August 2018 Newsletter

August 2018

Winbourne Consulting offers a full range of public safety services, including strategic planning, systems integration, specifications development, solution acquisition, and implementation project management and quality assurance.

Our Areas of Expertise encompass all segments of Public Safety, including:

  • PSAP Consolidation
  • NextGen/911 Strategic Planning and Implementation
  • Public Safety Communications and Telephony
  • Public Safety Applications and Systems Requirements and Implementation Support
  • Mission Critical Facilities Design and Fit-Out
  • 311 Call Centers and Implementation
  • PSAP Staffing and Operations Analysis

Our Clients include city, county, state, and federal agencies located throughout the United States and the world, as well as countries in Europe, the Middle East, Asia, the Caribbean, and South America.

 

We are interested in your thoughts on the newsletter topics. To share them with us, please visit our blog or follow us on Twitter.

 

For more information about our services and solutions, visit our website or follow us on LinkedIn.

Cyber Security and Public Safety

 

As PSAPs transition to IP-based Next Generation 9-1-1 networks, cybersecurity becomes an increasingly important topic. Recent estimates put the cost of agencies attempting to recover from cyber-attacks into the tens of millions of dollars in ransom payments, as well as countless hours of recovery and down time. While businesses have long been targets of such attacks, with two billion dollars in ransomware payments in 2017 alone, more and more cyber-attacks are being directed at Public Safety Networks, which very often have less sophisticated defense strategies.

 

How Safe Is Your Agency’s Network?

Cyber-attacks are becoming more and more sophisticated and can increasingly cause disruption of critical public safety operations. To combat this trend public safety agencies need to learn how to identify these threats, and take proactive actions in protecting their networks and systems. Some recent examples of cyber-attacks on public safety networks with serious repercussions include:

  1. The City of Savannah, GA was penetrated by an email phishing scheme and the virus affected the system for over three months. During this time many police records were inaccessible prompting officials to pay a ransom in order to restore the data.
  2. The entire system for the city of Atlanta, GA was attacked. In that attack, sensitive case files containing evidence for prosecuting crimes were wiped out and it's unclear if and when they will ever be recovered.
  3. Schuyler County, NY was attacked from a foreign country by a computer that kept trying various passwords until it accessed their system.
  4. Riverside, OH was attacked multiple times by ransomware, erasing 8 hours of data.
  5. Leon County, FL Sheriff’s office was attacked by an aggressive worm virus causing abnormal computer behavior throughout the network.

 

These and similar cases are on the rise in the US and worldwide as hackers use advanced schemes to penetrate public safety networks. SecuLore Solutions, a cybersecurity company focused on public safety, has documented 268 US-based cases over the past 24 months that have impacted county, local and public safety agencies, and these attacks are growing between 8% and 10% per month.

 

 Steps to Protect Against Cyber-Attacks

The first step is to recognize that there is a potential threat, and that the sophistication and frequency of these threats is increasing. Putting together a plan to mediate an attack would be a close second. A comprehensive cyber-attack defense plan should include the following components:

  • Monitor - including network traffic, end-point interactions, and server configurations, such as domain name service (DNS), network timing (NTP), and file sharing that will enhance detection of phishing, malware, ransomware, and brute-force password cracking.
  • Train - including dispatch, police, fire, EMS, administration, network and hardware support personnel
  • Perform Backups - including daily and real-time snap shots stored on different types of media that are both local and offsite
  • Require Strong Passwords - including requirements to change passwords periodically by each end-user and administrator, and purging passwords of terminated staff as well as unused passwords. Ensure that passwords are complex including special characters, capital letters and are long enough, with length of password being the most important aspect of a secure password
  • Disable Certain Protocols - including those like FTP & Telnet, which send usernames & passwords in text formats anyone can read
  • Implement Network Segmentation - including the use of firewalls and separating public safety networks from administrative and/or user networks
  • Undertake a Software Vulnerability Assessment - including all applications such as CAD, Mobile, Police Records Management and, Fire/EMS Records, etc. The assessment should include an analysis of applications’ susceptibility to cyber-attack
  • Complete Yearly Effectiveness Assessment of The Network Security Plan - including internal and external assessments of all the components using independent resources to identify, discover, assess and prioritize the steps and tasks needed to secure and monitor the network

 

Implementing a Comprehensive Cyber-Attack Defense Plan

Continuous monitoring of the network is one of the most important aspects of cyber-attack prevention and requires a combination of firewalls, monitoring software and vigilance by the network support staff. There are several companies providing firewall and monitoring software that in combination with a solid plan that incorporates proper training, strong passwords and backups provide a strong defense against cyber-attacks.

 

A monitoring solution should monitor all data between the firewall and external data sources, visualize the traffic, log all attacks and provide 24/7 support. The solution also needs to be designed to meet specific public safety criteria that are based upon FCC, DHS & NIST best practices, and it should keep the PSAP/Agency and its personnel informed of cyber security issues through cyber alerts and social media. These alerts should include information about current vulnerabilities, patches, and cyber-attacks including ransomware, hacking, cryptojacking and phishing. The solution should alert the PSAP/Agency of vulnerabilities based on custom sensitivity levels, including daily network checks and weekly security reports. As an added precaution, the agency should have available a cyber-trained security analyst to review network data when necessary.

 

Personnel training on passwords and cyber-security topics that are critical to public safety such as phishing and malware attacks need to be incorporated into the PSAP/Agency educational curriculum on a continuing basis. Data backups need to include a real-time, daily and offsite backup strategy to minimize the impact of a network breach. Establish formal meetings with application, monitoring and network vendors to discuss how these companies along with the PSAP/Agency network support personnel can work together to mitigate cyber-threats.

 

Winbourne Consulting can assist your agency in its effort to protect its networks from cyber-attacks by providing expertise in planning, policies/procedures, vendor selection, project management and implementation to secure PSAP/Agency networks and data.

 

Winbourne Happenings

 

Winbourne Consulting would like to thank all of the many attendees who stopped by our booth to say hello or to inquire about how Winbourne would be able to assist them.

 

The winners for our APCO 2018 daily “Echo Show” Drawing” were:

 

Sheila Blevins

Communications Manager

Marana Arizona, Police Department

 

Martin Kopcho

Zone Sargent

New York State Police

Troop ”C” Zone III Headquarters

 

 

Lisa Madden, Winbourne Vice President, NG911, FirstNet will be attending the NY State 911 Coordinators Association Fall Conference in late September.

 

As part of its International Public Safety Communications Practice, Winbourne Consulting recently met with the Thai Royal Police at their Emergency Communications Center in Bangkok. As part of that visit, Jeff Winbourne also visited the Thai National EMS Call Center and the Bangkok Emergency Medical Services Call Center.

 

Winbourne Consulting is providing infrastructure design support for the City of Manassas’ Public Safety Headquarters Facility through the city’s architect – HOK. The contract is through the architects – HOK.

 

Public Safety News

 

Public Safety Tech Accelerator Debuts

First responders have a new way to push innovation and streamline adoption of new technologies.

 

ResponderXLabs, a collaboration between Amazon Web Services and Responder Corp., aims to give public safety agencies better access to the innovation pipeline and help private-sector firms more effectively deliver those innovations.

 

The program works with first responder agencies to find the latest public safety technologies, supporting agencies with technology needs assessments, access to grant opportunities and help identifying solutions and streamlining adoption.

 

Entrepreneurs have access to best practices, federal funding resources, corporate partnerships, demo opportunities, connections to local public safety agency buyers and feedback from responders. Thirteen companies have signed on so far.

 

ResponderXLabs also identifies solutions so established industry participants can partner with entrepreneurs and public safety agencies to incubate, validate and scale innovation.

 

In 2015, the Department of Homeland Security's Science & Technology Directorate launched a business accelerator program to develop wearable technology for first responders.

 

From the “PULSE”

To visit ResponderXlabs go to: https://www.responderxlabs.com/

 

 

Industry Events

 

ENVISION | Anaheim, California | September 20, 2018

Tampa, Florida | January 15, 2019

Intensive, one-day training focused on cybersecurity and Next Generation 9-1-1. https://www.apcoenvision.org/

 

 

Since 1893, the IACP has been shaping the law enforcement profession. The IACP Annual Conference and Exposition has been the foundation, providing leaders with new strategies, techniques, and resources they need to successfully navigate the evolving policing environment. https://www.theiacpconference.org/

 

 

Emerging Technology Forum | October 31-November 1, 2018 | Pittsburgh, PA.

This two-day event will bring together attendees and industry leaders to discuss technologies that are on the horizon and address the challenges of the ever-changing landscape of public safety communications. Anyone who wants to keep up-to-date on what is happening not just in their PSAP, but around the country and on Capitol Hill. Past attendees include telecommunicators, trainers, PSAP managers, vendors, representatives from the FCC and FirstNet, and other government officials. https://techforum.apcointl.org/

 

Articles of Interest

 

Is a Lack of Institutional Knowledge Plaguing Emergency Management? As boomers Retire, Are They Taking All This Knowledge With Them? Should They?

 

As the emergency management field grows and evolves, it does so in the face of a warming climate, a proliferation of new technologies and a changing of the guard as baby boomers retire and are replaced with younger workers.

 

Read the full story at: http://www.govtech.com/em/preparedness/Is-a-Lack-of-Institutional-Knowledge-Plaguing-Emergency-Management.html

 

 

How Local Governments Can Better Protect Their Data And Applications

Cybersecurity for state and local governments has always been a tricky business. Networks are more decentralized than at federal agencies, and the threat levels are different. The federal government might face bigger threats from nation-state hacking, but when local agencies fail to patch their applications, they are every bit as vulnerable.

 

As local governments store more personal and critical data -- including voter records, driver's license photos and even biometric and internet-of-things data -- their risk of cyberattack increases, particularly from malicious hackers. Just this year, Atlanta was hit with a ransomware attack that crippled the city’s computer network. If a city of that size isn’t equipped to defend itself, how prepared can a small town in Idaho be?

 

For many, cybersecurity does not appear to be a top priority. According to a survey on local government cybersecurity conducted by ICMA, 44 percent of respondents said they were the target of daily cyber attacks. Another stunning stat from this survey: Over 50 percent of citizens either do not support any cybersecurity measures set by local governments or are completely unaware of what they are. When the very people whose data is at risk do not consider digital privacy a pressing concern, it’s unlikely that the government will expend the appropriate time and effort to address the issue.

 

Read the full story at: https://gcn.com/articles/2018/08/08/software-defined-access.aspx?admgarea=TC_STATELOCAL

 

 

Report Finds 9-1-1 Altitude Location Not Ready for Live Environments

Determining the altitude of a 9-1-1 caller is proving difficult with a recent report finding significant questions remain about the performance and scalability of Z-axis technology — which could locate a caller in a high-rise for example — for live 9-1-1 call environments.

 

Only two vendors and two carriers — AT&T and Verizon — participated in a Z-axis technology test to assess vertical location solutions for 9-1-1 calls. The 9-1-1 Location Technologies Test Bed, an independent entity established by CTIA, conducted the Z-axis tests.

 

The test bed was formed after the FCC in 2015 adopted rules requiring wireless service providers to improve 9-1-1 indoor location accuracy.

 

Read the full story at: https://www.rrmediagroup.com/Features/FeaturesDetails/FID/859

 

Newcomers to U.S. 911 Space Cite Advantages Of Cloud Use For PSAPs

Cloud-based approaches to call-handling and computer-aided dispatch (CAD) can provide public-safety answering points (PSAPs) with immediate functionality benefits today and an affordable path to make a smooth transition to an IP-based next-generation 911 infrastructure, leaders of two companies that are relatively new to the U.S. market said during a session at APCO 2018.

 

“I would argue that there are two kinds of PSAPs in the U.S.: Those that are in the cloud, and those that are going to be in the cloud,” RapidDeploy CEO Steve Raucher said during the Sunday session. “It’s not [a question of] ‘if,’ it’s “when.’”

 

“The cloud is the great enabler for next-generation 911. It has the following native benefits: high availability, geo-diverse resilience, best-of-breed cybersecurity, hyper scalability and redundancy, and affordability, with zero upfront capital investment.”

 

To read the full article visit: http://urgentcomm.com/ng-911/newcomers-us-911-space-cite-advantages-cloud-use-psaps

 

Verizon Agrees To Stop Throttling First Responder Data Plans

The phone company, accused of cutting off devices used by firefighters responding to the biggest wildfire in California history, says it will lift data-use limits on public safety customers during disasters.

 

Verizon said Friday it will no longer impose data limits on the mobile phones and other internet-connected devices used by firefighters and other emergency personnel responding to a disaster, just days after the company was revealed to have cut off service to members of a fire department battling the biggest wildfire in California history.

 

"In supporting first responders in the Mendocino fire, we didn’t live up to our own promise of service and performance excellence when our process failed some first responders on the line, battling a massive California wildfire," Mike Maiorana, Verizon's senior vice president for its public sector business, said in a statement posted on the company's website. "For that, we are truly sorry. And we’re making every effort to ensure that it never happens again."

 

To read the full article visit: https://statescoop.com/verizon-says-itll-stop-throttling-first-responders-data-plans-as-california-firefighters-union-endorses-state-net-neutrality-bill