APCO

Ransom Attacks

OrElse

 

There are three broad categories of hackers:

  1. Destructive (crash a website, destroy data)

  2. Social Justice (Edward Snowden, WikiLeaks)

  3. Those that want to make a Profit 

One of the popular tactics used by those in category 3  is to hack into a company database (such as Target) and steal credit card information. The hacker can then take these to a “Cyber Pawn Shop” where the list would be published for sale on the ‘Deep Web’

yjYbypU

These ‘Cyber Pawn Shops’ sites will sell credit cards in bulk, the price is normally reduced as they ‘age’ in time. Bottom line- it is better to to steal LOTS of credit card info, which is why a hack such as Target was possibly a large financial score.

Now we are seeing a dramatic increase in Ransom Attacks. The hacker goes into the computer system, takes control and encrypts operational data, demanding payment for a password.

On one level this approach makes better business sense:

  1. Eliminate the middleman (Cyber Pawn Shops)

  2. Hackers set their own price

In some of the recent attacks, systems were simply shut down. Earlier this year a hospital had its medical records encrypted- basically shutting down the hospital (Hollywood Presbyterian Medical Center) until a ransom was paid. Hospitals, schools and cities are estimated to have paid hundreds of millions of dollars to date (source- CHRIS FRANCESCANI- NBC News).

Hackers are also targeting Police Departments nationwide.

A quote from the August 19, 2016 Wall Street Journal article by Robert McMillan:

“According to the U.S. Department of Justice, ransomware attacks have quadrupled this year from a year ago, averaging 4,000 a day. Typical ransomware payments range from $500 to $1,000, according to cyberrisk data firm Cyence Inc., but some hackers have demanded as much as $30,000.” Link

One aspect of this that is of great concern- in many cases these organizations have an IT department and security policy. They have purchased the typical ‘products’ such as firewalls, etc. So how can this be happening?

Today it is estimated that over 90% of the Ransom Hacks enter through a ‘phishing’ email, which an employee ‘clicks on’.

SO- based on the above, we can see two issues:

  1. The phishing email made it through the system

  2. Employees may not be properly trained regarding email security

If you’ve already transitioned to an IP based NG9-1-1 system you are safe- for the moment- as email is not directly connected.

But how about future hacking techniques or 9-1-1 text messages with hyperlinks? 

APCO Project 43, NENA and the FCC Task Force on Optimal PSAP Architecture (TFOPA) are all discussing the issue of security as we transition to IP. We should stay plugged into their ongoing recommendations…

 

 

 

Testing 1,2,3…

Recently, the Federal Government released a committee report. This report included the recommendation that the Standard Occupational Classification (SOC), NOT be modified to change the classification of Public Safety Telecommunicator from “Office and Administrative Support” to critical public safety professional. This was in direct opposition to the recommendations from APCO, NENA and the Congressional NextGen 9-1-1  Caucus.

OPM

The hope was that the committee would agree to reclassify Telecommunicator as a “Protective Service Occupation”. This is the same category as firefighters, police officers (and life guards)

Brian Fontes, CEO of NENA – “The men and women of 9-1-1 do so much more than just answer the phone. They guide callers through life-saving procedures, provide advice on how to handle dangerous situations, and provide critical backup to field responders, all while under great stress and pressure.”

APCO President Brent Lee- ” I am extremely disappointed that the Policy Committee failed to address the inaccurate classification of Public Safety Telecommunicators in the SOC.”

It would appear that the Office of Management and Budget does not ‘hear’ the compelling story of the service  Call Takers and Dispatchers provide.

As I understand it, NENA and APCO will be meeting with both OMB and Congress in an effort to resolve this before the SOC classification is finalized in 2017.

One thought- The Washington, D.C. “Unified Command” PSAP is only a 16 minute drive from the Office of Personnel Management. I had the pleasure of meeting  Karima Holmes , the Director, last week. I am sure that she would be more that willing to give the OPM Committee Members a tour.

Would somebody please set this up?? (Directions provided above..)

Google Can Now Provide Wireless 9-1-1 Location Information with its Android Operating System.

Google

First-  It is important to remember that there can be three distinct issues involving wireless 9-1-1 calls :  

  1. Call Routing  (Having the 9-1-1 call routed to the correct PSAP)

  2. Enhanced Location Information (Phase II) Challenge

  3. Indoor Location Information Challenge

With this recent Google announcement, we are only dealing with items number 2 and 3 above. The Google announcement does not address item 1- Call Routing.

Also, Googles’ mobile operating system, Android, commands approximately 80% of the market globally and almost 60% of the market in the United States.

And now:

Andriod111
Google has announced an Android feature that can  provide accurate location information for wireless 9-1-1  callers.  It is currently available in the UK and Estonia.

Google Europe Blog Post

Per Akshay Kannan, Google Product Manager “this uses the same location technologies available on your phone, including Wi-Fi, GPS, and cell towers, to produce a more reliable emergency location both indoors and outdoors.”

There is no app to install. Instead, Google will work with each wireless provider to allow the location information that Android calculates to be utilized by 9-1-1. An individual calling 9-1-1 would not need to have any knowledge of the technology or do anything special (e.g. search for their 9-1-1 app), they simply dial 9-1-1.

Google is reportedly in discussion with U.S. wireless providers.

So, without any technical details, Google has “put it out there” that they can assist the 9-1-1 community and the general population. Exactly how this technology works, or how the wireless carriers will utilize it, is not yet clear. We can guess, however, that this may be a major breakthrough that could immediately assist Calltakers by better identifying the location of the 9-1-1 caller.

We are all aware that last year the Federal Communications Commission (FCC) adopted new rules around 9-1-1 location accuracy. APCO Website on the the FCC Location Rules. Will the wireless carriers utilize this technology to quickly provide more accurate location data for 9-1-1 callers? Or possibly use it to augment other plans?

I am hopeful that more information will be provided in the near term.

Also, I hope our friends at Apple have a similar offering in the works. I turned down an offer to work on Tim Cook’s team back in 2004- I’m not sure he will take my call…

 
<

APCO Broadband Summit

img_0449

This week I participated in my first ‘Broadband Summit”.  I gave a presentation on the network management tools (SNMP, Wireshark, Dashboard) that we have implemented within our NextGen 911  ESInet in Palm Beach County.

FirstNet was, of course,  a major topic. A number of their executive team members were present. During the two day summit, there was occasional discussion regarding the potential synergy between FirstNet and NG9-1-1.

During my presentation, I put up the following slide to depict the PSAP’s  relationship to both FirstNet and NG9-1-1.

APCO Broadband Summit Slide

FirstNet (on the right) will directly connect to the PSAP, mainly for dispatch  purposes. The other role the PSAP plays, call taking (inbound on the left), I left blank. This is simply to depict that there is no nationally funded broadband program to ensure we can implement NextGen 911 across the country. It is possible that FirstNet might be rolled out in a region with no corresponding NG9-1-1 system.  Pictures, video, etc. ‘from the scene’ would not be available prior to first responder arrival.

Another topic of interest was FirstNet Apps,  applications that will run on the new broadband  first responder handsets:

firstnet app

The app depicted above could provide visual, real time info on data such as field intelligence, nearest officers, local maps, photos of a person of interest, etc. This is, of course, what we expect as we provide a hardened, ‘smart device’ to Public Safety teams.

And finally- FCC Commissioner  Jessica Rosenworcel addressed the group. Her comments include the following:

“..take jurisdiction. Federal authority over 911 is limited and with 6000 public safety answering points nationwide, we have a system that is vast—and vastly different in different parts of the country. There are 375 call centers in Mississippi but only 12 in Nevada. Yet both states have populations of just under 3 million. In other words, we have very different ways of managing emergency calling in different parts of the country. It makes a uniform effort hard.”

A positive event. Lots of information on ‘what’s coming’ and a number of dedicated individuals pushing to ensure we ‘get there.’