FCC

Campus Safety- What Part Does a PSAP Play?

fau

Boca Raton is a beautiful city of approx. 91,000 located in southern Palm Beach County. Florida Atlantic University (FAU) sits on 850 acres within the city limits-  a mere 2 miles from the ocean. About 31,000 students attend this campus.

The university has its own sworn officers, giving it legal jurisdiction over the campus. 9-1-1 calls originating from the campus, however, are routed to the Boca Raton Police Department PSAP.

Here is an example scenario- a student on the FAU campus calls 9-1-1 for assistance. The call is answered by Boca Raton PD.  Medical and fire calls were (and still are) handled by Boca PD, while all others (law enforcement) were transferred to the FAU Campus Police. The call was answered on a traditional desktop phone.

There was no call back number displayed and no map to provide the callers location.

In 2015, FAU submitted a formal request to my department to become a Secondary PSAP. Their rationale was student safety.

fauboca

It was not uncommon for a campus 9-1-1 caller to NOT know their exact location (I’m in the parking lot!!!). After a few visits to the campus and meetings with both the Boca Raton PD and Campus Police, it was decided to move forward with the request. The State of Florida gave the project final approval and we recently went ‘live’ with the new PSAP.

FAU Campus Telecommunicators can now see the 9-1-1  callers location and their phone number.

west

Palm Beach Post Article

The University plans to integrate building floor plans into the 9-1-1 system- which could be of great benefit. One of the positive aspects of working with the University is that they own the buildings, so we do not need additional permissions, etc. (such as with, for example a regular business).

And so, while there is continued discussion across the country regarding primary PSAP consolidation, we need to also concern ourselves with safety.

There is no simple answer.

 

 

 

Ransom Attacks

OrElse

 

There are three broad categories of hackers:

  1. Destructive (crash a website, destroy data)

  2. Social Justice (Edward Snowden, WikiLeaks)

  3. Those that want to make a Profit 

One of the popular tactics used by those in category 3  is to hack into a company database (such as Target) and steal credit card information. The hacker can then take these to a “Cyber Pawn Shop” where the list would be published for sale on the ‘Deep Web’

yjYbypU

These ‘Cyber Pawn Shops’ sites will sell credit cards in bulk, the price is normally reduced as they ‘age’ in time. Bottom line- it is better to to steal LOTS of credit card info, which is why a hack such as Target was possibly a large financial score.

Now we are seeing a dramatic increase in Ransom Attacks. The hacker goes into the computer system, takes control and encrypts operational data, demanding payment for a password.

On one level this approach makes better business sense:

  1. Eliminate the middleman (Cyber Pawn Shops)

  2. Hackers set their own price

In some of the recent attacks, systems were simply shut down. Earlier this year a hospital had its medical records encrypted- basically shutting down the hospital (Hollywood Presbyterian Medical Center) until a ransom was paid. Hospitals, schools and cities are estimated to have paid hundreds of millions of dollars to date (source- CHRIS FRANCESCANI- NBC News).

Hackers are also targeting Police Departments nationwide.

A quote from the August 19, 2016 Wall Street Journal article by Robert McMillan:

“According to the U.S. Department of Justice, ransomware attacks have quadrupled this year from a year ago, averaging 4,000 a day. Typical ransomware payments range from $500 to $1,000, according to cyberrisk data firm Cyence Inc., but some hackers have demanded as much as $30,000.” Link

One aspect of this that is of great concern- in many cases these organizations have an IT department and security policy. They have purchased the typical ‘products’ such as firewalls, etc. So how can this be happening?

Today it is estimated that over 90% of the Ransom Hacks enter through a ‘phishing’ email, which an employee ‘clicks on’.

SO- based on the above, we can see two issues:

  1. The phishing email made it through the system

  2. Employees may not be properly trained regarding email security

If you’ve already transitioned to an IP based NG9-1-1 system you are safe- for the moment- as email is not directly connected.

But how about future hacking techniques or 9-1-1 text messages with hyperlinks? 

APCO Project 43, NENA and the FCC Task Force on Optimal PSAP Architecture (TFOPA) are all discussing the issue of security as we transition to IP. We should stay plugged into their ongoing recommendations…

 

 

 

Google Can Now Provide Wireless 9-1-1 Location Information with its Android Operating System.

Google

First-  It is important to remember that there can be three distinct issues involving wireless 9-1-1 calls :  

  1. Call Routing  (Having the 9-1-1 call routed to the correct PSAP)

  2. Enhanced Location Information (Phase II) Challenge

  3. Indoor Location Information Challenge

With this recent Google announcement, we are only dealing with items number 2 and 3 above. The Google announcement does not address item 1- Call Routing.

Also, Googles’ mobile operating system, Android, commands approximately 80% of the market globally and almost 60% of the market in the United States.

And now:

Andriod111
Google has announced an Android feature that can  provide accurate location information for wireless 9-1-1  callers.  It is currently available in the UK and Estonia.

Google Europe Blog Post

Per Akshay Kannan, Google Product Manager “this uses the same location technologies available on your phone, including Wi-Fi, GPS, and cell towers, to produce a more reliable emergency location both indoors and outdoors.”

There is no app to install. Instead, Google will work with each wireless provider to allow the location information that Android calculates to be utilized by 9-1-1. An individual calling 9-1-1 would not need to have any knowledge of the technology or do anything special (e.g. search for their 9-1-1 app), they simply dial 9-1-1.

Google is reportedly in discussion with U.S. wireless providers.

So, without any technical details, Google has “put it out there” that they can assist the 9-1-1 community and the general population. Exactly how this technology works, or how the wireless carriers will utilize it, is not yet clear. We can guess, however, that this may be a major breakthrough that could immediately assist Calltakers by better identifying the location of the 9-1-1 caller.

We are all aware that last year the Federal Communications Commission (FCC) adopted new rules around 9-1-1 location accuracy. APCO Website on the the FCC Location Rules. Will the wireless carriers utilize this technology to quickly provide more accurate location data for 9-1-1 callers? Or possibly use it to augment other plans?

I am hopeful that more information will be provided in the near term.

Also, I hope our friends at Apple have a similar offering in the works. I turned down an offer to work on Tim Cook’s team back in 2004- I’m not sure he will take my call…

 
<

FCC Chairman Testifies on NG9-1-1

HECC

Today there was a meeting regarding the Federal Communication Commission’s (FCC) oversight responsibilities, conducted by the U.S. House of Representatives Energy and Commerce Committee.

I am encouraged by the recommendation regarding funding for NG9-1-1.

Below is the testimony of FCC Chairman Wheeler:

Text of Wheeler Testimony on NG9-1-1

During my tenure as FCC Chairman, and in my prior testimony before this Subcommittee, I have been very vocal about the urgent need to improve our 911 system. The recent tragedies in Orlando, San Bernardino, and too many other cities highlight the importance of 911 in times of crisis. 

The Commission has taken action to improve the quality and accuracy of 911, and there is good news to report. We see industry is stepping up to many of the challenges, improving 911 location accuracy, supporting text-to-911, and generally investing to improve network reliability and resiliency. 

But effective 911 service depends on our nation’s 911 call centers. These Public Safety Answering Points, or PSAPs, must have technology to receive and process calls quickly, accurately locate callers, and dispatch an appropriate response. The unfortunate fact is that 911, designed originally for analog voice, doesn’t scale effortlessly to the advanced digital, wireless, and multi-media technology landscape. In too many communities, the PSAPs are relying on dangerously out of date technology, and the transition to Next Generation 911 (NG911) – envisioned by Congress in 1999 when it established 911 as the national emergency number – has not started or is stalled. Resource-strapped local jurisdictions struggle to maintain existing 911 service, let alone to achieve Congress’s NG911 vision. 

Industry and many states, counties, and cities are working hard to address transition risk and achieve NG911 capabilities. Nearly 20 percent of counties now support text-to-911. Many jurisdictions are building out their Emergency Services IP Networks – the basic backbone for NG911 in their communities.

But these islands of progress are the exception, not the rule. Unless we find a way to help the nation’s PSAPs overcome the funding, planning, and operational challenges they face as commercial communications networks evolve, NG911 will remain beyond reach for much of the nation. Let me be clear on this point: 911 service quality will not stay where it is today, it will degrade if we don’t invest in NG911. 

Congress has the unique ability to accelerate the transition to NG911. A clear national call to action, with timely application of resources, would actually lower NG911 transition costs by shortening the transition period and enabling 911 authorities to retire costly legacy facilities more quickly. Here are three ways that Congress could help:

  • National 911 Map: PSAPs are increasingly dependent on electronic maps for 911 routing and location, but the maps that they rely on should not end at the county or state line. Congress could authorize and fund the FCC (in collaboration with DOT) to create a national 911 map that would be available to every PSAP and would eliminate the seams between commercial communications network infrastructure and emergency response dispatch systems. 

  • Cybersecurity Defenses for PSAPs: PSAPs face the same cyber vulnerabilities that have proven so challenging to both government and commercial organizations, but most lack trained workforce and the necessary tools for cyber defense. Congress could bring PSAP IP Networks under the protective umbrella of DHS’s “Einstein” program by funding the deployment of intrusion detection sensors for NG911 networks.

  • National NG911 Implementation Date with Matching Funds: Currently, there is no national timetable or target date for completing the transition to NG911. Congress could establish a nationwide NG911 implementation date (e.g., to complete the transition by the end of 2020) and authorize matching funds to help state and local communities achieve this goal. Congress can further jump start this effort by ensuring that federally run PSAPs and Emergency Operations Centers make achievement of NG911 capability a funding priority.

This Committee has commendably made public safety a priority, and I urge you to do everything in your power to make sure our nation’s 911 system evolves safely as it adjusts to achieve your NG911 vision and that PSAPs have the tools and support they need to avoid undue risk in the transition. 

SECURITY – sometimes difficult to define

Security

I received a letter from the U.S. Office of Personnel Management in Washington, D.C. recently. The OPM experienced a major security HACK, which they publicly admitted (thank you).  This breach of data  included, as I learned in the letter, details that were voluntarily provided and additional information from background investigations for thousands of security clearances, including mine (past life).

Anyone who has been involved in this aspect of working with the Federal Government knows that the higher the level of clearance, the more information required. This then needs to be verified (either through formal, feet on the street background investigations or the ever popular polygraph ).

polygraph

The bottom line – In my case – I am being provided credit monitoring, identity monitoring, identity theft insurance and identity restoration services, at no charge, for three years. I appreciate the Federal Governments action.

If you think about this breach, it has tremendous negative potential. In addition to the basics- name, social security number, place of birth, etc- they also have details on an individuals immediate family, business relationships, foreign travel, etc and admissions (again depending on the level of clearance) or revelations of intimate details of your personal life. So- this information could be used to identify and attempt to coerce or blackmail (reveal potentially damaging/embarrassing  information) someone in an influential role (industry or government). A pretty serious situation.

Hackers had the ability to penetrate secure, classified  government networks. We have to assume that there were policies/procedures in place and contractors tasked with securing these systems.

Until recently, 9-1-1 Centers (PSAPs), with their traditional analog phone line connectivity, have not been concerned with the type of ‘hacking’ or security issues normally associated with IP (internet protocol) networks. As we all know, this is changing.

Most of us have heard the terms firewall or encryption. In reality, we are going to require the expertise of our vendors and consultants to make sure that our information and system functionality is safe as we move to these IP based networks. There have been critical scenarios described, such as having an ‘event’ in a major city and the 9-1-1 system being totally disabled as part of the attack.

The challenge is, who really understands all of the aspects of security? Not unlike taking your car to be serviced. The mechanic basically has you at a disadvantage. You need to make a decision – should you trust him? We should not move into IP networks with this approach.  The individual, consultant or vendor we might ‘trust’ may candidly not really have an in depth knowledge of this very complex subject.

Make sure that your security advisor is aware of the following efforts:

National Institute of Standards and Technology:

Cybersecurity Framework

CSRC

NICE

Federal Communications Commission (FCC)

CSRIC

 

John Oliver Highlights Location Issues

hans

By now, you may have seen the 9-1-1 segment from the HBO show “Last Week Tonight”.  If you have not seen the clip, here is the link- but please be aware that this is HBO and there is no censoring as far as language…    Last Week Tonight- 911

We normally only see 9-1-1 in the news when there is a specific problem with 9-1-1 technology (locating a 911 caller, 911 system failure, etc.).  John Oliver looked at 9-1-1 location issues on a national level  (calling out a few states in the process) and, in doing so, reached a much larger audience. The day after this segment aired, telco carriers and 9-1-1 staff nationwide were busy responding to inquiries from the media, as well as their own internal executive teams, in an attempt to clarify the issues.

Mark Fletcher explained the current situation in a recent NetworkWorld article

Network World- 911 Location Issues

Given the current environment surrounding location, one can understand why app developers are creating alternatives to ‘simply dialing 9-1-1’ by creating innovative (well..sometimes) Smartphone apps.

The U.S. is the world leader in technology. Maybe a trip to Silicon Valley is in order?

 

 

 

 

 

 

 

APCO Broadband Summit

img_0449

This week I participated in my first ‘Broadband Summit”.  I gave a presentation on the network management tools (SNMP, Wireshark, Dashboard) that we have implemented within our NextGen 911  ESInet in Palm Beach County.

FirstNet was, of course,  a major topic. A number of their executive team members were present. During the two day summit, there was occasional discussion regarding the potential synergy between FirstNet and NG9-1-1.

During my presentation, I put up the following slide to depict the PSAP’s  relationship to both FirstNet and NG9-1-1.

APCO Broadband Summit Slide

FirstNet (on the right) will directly connect to the PSAP, mainly for dispatch  purposes. The other role the PSAP plays, call taking (inbound on the left), I left blank. This is simply to depict that there is no nationally funded broadband program to ensure we can implement NextGen 911 across the country. It is possible that FirstNet might be rolled out in a region with no corresponding NG9-1-1 system.  Pictures, video, etc. ‘from the scene’ would not be available prior to first responder arrival.

Another topic of interest was FirstNet Apps,  applications that will run on the new broadband  first responder handsets:

firstnet app

The app depicted above could provide visual, real time info on data such as field intelligence, nearest officers, local maps, photos of a person of interest, etc. This is, of course, what we expect as we provide a hardened, ‘smart device’ to Public Safety teams.

And finally- FCC Commissioner  Jessica Rosenworcel addressed the group. Her comments include the following:

“..take jurisdiction. Federal authority over 911 is limited and with 6000 public safety answering points nationwide, we have a system that is vast—and vastly different in different parts of the country. There are 375 call centers in Mississippi but only 12 in Nevada. Yet both states have populations of just under 3 million. In other words, we have very different ways of managing emergency calling in different parts of the country. It makes a uniform effort hard.”

A positive event. Lots of information on ‘what’s coming’ and a number of dedicated individuals pushing to ensure we ‘get there.’

 

When Your “backup” fails..

netmon_rev1

Last month a close associate of mine experienced two outages at one of his PSAP’s. The first event lasted over three hours, the second 15 minutes. All 9-1-1 calls were rerouted.

The PSAP in question is served by two circuits. Supposedly physically diverse. During the conversion to IP in 2011, each circuit was physically routed into the PSAP facility in a manner to ensure diversity.

This latest outage revealed that, in the providers central office, both circuits connected to the same equipment rack, same shelf and same card. Back in 2013 he had a similar scenario, only then the outage took down six PSAP’s. All circuits, primary and backup, terminated onto a single card. This sounds impossible, but I have read the official ‘Outage Report’.

An important fact- they spent tens of thousands of dollars throughout their county in ‘outside plant’ construction costs, with their service provider, to make sure there was physical diversity into the PSAP.

He also educated me on a fact he recently learned- In 2013 the Federal Communications Commission (FCC) issued the Derecho Report. This was in response to major storms and 9-1-1 outages in the midwest. The report listed a number of findings regarding 9-1-1 providers. Here is a quote from that document: “In most cases, the 9-1-1 and other problems could and would have been avoided if providers had followed industry best practices and available guidance.”

Derecho Report and Recommendations

This report resulted in the FCC issuing an Order:

FCC Order to Improve Reliability       Note -Appendix B- Part 12 Final Rules

The bottom line- as a customer you can request an audit, to include the physical path of  your 9-1-1 circuits. Here in Palm Beach County we now have an audit in progress.

Remember- it does not matter how big your circuits are  or how many you have (2, 3). When it comes to the last mile, the connection from the PSAP to the service provider, it is a PHYSICAL world.

A great way to address this issue is to contract with two providers. But only if they do not share the same telco facilities.

We are transitioning to a new world in 9-1-1. Like it or not, we occasionally will need to become more actively involved in order to understand how services are provided.