Cyber Serious

[Originally published in the September/October 2024 PSC magazine.]

Threats to public safety systems are growing; now is the time to secure them.

By Jay Kaine

Global public safety communication systems have increasingly become cyberattack targets and the threat is growing. According to research from the Public Safety Threat Alliance (PSTA), a Cybersecurity and Infrastructure Security Agency (CISA)-recognized Information Sharing and Analysis Organization (ISAO), cyberattacks targeting worldwide public safety organizations occurred, on average, at least once per day in 2023 and actually succeeded in shutting down a public agency once every two days. That’s a 64% increase over 2022.1 These cyberattacks can adversely affect citizens who may be cut off from immediate emergency assistance or first responders who may be left without the proper information, communications and support they need to do their jobs and stay safe.

Today’s public safety networks are complex, interconnected systems of hardware, software and services. These intricate “systems of systems” include emergency communications centers (ECCs), 9-1-1 computer-aided dispatch (CAD) systems and communications systems. While these connected systems have brought far greater efficiency, speed and accuracy to emergency response, they have also made public safety agencies an increasingly attractive target for cyber criminals.

Threat actors clearly understand that emergency response can’t wait and that ECCs, CAD and related mission-critical systems are essential for public safety. Without these systems, it’s difficult to perform many modern emergency response tasks such as prioritizing and recording incoming calls, sending first responders where they’re needed most, and understanding the location and well-being of emergency personnel.

ESCALATING THREATS, ESCALATING COSTS

A ransomware attack on a local government typically lasts an average of 7.3 days according to The Economic Impact of Cyber Attacks on Municipalities report.2 The financial implications can be severe, too. IBM research3 shows that the global average cost of a data breach in 2023 was $4.45 million, a 15% increase since 2020.

When Atlanta’s municipal government was hit by ransomware in 2018, the costs for the city to recover were estimated to have reached as much as $17 million. In 2019, New Orleans paid over $7 million for damages caused by a ransomware attack and Baltimore paid an estimated $18 million when ransomware struck the city.4

Last spring, threat actors gained access to a western U.S. county’s systems through a phishing campaign, deploying ransomware across 9-1-1, emergency management, jail operations, the district attorney’s office and other services. The county lost records going back to the 1800s, including criminal justice information (CJI), evidence records, public safety telecommunicator notes and response plans. The attack shut down their CAD system preventing access to all unit records within their system and forcing 9-1-1 dispatch to be transferred to neighboring municipalities. In addition to experiencing significant operational fallout, the municipality spent more than $3 million on remediation efforts.

In the immediate aftermath of a breach, hard costs typically include data recovery and system restoration, hiring cybersecurity experts, investing in new hardware or software, conducting forensic analyses to identify the extent of the breach, notifying affected individuals, providing credit monitoring services and paying legal fees related to compliance with data protection regulations.

From there, costs can continue to escalate.

Even if a county or municipality carries cyber insurance, filing claims and navigating the insurance process can be costly, and a claim is likely to increase premiums going forward. Plus, when a cyberattack damages the reputation of a government entity, building back trust with citizens, businesses and other stakeholders may require spending on public relations or advertising campaigns. Cyberattacks on public safety systems may also trigger legal and regulatory requirements, such as reporting obligations or investigations by regulatory bodies. Noncompliance with these requirements can result in fines, penalties or legal liabilities.

THE POWER OF COLLABORATION

The more preparation agencies undertake before falling victim to a cyberattack, the better chance they have to quickly detect and respond to a breach, minimize the impact on citizens and public safety personnel, and keep associated financial costs down.

To do that, agencies must prioritize cyber resilience for public safety networks, ensuring that emergency responders can stay connected and provide lifesaving assistance when called upon. That means investing in cybersecurity risk assessments and planning, monitoring critical networks and data 24/7, and managing detection and response processes. The good news is that financial, operational and intelligence support is available through CISA’s State and Local Cybersecurity Grant Program (SLCGP) specifically for state, local and territorial (SLT) governments across the country. The program is making $1 billion available for fiscal years 2022 through 2025, with $300 million earmarked for 2024. Agencies can also look into whether any of the $350 billion in American Rescue Plan Act (ARPA) funds that went to state and local governments are still available (e.g., de-obligated funds from a canceled project). But don’t delay, as this funding must be obligated (i.e., contract executed) by the end of this year and spent (i.e., funds drawn down) by the end of 2026.

In addition to funding, one of the best resources for public safety agencies looking to prioritize cyber resilience is the PSTA, which serves as a single entity entirely focused on the collection, analysis, production and sharing of actionable public safety-focused cyber threat intelligence. The PSTA is a collaboration and information hub that helps to improve the cybersecurity posture, defense and resilience of its 1,200-plus members. Members including police, fire, EMS and other public safety agencies benefit at no charge, regardless of what hardware, software or systems they use.

What does this mean for your agency? It means access to an advanced suite of no-cost, end-to-end intelligence and operational tools. Members receive 24/7 access to the online PSTA threat intelligence platform with realtime alerts and the capability to chat live with threat analysts and other members. They also receive adversary tactical and technical playbooks, comprehensive threat reports, dark web intel and monitoring, strategic and tactical threat analyses, analyst-to-analyst exchanges, and automated threat intelligence feeds.

The PSTA is a compelling resource that helps public safety organizations stay ahead of cybersecurity trends.

FEDERAL PERSPECTIVE, LOCAL ACTION

In April, the Department of Homeland Security (DHS) issued a warning about emergency services being an increasingly attractive focus for malicious hackers who clearly understand that these systems are essential for public safety and, therefore, ripe for ransom.5 The federal bulletin highlighted emergency response communications, operations and investigation vulnerabilities and pointed to legacy technologies and a lack of trained cyber professionals in the public safety realm as further reasons for communities to be concerned.

Organizations like the PSTA, CISA, ISAO and DHS have taken strides to educate and empower public safety agencies about cyber security risks. What is your department doing to invest in cybersecurity personnel and resources? Is someone on your team collaborating with industry peers to learn and safeguard your systems? Is your agency doing all it can to defend against the growing vulnerabilities documented by these different authorities?

The best, most secure pathway forward for public safety authorities begins with proactive planning and a culture that prioritizes cybersecurity diligence. How far along is your department on this journey?

Jay Kaine is Director, Threat Intelligence at Motorola Solutions and the Public Safety Threat Alliance.

REFERENCES

1 The Public Safety Threat Alliance. “Increased risks illustrate the need for shared threat intelligence.” www.motorolasolutions.com/content/dam/msi/ docs/cybersecurity/resource-center/cybersecurityinfographic.pdf

2 KnowBe4. “The Economic Impact of Cyber Attacks on Municipalities.” www.knowbe4.com/ hubfs/Economic-Impact-of-Cyber-Attacks-on- Municipalities.pdf

3 IBM. “Cost of a Data Breach Report 2023.” www.ibm. com/reports/data-breach

4 Op. Cit. KnowBe4.

5 Margolin, Johs and Pezenik, Sasha. “Emergency services a likely target for cyberattacks, warns DHS.” ABC News. April 17, 2024. https://abcnews.go.com/US/ emergency-services-target-cyberattacks-warns-dhs/ story?id=109348647<!doctype html>