In honor of October being cybersecurity awareness month, we have created short videos with cybersecurity tips and useful information. Additional resources related to each week’s topic follow the videos.
In honor of October being cybersecurity awareness month, we have created short videos with cybersecurity tips and useful information. Additional resources related to each week’s topic follow the videos.
Reports indicate that there has been a global increase in malicious cyber activity related to COVID-19. Bad actors are preying on fear and attempting to profit from it. Among these attacks were targeted email phishing attempts against US-based medical providers. These attempts leveraged email subject lines and content related to COVID-19 to distribute malicious attachments, which exploited Microsoft Word Document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables.
The FBI is providing indicators of compromise related to these phishing attempts to assist network defenders in protecting their environments. Additionally, the FBI is providing the attached list of hashes related to additional COVID-19 phishing. APCO is passing this information along to ensure that our members have the latest tools available to defend against this threat. Please share this information with your IT departments, vendors, and service providers as you see fit.
This website, along with other cybersecurity offerings, seeks to assist APCO members in identifying and mitigating the risks from cybersecurity incidents. Our primary focus is to provide information that should assist with detecting, analyzing, and responding to incidents.
APCO Resources
When implementing new systems and networks, ECCs should always consider cybersecurity measures in the initial plans in order to ensure that sensitive data is secured.
It is important that every agency or organization develop guidelines on establishing effective cybersecurity strategies to include training, awareness, and incident response programs.
Cybersecurity presents one of the most complex challenges for emergency communications centers in a broadband environment. This section of APCO’s P43 Report discusss the current and future threat, cybersecurity concepts, findings and high level recommendations.
Knowing how to protect your public safety answering point (PSAP)/emergency communications center (ECC) from a ransomware attack is vital.
Most ECC boards and directors realize there is a crisis but do not know where to begin to create a strong cyber defense strategy. Luckily, there have been several efforts designed to provide guidance on managing cybersecurity in the ECC, most notably the FCC’s Task Force on Optimal PSAP Architecture (TFOPA).
From small, two-seat centers scattered throughout the country in rural areas, to large, multijurisdictional regional dispatch centers in heavily populated metropolitan areas, our nation’s ECCs are under a relentless, ever-increasing onslaught of cyber-attacks.
An accessible best practices guide to implementing effective cybersecurity policies and procedures within the ECC.
A list of top cyber-defense practices that ECC’s across the US have used to successfully defend against and recover from cyberattacks.
Federal Resources
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) recently created a website to track and respond to the active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1.
The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s strategic and unified work to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services.
The Stop.Think.Connect. Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online.
US-CERT offers mailing lists and feeds for a variety of products including the National Cyber Awareness System and Current Activity updates. The National Cyber Awareness System was created to ensure that you have access to timely information about security topics and threats.
CISA ensures public safety and national security and emergency preparedness communities can seamlessly and securely communicate during steady state and emergency operations to keep America safe, secure, and resilient.
In 2011, the Department of Homeland Security (DHS) replaced the color-coded alerts of the Homeland Security Advisory System (HSAS) with the National Terrorism Advisory System (NTAS), designed to more effectively communicate information about terrorist threats by providing timely, detailed information to the American public
National Cybersecurity Awareness Month (NCSAM), in October, raises awareness about the importance of cybersecurity across our nation, ensuring that all Americans have the resources they need to be safer and more secure online.
CISA leads the nation’s strategic and unified work to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services and American way of life. The CISA Services Catalog is a single resource that provides users with access to information on services across all of CISA’s mission areas that are available to […]
The Communications Security, Reliability and Interoperability Council’s (CSRIC) mission is to provide recommendations to the FCC to ensure, among other things, optimal security and reliability of communications systems, including telecommunications, media, and public safety.
The mission of the Communications Security, Reliability and Interoperability Council (CSRIC) is to provide recommendations to the Federal Communications Commission (FCC) to ensure, among other things, optimal security and reliability of communications systems. Working Group 7 of the CSRIC V is specifically chartered to provide recommendations for the CSRIC’s consideration regarding any actions the FCC […]
This CSRIC V Working Group 6: Secure Hardware and Software – Security-by-Design (Working Group 6) was formed and tasked with developing voluntary recommendations and best practices to enhance the security of hardware and software in the core public communications network. In a separate report in September of 2016, the Working Group provided voluntary mechanisms to […]
CSRIC V WG6 was tasked with developing voluntary recommendations and best practices to enhance the security of hardware and software used in communications critical infrastructure. The working group was also tasked with a second deliverable, to develop a voluntary attestation framework that could be used by companies to demonstrate the success of the recommendations/best practices.
CSRIC V Working Group 5 (WG5) is currently tasked with identifying and assessing perceived technical, legal, financial, consumer/market, operational, and/or organization impediments to cyber threat information sharing and/or the implementation of the prospective use cases
Working Group 5 (WG 5), Cybersecurity Information Sharing, was tasked with developing recommendations to the Federal Communications Commission (FCC or the Commission) to encourage sharing of cybersecurity information between companies in the communications sector. This report represents the culmination of multiple work streams highlighting the robust level of information sharing that is already underway within […]
The FBI is the lead federal agency for investigating cyber attacks and intrusions. Learn more about what you can do to protect yourself from cyber criminals, how you can report cyber crime, and the Bureau’s efforts in combating the evolving cyber threat.
Frequent instances of Internet fraud include business fraud, credit card fraud, internet auction fraud, investment schemes, Nigerian letter fraud, and non-delivery of merchandise.
Learn tips for protecting your computer, the risk of peer-to-peer systems, the latest e-scams and warnings, Internet fraud schemes, and more.
The mission of the Internet Crime Complaint Center is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes […]
The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. The report includes COVID-19 scam and state-specific statistics.
Other Resources
By APCO’s Technology Team
(This article was also published in the September/October 2019 issue of PSC magazine as CDE #51399.)
MTV launched a TV show called “Catfish” in 2012. The show got its name from a type of internet fraud in which a person creates fake personal profiles on social media sites, using someone else’s pictures and false biographical information to pretend to be someone other than themselves.
Each episode of the hour-long show aims to ascertain if a person — over the course of one week — is being “catfished” or not. The show highlights people’s emotional investment into hackers that they have never met over the course of years.
This “catfish” type fraud usually aims to trick an unsuspecting person (or persons) into falling in love with the hacker. Typically, a person is being deceived for a myriad of reasons – financial gain, emotional manipulation or notoriety.
Today, the reality is that every individual, business and government is connected to the internet. As such, everybody is vulnerable to cyberattacks. The types and sophistication of attacks continue to grow.
The scenario described earlier is a type of phishing attack called catfishing. The trick to this type of cyberattack is gaining the trust of strangers. This can be accomplished through a variety of tactics. The hacker performs enough research before engaging their victim so that, to the victim, the hacker will seem trustworthy and barriers will break down. On an individual level, outcomes of a phishing attack may be identity theft, being “tricked” out of money, or divulging confidential personal or professional information.
Phishing attacks and social engineering aren’t new. In fact, one could argue that intelligence operatives have been using these proven tactics for centuries. During the Cold War, it is known that Russian operatives lived in the United States and often exploited individual’s emotions in order to gain classified information.
Some individuals might think that they have nothing of value that a hacker would be interested in. They think that they are so low on the “food chain” that the information they have will not be of value. Every individual carries a piece of the puzzle. It is important to remember that every piece of the information puzzle is important.
For example, if an individual thinks they don’t have enough information to damage their employer and chooses to not adhere to basic cyber hygiene practices — including creating strong passwords — then they are leaving their accounts vulnerable to hackers. Now this employee is susceptible to a hacker gaining access to their computer to be used as a botnet. Botnets gain access to an individual’s machine through some piece of malicious coding. In some cases, the machine is directly hacked, while other times what is known as a “spider” (a program that crawls the internet looking for holes in security to exploit) does the hacking automatically.1
More often than not, botnets aim to add the target computer to their web. That usually happens through a drive-by download or by fooling the victim into installing a seemingly harmless “Trojan horse” on their computer. A drive-by download happens through something as simple as opening a compromised web page. Once a compromised webpage has been visited (the driveby), without stopping to click or accept any software, the malicious code can download in the background to your device. A driveby download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device. Once the software is downloaded, the botnet contacts its master computer and lets it know that everything is ready to go. At that point the target computer, phone or tablet is entirely under the control of the person who created the botnet.
In emergency communications centers (ECCs) across the United States, there are many people in various roles that have access to the building. These people can range from vendors to employees to administrators and even the general public. Physical security is just as essential as cybersecurity. Physical security helps companies protect assets, including information technology (IT) infrastructures and servers that make their businesses run and that store sensitive and critical data. Physical security encompasses measures and tools such as gates, alarms and video surveillance cameras. But physical security also includes another central element: an organization’s personnel. Here are some precautions to consider regarding personnel:2
According to APCO’s “Broadband Implications for the PSAP” report,3 “It is essential that cybersecurity is considered at the onset and not treated as an afterthought, when adopting new technologies. In other words, cybersecurity must be baked in, not bolted on.” In order to ensure that an ECC properly plans for a cyber related incident, a cybersecurity program must be thoughtfully made. According to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity,4 the following steps illustrate how this framework can be used to create a new cybersecurity program or improve an existing program:
Cybersecurity is becoming more and more essential to the overall security posture of all organizations, governments and individuals. Again, with this in mind, cybersecurity should be “baked in, not bolted on”.5 When implementing new systems and networks, ECCs should always consider cybersecurity measures in the initial plans in order to ensure that sensitive data is secured. By following the steps outlined above, any ECC will be well on its way to establishing a cybersecurity program that will assist in the mitigation of attacks.
References
1. us.norton.com/internetsecurity-malware-what-is-abotnet.html
2. Goldstein, P. (2016, Oct 11). “Why physical security should be as important as cybersecurity.” BizTech. https://biztechmagazine.com/article/2016/10/ why-physical-security-should-be-importantcybersecurity
3. apcointl.org/ext/pages/p43/p43book.html
4. NIST Framework for Improving Critical Infrastructure Cybersecurity, nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
5. apcointl.org/ext/pages/p43/p43book.html
Insert test content for sidebar
By APCO’s Technology Team
It is our intent to deliver timely, actionable information to APCO members through this site and to provide you with tools and information to keep your agencies and organizations as secure as possible. For those of you who work in the cybersecurity field, you are well familiar with the adage “it’s not if you’ll be attacked, it’s when.” For those to whom cybersecurity is relatively new, don’t let that phrase scare you off, it’s simply an expression of the reality we all face in a digital age. Because of this reality, it is increasingly important that staff at all levels of an organization understand that cybersecurity is everyone’s responsibility.
This website, along with other cybersecurity offerings, seeks to assist APCO members in identifying and mitigating the risks from cybersecurity incidents. It is important that every agency or organization develop guidelines on establishing effective cybersecurity strategies to include training, awareness, and incident response programs. The primary focus of this site will be to provide information that should assist with detecting, analyzing, and responding to incidents. This information is not mean to be kept close to the vest. Information sharing, strategic planning, and a willingness to engage in the process are part of everyone’s responsibilities. The weakest link can be anyone, or anything, and can happen at any time. Only by working together as teams, sharing information, and being willing to learn from our mistakes, and share those learned lessons with others, can we be successful in the ongoing battle to secure our networks and systems.
To that end, I would like to share with all of you a few suggestions based on how APCO approaches cybersecurity incidents as an organization.
A cybersecurity incident is defined by the Department of Homeland Security as an occurrence that:
(A) Actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of an information system or the information that system controls, processes, stores, or transmits; or
(B) Constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.1
An incident could be either intentional or accidental in nature.
Examples of cybersecurity may include, but are not limited to:
Unfortunately, successful incidents similar to those noted above have occurred across the public safety landscape. These incidents can cause financial and reputational harm, disrupt daily operations, and create compliance issues with state and federal laws.
Sharing information, getting everyone engaged, and establishing cyber incident response capabilities helps personnel to minimize loss or theft of information and disruption of services caused by cyber incidents. Incident response capabilities also build institutional resilience. Information gained and lessons learned during incident handling can help better prepare for dealing with future incidents.
One of the elements of APCO’s internal technology mission is to provide, secure, and maintain information systems, allowing the Association to accomplish its mission. This same approach can work for organizations of any shape and size.
Timely and thorough action to manage the impact of cyber incidents is a critical component of the response process and it takes everyone being involved for a response plan to work. The response should limit the potential for damage by ensuring that actions are well known and coordinated. Cyber incident response goals can include:
To achieve these goals, APCO has adopted security best practices derived from standardized incident response processes such as those published by the National Institute of Standards and Technology (NIST) Special Publication 800-61 and other authorities.
The specific incident response process elements that comprise the APCO Cyber Incident Response Plan include:
While this is only a small sub-set of the APCO Cyber Incident Response Plan, we hope that this information at least provides a starting point for your agencies and organizations. As you can see from this brief description of what is required, everyone’s input and participation matters. From the frontline public safety telecommunicator who will likely be the first to notice initial attack signs, to the supervisors who will make the first call on responding, to management and IT professionals who ultimately hold responsibility for technical response and overall management of incidents, everyone is involved and everyone has responsibilities.
APCO hopes to help our members and your agencies stay informed and be prepared through this new website and through our ongoing efforts via other media. By sharing information, lessons learned, and innovative ideas related to cybersecurity APCO members can help each other, and our public safety communications community as a whole. On behalf of APCO, we welcome you to the new website and we look forward to working together to keep our profession informed and secure.
1 From www.whitehouse.gov/sites/default/files/omb/legislative/letters/coordination-of-federal-information-security-policy.pdf – 44 U.S. Code § 3552
Dummy sidebar content block