.
Evaluate Your Cybersecurity Requirements
Consider your cybersecurity requirements from two perspectives: Network requirements and on-premises requirements.
On the network side, ask your provider about the technologies and process they have in place to:
- Prevent unauthorized network access
- Determine the origin of cyberattacks, should they occur
- Rapidly escalate response levels to cyberattacks
- Isolate affected component(s) in the network to contain the spread of cyberattacks
- Upgrade or modify network hardware and software to reduce the likelihood of similar attacks in the future
On the premises side, it’s important to remember you’re not a typical enterprise. Software updates and patches must be carefully scheduled to avoid 9-1-1 service interruptions. Other must-haves for on-premises cybersecurity include:
- Computer and internet usage policies
- Staff training in safe cybersecurity practices
- Authentication mechanisms for system and network access
- Data encryption
Get Help From Experts
Few PSAPs have the specialized in-house expertise and experience needed to build a cybersecurity business continuity plan. And general-knowledge cybersecurity experts don’t know enough about the intricacies of PSAP operations to make the right recommendations.
The key is to find a partner that’s an expert in NG9-1-1 emergency call handling and management as well as cybersecurity. These partners build cybersecurity measures into the NG9-1-1 system so they’ve already considered all of the risks and implemented the optimal mitigation technologies.
Look for a partner with an eye on the future and plans to expand their cyberattack mitigation capabilities. I don’t have a crystal ball. And I can’t see the future. But, one thing is certain: The cybersecurity landscape for PSAPs will continue to evolve.
Download our guide to learn more:
Building Cybersecurity Into Your Business Continuity Plan