Securing CAD in 9-1-1 Centers

 ~Cyber Attacks and Computer Aided Dispatch (CAD)~

800px-petyaa

9-1-1 Centers (PSAPs) serve two main Public Safety functions:

  • INBOUND– Answering a 9-1-1 call or text from the public
  • OUTBOUND– Dispatching first responders (fire, EMS, law enforcement)

In most centers, these systems exist on two separate networks. The inbound network is typically installed and maintained by the vendor or channel partner who provides the Call/Text product (TriTech, Motorola, West, Solacom, AT&T, etc..).  The outbound (Computer Aided Dispatch) CAD system, in many cases, resides on a network managed by the local municipality or county government.

We currently have a PSAP in South Florida that has been without CAD for three weeks. A ransomware attack via the city email system made its way through the municipal network, into the 9-1-1 center and locked down a number of law enforcement systems, including CAD. For the past weeks, communication with first responders is a manual, paper and pen process.  The attack was not directed @ the 9-1-1 Center, but the collateral damage is a major hit to operations.

ALSO: Currently, in a Mid-Atlantic state, there is a PSAP whose CAD system has been down for weeks as the result of a cyber attack.

I have spoken to numerous centers across the country who have experienced similar CAD outages. Most of these were not as well publicized as major cities like Baltimore.

Can’t Patch Me

There are still government entities out there running Really old stuff.. and in some cases REALLY REALLY OLD STUFF (e.g.  MS SQL 2003-  Microsoft only supports back to SQL 2008). We should not run applications that are considered critical infrastructure (9-1-1 CAD) on the same network as these systems…

9-1-1 Center  Managers and Directors may have no clue regarding this connectivity or how to patch and protect these outbound networks.

We need to rethink how we deploy mission-critical CAD in 9-1-1 Centers.

Today in the 9-1-1 community there is a lot of excitement around new vendors and product offerings, including enhanced location accuracy and cloud-based applications.  In my opinion, Cyber awareness needs to be included.

 

 

 

 

 

 

 

FirstNet and NextGen 9-1-1

There is discussion in the 9-1-1 community regarding FirstNet and how it might relate to Next Generation 9-1-1. Here in Florida, we recently received a formal briefing on FirstNet.

As a reminder- in the world of the First Responder, the current Land Mobile Radio (LMR) system for voice will remain.  The initial FirstNet deployments will be data only.

SO…

table

Disclaimer- The following are my personal thoughts.

FirstNet may become much more than a wireless network. They have the ability to become THE leader in specialized public safety applications, applications that could be used by First Responders nationwide, regardless of whether their state has chosen to ‘opt-in’ or ‘opt-out’.

Core

There is also the potential that they could host existing software applications, maybe providing a value add by obtaining a larger volume licensing agreement from the vendor, an incentive to utilize the FirstNet Core.

In ‘NextGen’ 9-1-1, voice is an application. By this I mean that it utilizes SIP (session initiation protocol), which operates at Layer 7, the application layer of the OSI model. Translation- voice is an application.

FirstNet could offer VOICE services for the 9-1-1 community.  Simply add a hosted voice server to the graphic above. This could be of tremendous value,  especially to those states (mostly home rule) who are still putting together their NextGen 9-1-1 strategy.  FirstNet needs a core backbone network, why not provide voice services? Voice uses very little bandwidth.

The other aspect is that this lays the foundation for a real Public Safety Broadband Network. We do not need to pay for and operate TWO networks- it certainly does not happen in the business world.

Connecting from the core network to the 9-1-1 center (PSAP), it would make sense to have two types of connections, one land based and one wireless. Diversity..

And the critical aspect of security– we expect to utilize pictures and videos on the FirstNet wireless network. What better way to control the pictures and videos planned to be coming inbound to 9-1-1? Have them ‘land’ in the FirstNet core, when they can be dealt with and controlled prior to potentially being pushed out to First Responders.

Intrado (now West) pioneered the concept of hosted 9-1-1 services and the use of LTE wireless as a backup for 9-1-1 Centers (PSAPs). It’s all possible.

Instead of congress funding a separate NextGen 9-1-1 initiative, maybe there could be incremental funding to FirstNet to include the NextGen 9-1-1 services.

 

ESInet as a Service (EaaS)

There is a desire by numerous groups and agencies (NENA, APCO, FCC, DHS, DOT to name a few) that, as a nation, we transition as  quickly as possible to NextGen 9-1-1 technologies.

FCC

Recently, my team and I spent the day here in Palm Beach County with Alan Benway, Executive Director of Product Management for AT&T ESInet and Mike Nelson, VP and Sr Technical Officer for West Safety Services (formerly Intrado).  West pioneered the Field of Dreams concept for ESInets- “build it and they will come.”

Press Release

After receiving an in-depth technical dive into the offering,  I believe that the West/ AT&T  ESInet as a Service (EaaS) offering, rather than a RFP based- build a dedicated system model- will gain tremendous momentum. It simplifies an extremely complex aspect of  moving to NG9-1-1. West has other Partners reselling their current two node offering (e.g. Motorola and CenturyLink), but AT&T is investing millions in buildout, adding nodes and aggregation points across the US.

I believe that this partnership will inspire others to provide a similar EaaS product offering. Now, if we can encourage State level funding, we can get some serious traction.

Simply plug in..