Cybersecurity Attacks: Detection and Mitigation
The Cybersecurity Committee has released the next iteration of reports titled Cybersecurity Attacks: Detection and Mitigation. The primary goal of this document is to address the types of attacks a PSAP is likely to encounter, the systems that are likely to be attacked and how to mitigate the immediate impacts of an attack. Cyberattacks, such as a Telephonic Denial of Service (TDoS), are discussed as well as various techniques to prevent and mitigate each cyber attack. The report then discusses actions to take following a cyberattack, which might include but are not limited to, contacting their respective IT Departments, FBI Internet Crimes and Complaints Center (IC3) and the DHS National Cybersecurity and Communications Integration Center (NCCIC).
Security Advisory for Authentication Bypass on Some Routers or Modem Routers
Some Netgear routers have a remote authentication bypass vulnerability. This vulnerability allows malware or miscreants that are on your network, or that are able to reach the device's web-based configuration interface from the internet, to gain control without having to provide a password. NETGEAR strongly recommends that you download the latest firmware as soon as possible. The authentication bypass vulnerability remains if you do not complete all recommended steps.
U.S. Homeland Security Warns on Critical Vertical Attacks
The National Cybersecurity and Communications Integration Center (NCCIC) at the US Department of Homeland Security has issued a warning on an emerging sophisticated campaign targeting critical verticals, including public health, critical manufacturing and IT.
Alert (TA17-117A): Intrusions Affecting Multiple Victims Across Multiple Sectors
The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.
Russian Malicious Cyber Activity
On October 7, 2016, the Department of Homeland Security (DHS) and the Office of the Director of National Intelligence (DNI) issued a joint statement on election security compromises.
On December 29, 2016, DHS released a Joint Analysis Report (JAR) attributing those compromises to Russian malicious cyber activity, designated as GRIZZLY STEPPE. The JAR package offers technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services (RIS). Accompanying CSV and STIX format files of the indicators are available here:
The National Cybersecurity and Communications Integration Center and National Center for Communications (NCCIC/NCC) Watch highly encourages that your organization look within your network traffic for signs of the malicious activity described in the Joint Analysis Report (JAR), and report any suspicious activity back to the NCC Watch. Knowledge of historical or current events help the U.S. government understand the associated risk with this activity. To report activity, email [email protected] or call (703) 235-5080.
APCO urges its members to remain vigilant of both cyber and physical threats and to report any suspicious activity to federal, state or local law enforcement partners as appropriate. It is also highly recommended that members share this bulletin with their IT departments for inclusion in security precautions and protocols.
Stay Up-to-Date in Real Time With the National Terrorism Advisory System
An Introduction to Cybersecurity: A Guide for PSAPs
An accessible best practices guide to implementing effective cybersecurity policies and procedures within your PSAP.
Public safety communications systems are becoming more integrated with advanced technologies than ever before. These developments bring both the promise of new capabilities, and the inherent issues of cyber security. The phased implementation of Next Generation 9-1-1 (NG9-1-1) and the ongoing work of the First Responder Network Authority (FirstNet) have created new imperatives and challenges for agencies to protect themselves from cyber risks and attacks. Reports of cyber breaches at major retailers and financial institutions are becoming all too common.
Now imagine the same type of breach occurring in a public safety environment. As agencies start utilizing Internet Protocol (IP)-based networks and more mobile platforms, it becomes increasingly important to take steps to protect sensitive operations and confidential data. Additionally, as agencies move toward IP-based communications systems, the need to protect a network from external and internal intruders needs to become a priority.
In October 2014, APCO produced a white paper which contains information for public safety communications professionals on the ongoing threats to their networks and recommends ways to prevent, mitigate, and report cyber threats and attacks.
APCO continues to work with its partners in the federal government and industry to remain focused on keeping IP-based public safety networks and communications as secure as possible. Remember that prevention of cyber attacks starts with the end user and each person in an organization should be trained on how to identify, prevent, mitigate, and report any attack.
For information on APCO's legislative activities in this area, visit Government Relations Topic: Cybersecurity.