Normally when a NFPA catalog shows up in my mailbox I toss it aside without much thought, a couple months ago however I happened to flip through it when I came across NFPA 1221: Standard for the Installation, Maintenance, and Use of Emergency Services Communications Systems. So I logged in to the website so I could check it out and see what it entailed. Many of the chapters are not relevant to this discussion, however the entirety of Chapter 13 is devoted to data security. The majority of the requirements are directed towards communications (dispatch) centers however many items are applicable to all agencies.

The chapter starts out mandating the development, implementation, and utilization of a comprehensive security plan. The plan must encompass people, technology, and operations as well as providing a framework for safeguarding vital systems including CAD and IP-based NG9-1-1 systems, as well as wireless networks and devices used by first responders either on public safety or public wireless carrier networks. Most of these items are pretty basic in nature.

The rest of section 13.1 spells out the items that are to be included in the plan:

• Policy statement from the AHJ (authority having jurisdiction) detailing the requirements and goals of the plan
• Assignment of responsibilities for the performance of security functions
• Training and education requirements for employees including a continuing education component
• Control provisions for access to physical premises, radio subscriber units into the radio system, and personnel access to various portions of the networks and computers
• Network security provisions to prevent unauthorized access to the public safety IP network, public safety phone network, land mobile radio network, and any other networks that operate within or under the control of the communications center that are required to receive or process alarms
• Network security provisions to prevent unauthorized use of public safety handheld IP-enabled devices on either a public safety network or a public wireless carrier network
• Computer security provisions to prevent attacks on the center’s computers and servers
• Implement software patch management provisions to ensure all software is periodically updated
• Data disaster recovery procedures to ensure rapid recovery of databases, servers, and similar equipment used in the communications center, public safety wireless network, and for local storage of important information
• Implement logging and auditing provisions to allow investigation of security or operational problems
• Implement a vulnerability management process to assess periodically the ability of the public safety communications systems, including communications centers, wireless networks, and wired IT networks
• Implement environmental and physical security provisions to ensure that it can monitor physical aspects of the public safety communications system at all locations such as physical entry, fire, smoke, power supply performance, base radio performances and other parameters as judged necessary by the AHJ

The remaining two sections cover testing and records of the tests. The plan is to include methods, procedures, and schedules for testing for security breaches or failures, with the frequency to be determined by the AHJ.

References:

National Fire Protection Association. (2015). Standard for the installation, maintenance, and use of emergency services communications systems. (2016 ed.) [PDF] Retrieved from http://www.nfpa.org/

The use of body cameras by police officers has become an increasing topic in the news recently and I came across a link last month on Twitter to an article on if security breaches could result from the use of things like body cameras. While they have not seen as much attention I have seen a few videos from the fire service involving the use of helmet mounted cameras at incidents, and anything that applies to the body cameras could potentially extend to those as well.

In one case cameras were found to be shipped infected with the Conficker worm. Should an agency have systems without antivirus software or software that is outdated, those systems would quickly become infected. When the infection was brought to the attention of the manufacturer, they did not even think there was software in the camera. (Robinson)

Just as in the private sector, technology continues to play an ever increasing role in public safety. Film-based still cameras have long been replaced with digital cameras and video cameras that record to VHS are, if they havent already, been replaced with DVR type systems. If proper security precautions are not taken any of these could become a hole as the storage could contain viruses. Even communications continue to become increasingly digital both in the voice through P25 radios and Next Generation 911 and data through things like instant messaging & vehicle location (AVL).

Robinson, B. “The internet of malware-infected things” GCN https://gcn.com/blogs/cybereye/2015/11/malware-in-body-camera.aspx?s=gcntech_231115

My name is Daniel and I am starting on pursuing a Masters degree in Cybersecurity from Bellevue University. For one of my classes this term I have to do a weekly post on some theme of our choice related to cybersecurity. Given part of my employment history in IT thus far has involved the fire service in some way, I have chosen to blog on items pertaining to cybersecurity and how it affects the fire service and to a lesser extent public safety in general.