During discussions on embedded systems for a different class, I started thinking about the new radio systems going in for a lot of jurisdictions. Since most, if not all of these systems use IP for their networking I wondered how security is handled. In the case of P25 the requirements include the use of FIPS-approved encryption for the over-the-air programming messages for those systems using that option. The trunking control channel will also have security provided through encryption as an option. I’m still sorting through the standard for details on other aspects. As to other digital radio formats, its hard to say what is used since most of those are proprietary.

This last week saw the release of the RFP for the National Public Safety Broadband Network (NPSBN) by the First Responder Network Authority (FirstNet). One whole section of the RFP package was dedicated to cybersecurity.

The RFP laid out a number of concepts that are to be considered critical to the design of the security solution:

• Public Safety Needs
• Dedicated Cybersecurity Program
• Federal Requirements (i.e. FISMA)
• Architecture
• Life-Cycle Process
• Guidance (i.e. Standards Organizations, Industry)
• Systems Engineering
• Risk Management
• Incident Response and Security Operations Center
• Continuous Monitoring and Mitigation Methodology
• Testing and Certification Plan
• Network Management and Configuration Management Policy
• Environmental and Physical Security
• Information Security and Data Sensitivity

Given the nature of the network’s primary user base (public safety), security is an important requirement. The network will be carrying sensitive information subject to a variety of laws including HIPAA. The RFP document does seem to cover requirements to cover most every aspect of the network.

Resources:

First Responder Network Authority. “Solicitation No. D15PS00295 – Section J, Attachment J-10
Cybersecurity” Retrieved from: https://www.fbo.gov/utils/view?id=7d9982dba8e87f697802f846f08601b8

Oops.. with everything going on I forgot to write a post last week.