Category: Technology

800 MHz Expansion Band Considerations

Expansion Band Relocation Considerations

Many licensees operate with spectrum in what is referred to as the Expansion Band (the range of frequencies 815-816/860-861 MHz). The FCC has indicated in the 800 Rebanding Report and Order that such licensees must “elect” to indicate whether or not they wish to retain their channels or select to move to frequencies lower in the band between 809-815/854-860 MHz. The FCC Rule establishes an assumption that PS users will move UNLESS they formally opt to remain on their existing channels.

The intent of the Expansion Band and the associated Guard band is to help separate public safety and other non-cellular type operations from the ESMR operations operating in the upper bands.

Considerations

For Remaining in the Band:

  • No history of interference from ESMRs
  • Area of operation is not likely to see development of future ESMR expansion
  • The FCC has implemented new enhanced interference protection criteria
  • Avoids disruption of rebanding
  • The new Guard band provides a separation buffer not existing in the current (pre-banding) configuration

For Electing to Move:

  • Ongoing history of interference
  • High potential for future expansion of ESMR systems in the area of operation
  • Freeze of area of operation. You may be unable to expand your area of operation if you are located on certain channels that were converted to EMSR operation in the Rebanding Rulemaking process.

Another important consideration

Rebanding will potentially lead to excess channels available to public safety exclusively for three years following the completion of rebanding in any given region. Agencies electing to move from the Expansion Band to the lower band will reduce the potential number of available extra channels in their area. Once the incumbent Public Safety user moves off a channel in the Expansion Band, then that channel is re-designated for SMR use only. Thus, the “channel” is lost as a PS resource in that area. For that reason, agencies may want to consider the advantages/disadvantages of moving off of the channel. If an agency believes that they will experience a chance of interference as a result of remaining on the channel, then they certainly should consider moving. If, on the other hand, there is a low probability of interference, then they may want to keep that frequency as a means of maximizing the total spectrum available for Public Safety use in the area.

Those licensees operating in the southeast portion of the United States should consult the FCC’s Second Erratum to the 800 MHz R&O for additional information and slight changes to the band in certain designated areas.

Rebanding Channel Graphic Band Configuration Graphic

Twelve previously B/ILT channels converted to PS

311…………………………………………… 856.0125
312…………………………………………… .0375
313…………………………………………… .0625
314…………………………………………… .0875
351…………………………………………… 857.0125
352…………………………………………… .0375
353…………………………………………… .0625
354…………………………………………… .0875
391…………………………………………… 858.0125
392…………………………………………… .0375
393…………………………………………… .0625
394…………………………………………… .0875

Twelve previously PS channels converted to B/ILT

479…………………………………………… 860.2125
480…………………………………………… .2375
481…………………………………………… .2625
488…………………………………………… .4375
489…………………………………………… .4625
490…………………………………………… .4875
499…………………………………………… .7125
500…………………………………………… .7375
501…………………………………………… .7625
508…………………………………………… .9375
509…………………………………………… .9625
510…………………………………………… .9875

Global Increase in Malicious Cyber Activity Related to COVID-1

Reports indicate that there has been a global increase in malicious cyber activity related to COVID-19. Bad actors are preying on fear and attempting to profit from it. Among these attacks were targeted email phishing attempts against US-based medical providers. These attempts leveraged email subject lines and content related to COVID-19 to distribute malicious attachments, which exploited Microsoft Word Document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables.

The FBI is providing indicators of compromise related to these phishing attempts to assist network defenders in protecting their environments. Additionally, the FBI is providing the attached list of hashes related to additional COVID-19 phishing. APCO is passing this information along to ensure that our members have the latest tools available to defend against this threat. Please share this information with your IT departments, vendors, and service providers as you see fit.

example button

Federal Report Estimates Extent of Interoperability Challenges for 9-1-1

This won’t come as news to anyone working in public safety communications, but 9-1-1 faces significant interoperability challenges.  While ECCs are generally able to transfer basic voice 9-1-1 calls to neighboring ECCs, they often cannot share other types of communications and data important for emergency response.

What might be surprising is that ECCs face these interoperability challenges even in areas that are making progress deploying Next Generation 9-1-1 technologies.  Perhaps that is why there has been increased attention to solving interoperability for 9-1-1 in recent years.  As consumers, we take for granted that two people can communicate with all kinds of data, regardless of where they live, which companies provide the connectivity, the types of phones they’re using, or even whether one person is on a phone while the other is using a tablet.  You would think that modernizing 9-1-1 technology would result in similar benefits, but that’s not proving to be the case.  Now, a federal report helps to quantify the extent of interoperability problems in 9-1-1.

At APCO’s suggestion, the Federal Communications Commission directed the Communications Security, Reliability, and Interoperability Council (CSRIC) VII to survey the current state of interoperability for the nation’s 9-1-1 systems.  CSRIC’s mission is to provide recommendations to the Commission on a variety of topics.  On March 17, CSRIC adopted a “Report on the Current State of Interoperability in the Nation’s 911 Systems.”  You can download the report on the CSRIC webpage.

The report describes the degree to which ECCs are able to share voice 9-1-1 calls, location data, SMS text-to-911, CAD data, and other types of data with other ECCs and (where appropriate) with emergency response providers.  It relied on publicly available data, as well as responses to surveys distributed by APCO and the National Association of State 9-1-1 Administrators.  APCO’s Chief Technology Officer served on the working group that developed the report.

This graphic from the report tells the story.  Red and orange are bad – they represent zero or limited interoperability between ECCs for each type of communication/data.  Green and blue are good – they represent interoperability statewide and interstate.  There’s a lot more red and orange here than blue and green.  In fact, unless you’re talking about the ability to transfer voice calls, ECCs are more likely than not to have an interoperability problem.  That shouldn’t be the case.

ECCs should be able to receive location information with every transferred 9-1-1 call.  They should be able to transfer texts to 9-1-1, CAD data, and other useful data relevant to an incident.  The red and orange in this graphic represent obstacles to emergency response for public safety telecommunicators, police officers, EMTs, and firefighters.  An already difficult job becomes harder.

What’s standing in the way of interoperability for 9-1-1?  Proprietary technology.  No doubt that the public safety communications community has benefited from some technology providers, including a number of newcomers, who are truly driven to introduce new innovations and make a difference.  But we need to accept the reality that interoperability is a problem and work toward a solution.

One of APCO’s strategies has been to provide a Sample RFP Template for NG9-1-1 Capabilities to assist 9-1-1 directors and authorities with their procurement activities, whether for a statewide or local effort.  The RFP Template covers all aspects of a complete NG9-1-1 deployment, regardless of the stage any state or locality is in concerning the transition to NG9-1-1.  It offers recommendations, guidance, and specific operational requirements toward achieving several goals:

  • Achieving interoperability among NG9-1-1 systems regardless of technology or jurisdiction;
  • Promoting competitive and innovative solutions;
  • Enabling the most cost-effective and operationally efficient solutions; and
  • Ensuring these solutions include more than just an upgrade from analog based voice-only systems to true IP-based, multimedia capable systems and architectures.

Another strategy has been to advocate for federal funding to support the transition to NG9-1-1 nationwide, with requirements on funding recipients to achieve and maintain interoperability.  This approach aligns with legislation that was introduced last year in the House and Senate that would create a $12 billion grant program for NG9-1-1.  It’s worth noting that the definition of interoperability used in that legislation is identical to the definition in the CSRIC report.

Thanks to the FCC’s willingness to examine interoperability for 9-1-1 and the work of CSRIC’s members, we’re in a better position to solve this problem.  APCO will continue working with policymakers at the Commission and Congress and pursuing every opportunity to ensure that ECCs can seamlessly exchange 9-1-1 calls and related data with other ECCs and on to responders in the field, regardless of jurisdictional boundaries, service provider, or other factors.

 

About the TabletopX Blog

A “Tabletop Exercise,” often shortened as “TTX,” is a discussion-based exercise frequently used by emergency planners. Led by a facilitator using a planned scenario, TTX participants describe the actions they would take, and the processes and procedures they would follow. The facilitator notes the players’ contributions and ensures that exercise objectives are met. Following the exercise, the facilitator typically develops an after-action report and conducts a debrief discussion during which players and observers have an opportunity to share their thoughts, observations, and recommendations from the exercise without assigning fault or blame.

Many of the attributes of a TTX are the same we seek to promote in the discussion generated from our blog posts. The goal is to capitalize on the shared experiences and expertise of all the participants to identify best practices, as well as areas for improvement, and thus achieve as successful a response to an emergency as possible.

TabletopX blog posts are written by APCO’s Government Relations team and special guests.

Latest TabletopX Posts

TabletopX Archives

Why Cybersecurity Matters

By APCO’s Technology Team

(This article was also published in the September/October 2019 issue of PSC magazine as CDE #51399.)

MTV launched a TV show called “Catfish” in 2012. The show got its name from a type of internet fraud in which a person creates fake personal profiles on social media sites, using someone else’s pictures and false biographical information to pretend to be someone other than themselves.

Each episode of the hour-long show aims to ascertain if a person — over the course of one week — is being “catfished” or not. The show highlights people’s emotional investment into hackers that they have never met over the course of years.

This “catfish” type fraud usually aims to trick an unsuspecting person (or persons) into falling in love with the hacker. Typically, a person is being deceived for a myriad of reasons – financial gain, emotional manipulation or notoriety.

WHO IS VULNERABLE?

Today, the reality is that every individual, business and government is connected to the internet. As such, everybody is vulnerable to cyberattacks. The types and sophistication of attacks continue to grow.

The scenario described earlier is a type of phishing attack called catfishing. The trick to this type of cyberattack is gaining the trust of strangers. This can be accomplished through a variety of tactics. The hacker performs enough research before engaging their victim so that, to the victim, the hacker will seem trustworthy and barriers will break down. On an individual level, outcomes of a phishing attack may be identity theft, being “tricked” out of money, or divulging confidential personal or professional information.

Phishing attacks and social engineering aren’t new. In fact, one could argue that intelligence operatives have been using these proven tactics for centuries. During the Cold War, it is known that Russian operatives lived in the United States and often exploited individual’s emotions in order to gain classified information.

Some individuals might think that they have nothing of value that a hacker would be interested in. They think that they are so low on the “food chain” that the information they have will not be of value. Every individual carries a piece of the puzzle. It is important to remember that every piece of the information puzzle is important.

For example, if an individual thinks they don’t have enough information to damage their employer and chooses to not adhere to basic cyber hygiene practices — including creating strong passwords — then they are leaving their accounts vulnerable to hackers. Now this employee is susceptible to a hacker gaining access to their computer to be used as a botnet. Botnets gain access to an individual’s machine through some piece of malicious coding. In some cases, the machine is directly hacked, while other times what is known as a “spider” (a program that crawls the internet looking for holes in security to exploit) does the hacking automatically.1

More often than not, botnets aim to add the target computer to their web. That usually happens through a drive-by download or by fooling the victim into installing a seemingly harmless “Trojan horse” on their computer. A drive-by download happens through something as simple as opening a compromised web page. Once a compromised webpage has been visited (the driveby), without stopping to click or accept any software, the malicious code can download in the background to your device. A driveby download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device. Once the software is downloaded, the botnet contacts its master computer and lets it know that everything is ready to go. At that point the target computer, phone or tablet is entirely under the control of the person who created the botnet.

PHYSICAL ACCESS IS IMPORTANT TOO

In emergency communications centers (ECCs) across the United States, there are many people in various roles that have access to the building. These people can range from vendors to employees to administrators and even the general public. Physical security is just as essential as cybersecurity. Physical security helps companies protect assets, including information technology (IT) infrastructures and servers that make their businesses run and that store sensitive and critical data. Physical security encompasses measures and tools such as gates, alarms and video surveillance cameras. But physical security also includes another central element: an organization’s personnel. Here are some precautions to consider regarding personnel:2

  • Foster a culture of security: Personnel are an ECC’s first line of defense, so it is important to train employees in security awareness and build an enjoyable workplace to equip and motivate employees to protect the ECC.
  • Secure entry points: ECCs can improve cybersecurity by investing in security gates and doors. Requiring access cards helps restrict access and deploying “smart locks” allow ECCs to add additional barriers with wireless unlocking mechanisms.
  • Use surveillance cameras: Inexpensive yet invaluable, surveillance cameras can detect potential threats as well as provide solid evidence for forensic review after incidents.
  • Install alarms: They are crucial security elements for warding off intruders.
  • Guard the server room: Small businesses often maintain their data center in a small room, in which case monitoring and even securing access with security gates is especially important.

CREATING OR IMPROVING A CYBER PROGRAM

According to APCO’s “Broadband Implications for the PSAP” report,3 “It is essential that cybersecurity is considered at the onset and not treated as an afterthought, when adopting new technologies. In other words, cybersecurity must be baked in, not bolted on.” In order to ensure that an ECC properly plans for a cyber related incident, a cybersecurity program must be thoughtfully made. According to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity,4 the following steps illustrate how this framework can be used to create a new cybersecurity program or improve an existing program:

  • Step 1: Prioritize and Scope. The organization identifies its mission objectives and high-level organizational priorities. With this information, the organization makes strategic decisions regarding cybersecurity implementations and determines the scope of systems and assets that support the selected business line or process. The framework can be adapted to support the different business lines or processes within an organization, which may have different business needs and associated risk tolerance. Risk tolerances may be reflected in a target Implementation Tier.
  • Step 2: Orient. Once the scope of the cybersecurity program has been determined for the business line or process, the organization identifies related systems and assets, regulatory requirements and overall risk approach. The organization then consults with sources to identify threats and vulnerabilities applicable to those systems and assets.
  • Step 3: Create a Current Profile. The organization develops a current profile by indicating which category and subcategory outcomes from the framework core are currently being achieved. If an outcome is partially achieved, noting this fact will help support subsequent steps by providing baseline information.
  • Step 4: Conduct a Risk Assessment. This assessment could be guided by the organization’s overall risk management process or previous risk assessment activities. The organization analyzes the operational environment in order to discern the likelihood of a cybersecurity event and the impact it could have on the organization. It is important that organizations identify emerging risks and use cyber threat information from internal and external sources to gain a better understanding of the likelihood and impact of cybersecurity events.
  • Step 5: Create a Target Profile. The organization creates a target profile that focuses on the assessment of the framework categories and subcategories describing the organization’s desired cybersecurity outcomes. Organizations also may develop their own additional categories and subcategories to account for unique organizational risks. The organization may also consider influences and requirements of external stakeholders such as sector entities, customers and business partners when creating a target profile. The target profile should appropriately reflect criteria within the target implementation tier.
  • Step 6: Determine, Analyze and Prioritize Gaps. The organization compares the current profile and the target profile to determine gaps. Next, it creates a prioritized action plan to address gaps — reflecting mission drivers, costs and benefits, and risks — to achieve the outcomes in the target profile. The organization then determines resources, including funding and workforce necessary to address the gaps. Using profiles in this manner encourages the organization to make informed decisions about cybersecurity activities, supports risk management and enables the organization to perform cost-effective, targeted improvements.
  • Step 7: Implement an Action Plan. The organization determines which actions to take to address the gaps, if any, identified in the previous step and then adjusts its current cybersecurity practices in order to achieve the target profile. For further guidance, the framework identifies example informative references regarding the categories and subcategories, but organizations should determine which standards, guidelines and practices, including those that are sector specific, work best for their needs.

Cybersecurity is becoming more and more essential to the overall security posture of all organizations, governments and individuals. Again, with this in mind, cybersecurity should be “baked in, not bolted on”.5 When implementing new systems and networks, ECCs should always consider cybersecurity measures in the initial plans in order to ensure that sensitive data is secured. By following the steps outlined above, any ECC will be well on its way to establishing a cybersecurity program that will assist in the mitigation of attacks.

References

1. us.norton.com/internetsecurity-malware-what-is-abotnet.html

2. Goldstein, P. (2016, Oct 11). “Why physical security should be as important as cybersecurity.” BizTech. https://biztechmagazine.com/article/2016/10/ why-physical-security-should-be-importantcybersecurity

3. apcointl.org/ext/pages/p43/p43book.html

4. NIST Framework for Improving Critical Infrastructure Cybersecurity, nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

5. apcointl.org/ext/pages/p43/p43book.html

Insert test content for sidebar

Cybersecurity Is Everyone’s Responsibility

By APCO’s Technology Team

It is our intent to deliver timely, actionable information to APCO members through this site and to provide you with tools and information to keep your agencies and organizations as secure as possible.  For those of you who work in the cybersecurity field, you are well familiar with the adage “it’s not if you’ll be attacked, it’s when.”  For those to whom cybersecurity is relatively new, don’t let that phrase scare you off, it’s simply an expression of the reality we all face in a digital age.  Because of this reality, it is increasingly important that staff at all levels of an organization understand that cybersecurity is everyone’s responsibility.

This website, along with other cybersecurity offerings, seeks to assist APCO members in identifying and mitigating the risks from cybersecurity incidents.  It is important that every agency or organization develop guidelines on establishing effective cybersecurity strategies to include training, awareness, and incident response programs.  The primary focus of this site will be to provide information that should assist with detecting, analyzing, and responding to incidents.  This information is not mean to be kept close to the vest.  Information sharing, strategic planning, and a willingness to engage in the process are part of everyone’s responsibilities.  The weakest link can be anyone, or anything, and can happen at any time.  Only by working together as teams, sharing information, and being willing to learn from our mistakes, and share those learned lessons with others, can we be successful in the ongoing battle to secure our networks and systems.

To that end, I would like to share with all of you a few suggestions based on how APCO approaches cybersecurity incidents as an organization.

A cybersecurity incident is defined by the Department of Homeland Security as an occurrence that:

(A) Actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of an information system or the information that system controls, processes, stores, or transmits; or

(B) Constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.1

An incident could be either intentional or accidental in nature.

Examples of cybersecurity may include, but are not limited to:

  • An incident in which an attacker commands a botnet to send high volumes of connection requests to a web server, causing it to crash.
  • An incident in which users are tricked into opening a “quarterly report” sent via email that is actually malware; running the tool has infected their computers and established connections with an external host.
  • An incident where an attacker obtains sensitive data and threatens that the details will be released publicly if the organization does not pay a designated sum of money.
  • An incident where a user provides or exposes sensitive information to others through peer-to- peer file-sharing services.

Unfortunately, successful incidents similar to those noted above have occurred across the public safety landscape.  These incidents can cause financial and reputational harm, disrupt daily operations, and create compliance issues with state and federal laws.

Sharing information, getting everyone engaged, and establishing cyber incident response capabilities helps personnel to minimize loss or theft of information and disruption of services caused by cyber incidents.  Incident response capabilities also build institutional resilience. Information gained and lessons learned during incident handling can help better prepare for dealing with future incidents.

One of the elements of APCO’s internal technology mission is to provide, secure, and maintain information systems, allowing the Association to accomplish its mission.  This same approach can work for organizations of any shape and size.

Timely and thorough action to manage the impact of cyber incidents is a critical component of the response process and it takes everyone being involved for a response plan to work.  The response should limit the potential for damage by ensuring that actions are well known and coordinated.  Cyber incident response goals can include:

  • To protect the well-being of the agency and community.
  • To protect the confidentiality, integrity, and availability of agency systems, networks and data.
  • To help personnel recover their business processes after computer or network security incidents.
  • To provide a consistent response strategy to system and network threats that put data and systems at risk.
  • To develop and activate a communications plan including initial reporting of the incident as well as ongoing communications as necessary.

To achieve these goals, APCO has adopted security best practices derived from standardized incident response processes such as those published by the National Institute of Standards and Technology (NIST) Special Publication 800-61 and other authorities.

The specific incident response process elements that comprise the APCO Cyber Incident Response Plan include:

  • Preparation: Maintaining and improving incident response capabilities and preventing incidents by ensuring that systems, networks, and applications are sufficiently secure.
  • Identification: Confirming, characterizing, classifying, categorizing, scoping, and prioritizing suspected incidents;
  • Containment: Minimizing loss, theft of information, or service disruption;
  • Eradication: Eliminating the threat;
  • Recovery: Restoring computing services quickly and securely; and
  • Post-incident activities:  Assessing response to better handle future incidents through utilization of reports, “Lessons Learned,” and after-action activities, or mitigation of exploited weaknesses to prevent similar incidents from occurring in the future.

While this is only a small sub-set of the APCO Cyber Incident Response Plan, we hope that this information at least provides a starting point for your agencies and organizations.  As you can see from this brief description of what is required, everyone’s input and participation matters.  From the frontline public safety telecommunicator who will likely be the first to notice initial attack signs, to the supervisors who will make the first call on responding, to management and IT professionals who ultimately hold responsibility for technical response and overall management of incidents, everyone is involved and everyone has responsibilities.

APCO hopes to help our members and your agencies stay informed and be prepared through this new website and through our ongoing efforts via other media.  By sharing information, lessons learned, and innovative ideas related to cybersecurity APCO members can help each other, and our public safety communications community as a whole.  On behalf of APCO, we welcome you to the new website and we look forward to working together to keep our profession informed and secure.

1 From www.whitehouse.gov/sites/default/files/omb/legislative/letters/coordination-of-federal-information-security-policy.pdf – 44 U.S. Code § 3552

Dummy sidebar content block

What Does Interoperable Mean in the Real World?

By Steve Leese

In the field of public safety, interoperability has several specific meanings that apply to the tools used in our profession.  For instance, fire apparatus hose fittings are commonly standardized so that departments from different jurisdictions can provide mutual aid effectively.  Merriam Webster defines interoperability as the “ability of a system to work with or use the parts or equipment of another system.”  This article will focus primarily on communication tools such as land mobile radio (LMR) and computer aided dispatch (CAD) in addition to illustrating the overall need for an interoperability-based approach to any communications technologies intended for use by public safety.

Emergency incidents can occur anywhere, and do not respect jurisdictional borders.  When this happens, responders from more than one agency have to respond and work together.  Agencies set themselves up for failure and put lives at risk when interoperability is not carefully considered and built into the purchase and implementation of equipment and programs they utilize to communicate, both with the public and with other agencies.

Providing a few real-world examples of problems that public safety faces today may help illustrate how vitally important interoperability is.  The following examples are drawn from a career that has spanned over thirty years as a first responder and a director of two Public Safety Answering Points (PSAPs).

When I was a law enforcement officer, our jurisdiction, like many across the country, was bordered on three sides by another jurisdiction that had a disparate LMR system.  Some LMR systems in the United States are typically referred to as proprietary, meaning that they do not talk to systems of a different brand or frequency range.  Our jurisdiction had such a system, as did those that bordered and responded with us.  During an incident that required multi-jurisdictional response, our only solution was to partner with another patrol vehicle from the neighboring agency and manually relay the necessary information over the air to the disparate system.  This occurred frequently and had the undesirable side effects of taking two scarce patrol units away from the primary task of responding to the incident.  In addition, because communications were relayed, it was easy to miss important information.  This costs time and efficiency and it can put both the responders and the public at risk.

Serving as a communications director, my centers faced a similar challenge to the previous example.  What made it different, was that the officers in the jurisdictions that commonly worked together across a jurisdictional border personally purchased commercial cellphones with a push to talk feature.  While this allowed them to communicate with each other, their solution had many shortcomings: they did not connect to our recording system in the PSAP; they were not monitored so if the responders were using personal phones instead of department radios to communicate emergency information, the communications center would not know about the emergency traffic; and the handsets were not mission critical.  While this solution was problematic at best, the fact that responders tolerated these shortcomings illustrates the level of frustration public safety experiences with the inability to seamlessly connect.

My final case in point is again derived from my time as a communications director.  Because public safety responder jurisdictions sometime overlap PSAP boundaries it became necessary to implement a CAD to CAD solution to dispatch fire department incidents.  When the agencies developed the plan everything seemed simple because both PSAPs purchased CAD from the same vendor, and had the same version running on the same type of equipment.  Imagine our surprise when the vendor required both PSAPs to purchase very expensive interfaces for our CADs to exchange information.  Of course, there were also expensive maintenance contracts for the interfaces every year after we made the purchases.  Ultimately the only options were to pay the price, or spend literally millions of dollars to change vendors.

These examples are not unique.  Every day public safety officials and responders deal with similar issues, and it strains the operations and puts lives in danger.  Less important, but significant, are the burdensome costs associated with connecting disparate systems.  When consumers are faced with an unexpected or undesirable cost, they turn to a competitor.  Public safety agencies don’t have that luxury.  They are typically locked into contracts that package multiple services with proprietary solutions, making a change to a competitor a major expense.

These technology challenges seemed difficult to overcome years ago, but today it is common to see inexpensive commercially available devices that can transfer multimedia seamlessly to disparate devices on different platforms.  If this technology and capability is in the hands of the consumer today, why can’t public safety benefit in a similar way?

The vision for seamless interoperability that I’m trying to explain is described in the APCO P43 report on “Broadband Implications for the PSAP” in the following way:

Fully interoperable voice and data communications allow the units who arrive first on scene to provide up to date, real-time information to additional units responding to the scene regardless of which agency they are from. PSAPs, though they have different CAD and radio systems, can communicate and receive common updates via interoperable, standardized CAD interfaces.

Pushback to this vision demonstrates how entrenched we are in the sometimes regressive traditional thinking.  Approaches that worked in the past will no longer work today.  Engaging the public safety community to help define the problem and providing innovative solutions is essential.  Public safety was not somehow put in this precarious position overnight.  These concerns are not new, and have been real-life concerns for several decades.  Entire careers have started and ended with the attitude that this problem is too large to ever overcome.

While FirstNet offers promise on the responder communications front, and solutions are being deployed to address much of what has been problematic, challenges still remain for the full emergency communications ecosystem, including LMR and 9-1-1 systems.  APCO, with the help of the US Department of Homeland Security and industry partners, will continue to work to fix interoperability problems for LMR.  However, it is critical that we take the same approach to Next Generation 9-1-1 and ensure that it includes requirements for interoperability at all levels.[1]  From the ability of the public to send multimedia communications to PSAPs, to the ability of PSAPs to process and share that data with each other – regardless of vendor, equipment, and jurisdiction – we cannot afford to ignore the importance of interoperability in this realm.  Working together, the public safety community, technology designers, manufacturers, network and service providers, and fellow standards development organizations can assure that both citizens and responders are made safer by addressing this important concern.   As our industry moves toward Next Generation 9-1-1 and IP based systems and services, now is the time to learn from the past and move forward in a positive direction.  Anything less is a disservice to our profession and the public we serve.

[1] APCO President Martha Carter recently authored a member message with an update on efforts to achieve fully interoperable NG9-1-1, including questions to consider asking of NG9-1-1 equipment and service providers.

 

Steve began work with APCO International in 2013, and served as the Director of Communications Center and 9-1-1 Services until 2020.  Steve has worked in public safety for 34 years as a Telecommunicator and Police Officer in Dearborn, MI, Emergency Management Director, and 9-1-1 Director in Huron and Eaton County MI.  Steve is a University of Michigan graduate, a Marine Corps veteran having served as a Military Police Sergeant, and Presidential Guard at the White House.  Steve is a former President of the Michigan Communication Directors Association.

About the TabletopX Blog

A “Tabletop Exercise,” often shortened as “TTX,” is a discussion-based exercise frequently used by emergency planners. Led by a facilitator using a planned scenario, TTX participants describe the actions they would take, and the processes and procedures they would follow. The facilitator notes the players’ contributions and ensures that exercise objectives are met. Following the exercise, the facilitator typically develops an after-action report and conducts a debrief discussion during which players and observers have an opportunity to share their thoughts, observations, and recommendations from the exercise without assigning fault or blame.

Many of the attributes of a TTX are the same we seek to promote in the discussion generated from our blog posts. The goal is to capitalize on the shared experiences and expertise of all the participants to identify best practices, as well as areas for improvement, and thus achieve as successful a response to an emergency as possible.

TabletopX blog posts are written by APCO’s Government Relations team and special guests.

Latest TabletopX Posts

TabletopX Archives