Networked attacks require a networked defense. That’s the principle behind the Public Safety Threat Alliance (PSTA), a cyberthreat intelligence collaboration and information hub established by Motorola Solutions to help police, fire, rescue and 911 call centers mitigate and respond to cyberthreats while maintaining the availability of emergency communications systems.
The PSTA, a Cybersecurity and Infrastructure Security Agency (CISA)-recognized Information Sharing and Analysis Organization (ISAO), reflects a story that’s becoming increasingly familiar: cyberattackers targeting public safety computer systems. The PSTA serves as a neighborhood watch – helping agencies protect 911 operations, radio networks and computer-aided dispatch (CAD) systems.
Public safety organizations of varying sizes may find themselves under attack. PSTA data through the third quarter of 2024 shows there has been a 38% increase in cyberattacks that shut down public safety mission-critical systems compared to all of 2023. According to PSTA research, current attack techniques have involved ransomware and extortion, as well as “hacktivism” linked to geopolitical events.
Here are some examples of the cyberattacks that have affected public safety agencies this year:
● Denial of service: 911 calls across a wide swath of Texas had to be rerouted when robocalls of unknown origin flooded a local phone network, disrupting emergency calls for five hours and forcing officials to redirect calls to another 911 center.
● Ransomware extortion: Extortionists using the DragonForce exploit hit a California dispatch center, demanding a ransom for 911 and CAD systems to be restored.
● CAD system compromised: Attackers disrupted a Pennsylvania county’s CAD system and authorities had to temporarily cut off access to the National Crime Information Center (NCIC) database and other vital resources while restoring it.
“With cyberthreats increasing in scope, scale and complexity, the PSTA can help dramatically increase the efficacy of insights so that agencies can monitor, detect and respond to potential threats before they result in the downtime of essential public safety services,” said Jay Kaine, director of threat intelligence at Motorola Solutions and director of the Public Safety Threat Alliance.
Motorola Solutions introduced the PSTA in 2022 to help public safety agencies and municipalities improve their cybersecurity posture, defense and resiliency, all at no charge, regardless of what hardware, software or systems they use. It is the public safety industry’s only dedicated cyber information-sharing resource.
“The establishment of the PSTA fills a critical void, creating a single entity entirely focused on the collection, analysis, production and sharing of actionable public safety-focused cyberthreat information and intelligence,” said Billy Bob Brown Jr., executive assistant director for emergency communications with CISA, in a news release. “Now, the public safety community is better equipped to focus their cyberthreat intelligence and defense efforts on specific adversaries and their malicious cyberattacks.”
PSTA HELPS AGENCIES RECOGNIZE AND DEFEND AGAINST EMERGING THREATS
Traditionally, public safety communication networks operated as domains unto themselves with little or no internet connectivity. While these networks could be vulnerable to sabotage or eavesdropping, they rarely provided access to the valuable data threat actors seek. However, as more applications have been introduced into public safety operations and more departments are using broadband-connected devices, the threat landscape has expanded.
While there is an upside to having connected applications and devices that improve public safety operational efficiencies, there is also a downside. Every connection is a potential entry point for cyberattackers. Cybercriminals may choose to sit and wait patiently before infiltrating a network to capture valuable data, or they may shut down an agency’s technology systems in an attempt to extort money.
As new entry points emerge and attack methods continue to evolve, Motorola Solutions has joined forces with public and private-sector organizations so that police, fire, EMS and 911 call centers can adopt more proactive and reactive cybersecurity practices. The PSTA has more than 1,400 member organizations around the world today. Members can take advantage of dark web monitoring that checks for signs an agency’s credentials are being shared on cybercrime websites or threat intelligence reports that help agencies stay abreast of bad actors’ latest tactics.
EMPOWERING PUBLIC SAFETY AGENCIES TO TAKE INFORMED ACTION
The PSTA’s associate members receive a biweekly bulletin called “CyberBytes,” while full members enter into an information-sharing agreement that helps the entire PSTA network stay abreast of new and evolving cyberattacks. This peer-to-peer perspective is of great value to members – and, ultimately, the public.
PSTA membership also helps public-sector agencies align with CISA’s cybersecurity performance goals, which break out into six categories:
Goal | Outcome for public safety agencies |
1. Govern | Establishing, communicating and monitoring risk management strategies, expectations and policies |
2. Identify | Understanding the full scope of cybersecurity risks |
3. Protect | Acquiring safeguards to manage security risks |
4. Detect | Finding and analyzing breaches, compromises and other attacks |
5. Respond | Acting to counter an attack after it’s been detected |
6. Recover | Getting hardware and software back online and preventing further attacks |
MANAGING CYBERRISK AND REDUCING THE IMPACT OF ATTACKS
The PSTA urges its members to take the following steps to help protect public safety systems:
● Strengthen business continuity. Because cyberattackers often target connected backup systems, public safety agencies need offline backups that malware cannot compromise. These systems must be thoroughly tested to ensure they can restore operations effectively in a crisis.
● Make patching a priority. Attackers often exploit unpatched systems in internet-facing networks. Keeping systems patched and less prone to remote code execution can help reduce risk.
● Use multifactor authentication. Requiring multiple means of authentication reduces the likelihood of intrusions by people using stolen or faked credentials.
● Monitor around the clock. Maintain constant network surveillance for signs of anomalous activity. Monitor links to municipal networks that can allow attackers to breach public safety systems.
● Plan your response. Tabletop exercises can help stakeholders ensure they know their proper role in an attack.
● Come together as a community. Join organizations like the PSTA to gain strength in numbers as well as access to timely information.
“What we’ve really done is create a threat intelligence organization that is a compelling resource for the global public safety community,” said Kaine. “The PSTA’s goal is to help member organizations defend against the growing number of vulnerabilities to their critical emergency response infrastructure. We support small rural agencies all the way up to large municipalities, domestically and abroad, by capturing and sharing intelligence that helps reduce the possibility of cyberbreaches.”
To find out more about the PSTA, visit motorolasolutions.com/psta.
