Cyber Trends

By Balakrishnan Dasarathy

The state of Maryland, along with many other states, is in the process of evolving its current largely telephony based 9-1-1 emergency handling systems to the Next Generation 9-1-1 (NG9-1-1) systems, as described in the final report by the Commission to Advance NextGen 9-1-1 Across Maryland. Although the benefits to a digital emergency handling system are vast, the migration to a more open IP-based system also raises a number of security threats that must be addressed to ensure success.

Current 9-1-1 services typically operate over standard telephone networks and, as such, mainly support requests through a voice call. The NG9-1-1 systems will all operate on a nation-wide digital network using the Internet Protocol (IP) technology, enabling interconnection with a wide range of public and private networks supporting emergency assistance from regular phone networks, wireless networks and the Internet.

One of the main benefits of the migration to NG9-1-1 systems is that they will allow Public Safety Answering Point (PSAPs) staff to accept and process a range of information from the public and responders, including text, images, video and voice. Moreover, non-humans such as collision detection systems in automobiles and home health monitoring IoT devices will be able to initiate requests not in the too distant future.

Overall, NG9-1-1 will be able to enable more situational awareness for dispatchers and responders. Because of the connectedness of the Internet, PSAPs can be consolidated and backups for a PSAP can be dynamically called upon nationally (not just regionally) to handle large-scale emergency situations, as encountered during the attacks of September 11, 2001. PSAP IT resources such as logging and recording and location look up services can be shared. In short, emergency handling will be far more resilient and economical with NG9-1-1 than they are today.

Although cyber attacks such as Telephony Denial of Service (TDoS) and Radio Frequency (RF) jamming attacks have compromised current 9-1-1 systems, the migration to NG9-1-1 systems invites a host of additional threats. As NG9-1-1 networks and systems are more open and connected than today’s closed telephony-based 9-1-1 systems, their attack surfaces are much larger.

NG9-1-1 systems can be subject to several types cybersecurity attacks that would hamper their availability, and affect confidentiality and integrity of data critical to the handling of emergencies. These new threats include:

• Telephone Denial of Service Attacks (TDOS): Calls jam a PSAP administrator line or 9-1-1 lines. This type of attack already happened in October 2016 via compromised cell phones.
• Ransomware. Use of malware to prevent access to computer systems for the purpose of extorting a ransom. The City of Baltimore emergency 9-1-1 system dispatch and recording servers were subject to this attack in March 2018.
• Malware attacks. More generally, a malware in the form of a worm spreading from systems in one PSAP to its neighboring ones compromising the ability to respond in a state or a region of the country.
• Swatting. Swatting is essentially tricking an emergency dispatcher with false or misleading information; for example, through the manipulation of fields such as Caller ID and location information in IP packets in an emergency request to indicate the call is originating from a location at which a serious emergency is taking place, thus directing scarce law enforcement (and medical responders) to that location. This could be just a revenge, or the manipulator could be committing a serious crime somewhere else. This happened in 2017 in California and resulted in an innocent person shot by the police.

With well-known technical and policy controls in place in the IT and network infrastructure and in various emergency handling applications, as well as the support of a well-trained staff, these types attacks can be largely prevented and the damage contained.

The Department of Homeland Security (through its Office on Emergency Communications), the Federal Communications Commission (through its task force on Optimal PSAP Architecture), the National Emergency Number Association (NENA), and the Association of Public-Safety Communications Officials (APCO) are all involved in the rollout of NG9-1-1 and have produced guidelines to address cybersecurity issues among other directives (e.g., specification of functional components and their interfaces for procurement purposes, IP network based architecture, deployment alternatives, budget and cost sharing among various government entities).

A simplified IP network-based “three-tier” architecture is shown below. The key aspect of the architecture is the Emergency Services IP Networks (ESInets), to carry all types of traffic with intelligence to route to appropriate PSAPs and support functions such as location information and subscriber information services.

Source: Office of Emergency Communication: Cyber Risks to Next Generation 9-1-1, Nov. 2018

What’s Happening in Maryland?

In Maryland, a statewide task force known as the ENSB (Emergency Number System) Cybersecurity was formed during the summer of 2019 to address the cybersecurity issues related to NG9-1-1. The task force consists of public safety managers and IT professionals from various counties and vendors in the space. Emergency handling in Maryland is largely provided at the county level. I am representing University of Maryland Global Campus to provide cybersecurity expertise. The current focus areas of this committee are to:

• Develop minimum standards and requirements to address cybersecurity concerns for products serving PSAPs and ESINet components, and
• Cybersecurity best practices for PSAPs and IT organizations supporting the underlying infrastructure and applications

Standards and recommendations from several organizations and related industries are currently under review so as adopt them to hit the ground running, including:

• NENA (National Emergency Number Association) Security for Next-Generation 9-1-1 standard
• Next Generation 9-1-1 Security (NG-SEC) Audit Checklist
• FCC Task Force on Optimal PSAP Architecture: Final Report
• NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (and its compliance)
• NENA Detailed Functional and Interface Standards for the NENA i3 Solution (for various vendor products)

Next Steps

We expect to issue standards and an auditing process to verify how well the standards are followed by the end of 2019, so that the various PSAP entities in the state can complete their gap analysis. Beginning on January 1, 2020, the ENSB will begin approving projects for improving their cybersecurity posture.

About the Author

Balakrishnan Dasarathy, Ph.D. is collegiate professor and program chair for Information Assurance at University of Maryland Global Campus.

Source: Office of Emergency Communication: Cyber Risks to Next Generation 9-1-1, Nov. 2018

What’s Happening in Maryland?

In Maryland, a statewide task force known as the ENSB (Emergency Number System) Cybersecurity was formed during the summer of 2019 to address the cybersecurity issues related to NG9-1-1. The task force consists of public safety managers and IT professionals from various counties and vendors in the space. Emergency handling in Maryland is largely provided at the county level. I am representing University of Maryland Global Campus to provide cybersecurity expertise. The current focus areas of this committee are to:

• Develop minimum standards and requirements to address cybersecurity concerns for products serving PSAPs and ESINet components, and
• Cybersecurity best practices for PSAPs and IT organizations supporting the underlying infrastructure and applications

• NENA (National Emergency Number Association) Security for Next-Generation 9-1-1 standard
• Next Generation 9-1-1 Security (NG-SEC) Audit Checklist
• FCC Task Force on Optimal PSAP Architecture: Final Report
• NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (and its compliance)
• NENA Detailed Functional and Interface Standards for the NENA i3 Solution (for various vendor products)

We expect to issue standards and an auditing process to verify how well the standards are followed by the end of 2019, so that the various PSAP entities in the state can complete their gap analysis. Beginning on January 1, 2020, the ENSB will begin approving projects for improving their cybersecurity posture.

About the Author

Balakrishnan Dasarathy, Ph.D. is collegiate professor and program chair for Information Assurance at University of Maryland Global Campus.