The cybersecurity threat environment develops every year, and so does the race to develop protections against new and unseen threats. Cybersecurity is more crucial than ever in public infrastructure. Our public infrastructure provides essential services to the people, and public safety networks are often targeted by malicious attackers.
Let’s explore the record of public infrastructure attacks, the crucial role of public safety networks, national regulations for cybersecurity standards, and how we can protect our public safety services from attackers.
Expansive Record of Public Infrastructure Attacks
Public infrastructure in the United States has a long history of cybersecurity attacks and network breaches. Malicious hackers have successfully demonstrated a capability for accessing and compromising power grids, air traffic, public hospitals, mobile phone networks, police departments, water infrastructure, oil wells, and public safety networks.
The vast economic and political prominence of the United States makes it a prime target for cybersecurity threats and cyber extortion. This year has seen a rise in attacks that hold public hospital networks for ransom in exchange for online payment. PSAPs or Public Safety Access Points are another targeted point of access for public services.
Crucial Role of Public Safety Networks
It’s no surprise that PSAPs are an essential hub for public services. PSAPs provide access to emergency medical services, law enforcement, and fire departments. This access is often compromised by cybersecurity threats in order to exploit these services for malicious means.
Telephone networks have long been the subject of exploitation, and this history dates back to before the development of personal computers and computer hacking. A well documented threat to PSAPs are Telephone Denial of Service attacks or TDoS. This attack overloads the PSAP with calls and prevents the normal function of the service.
Voice Over IP (VOIP)
With the development of Voice Over IP (VOIP), attackers have created new techniques for exploiting and disabling PSAPs. Malicious individuals can deploy a large number of virtual phones to shut down PSAPs and exploit them with false reports. The same ransomware attack against public hospitals can also be applied to these call centers.
Federal Regulations on Cybersecurity
In response to the growing threat of cybersecurity attacks, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) have developed a set of regulations to keep public infrastructure secured from attackers.
These regulations are the NIST Cybersecurity Framework, a universal standard for cybersecurity practices that’s often mirrored in the private sector and legally mandated in the public sector. According to the NIST, the national and economic security of the United States is dependent upon the reliable function of critical infrastructure.
Next Generation 911
The initiative to develop NG911 or Next Generation 911 services has prompted an analysis and careful implementation of the latest cybersecurity practices towards PSAPs. This means applying the NIST Cybersecurity Framework to PSAPs as a compliment to existing cybersecurity risk management.
The NG911 cybersecurity initiative is being led by the United States Department of Homeland Security (DHS) in order to secure upgraded PSAP technology from new threats. These new NG911 services rely on the National Emergency Number Association (NENA) system, a system based on computer IP networks.
Protecting Public Security With Cybersecurity Services
Many of these aforementioned attackers are overseas and therefore beyond the reach of domestic laws and corporate litigation. However, they’re not beyond the latest in cybersecurity defense practices. As our new public security infrastructure relies on computer networks, there’s a demand to secure these networks from cybersecurity threats.
Threat actors have sophisticated tools for scanning networks and internet connected infrastructure for vulnerabilities. They generally target the networks that have the most outdated and vulnerable cybersecurity practices. Open network ports, widely used login credentials, and unsecured network services are prime targets for attackers. Having a secure network means eliminating your PSAP from the list of potential targets.
Perform Network Assessments
Securing a network from cybersecurity threats means performing careful assessment of the network, carrying out active testing on vulnerable access points, implementing cybersecurity policies for network users, and training network users in the latest cybersecurity practices.
Additional Essential Services
Other essential services for critical infrastructure cybersecurity include keeping devices updated, scanning for malicious software, and securing development operations (DevOps) for public software developers. Keeping networks ready to respond to cybersecurity incidents, exploring potential threats with penetration testing, and protecting wireless network access are all crucial to securing public infrastructure.
Efficiently Implementing These Services With EE Computing
End-to-End Computing provides a comprehensive suite of services that covers all these bases and more. EE Computing can ensure that your PSAP meets federal cybersecurity regulations, develops policy and training for employees, and goes above and beyond for network security.
The EE Computing team offers the latest in cybersecurity certification, education, and professional experience. EE Computing has extensive experience in government contracts and operates as a Managed Security Service Provider (MSSP). These MSSP services can provide reliable and cost effective solutions for public security.