Narrowband  |   Broadband  |  2024-11-08

Cyber Security in Public Safety Communication Sector - Fragmented Regulations and lack of Recovery Strategies

Source: The Critical Communications Review | Gert Jan Wolf editor

Linking multiple networks/technologies together, that this expands the attack surface, and increases the risk of unauthorised access and exploitation.

During the recent Comms Connect Melbourne Congress and Exhibition event two weeks ago, cyber security specialist Vanessa Leite spoke about the current cyber threat landscape and its implications for the public safety communication sector.

According to Leite, who is an executive council member TechWomen NZ and Principal Strategy & Consulting analist at CyberCX there are some key takeaways:

  • Complexity of Cyber: Leite discussed factors that are adding complexity the cyber landscape, such as artificial intelligence and the commoditisation of threats, both of which are significantly enhancing the capabilities of cyber criminals.
  • Lessons from History: She highlighted cyber events that have impacted telecommunications, aviation, and emergency services, including the key trends.
  • An most importantly... What Are We Missing? During here preentation Leite discussed gaps in our societal, governmental, and organisational responses to these challenges such as fragmented regulations and overlooked capabilities such as recovery strategies.

During her session, she received some interesting questions about the security of LMR and P25 networks, including the underlying infrastructure such as towers, repeaters, and control centers, where physical and manufacturer security are still key controls.

Her take is that, as we link these systems with other networks (e.g., broadband), we need to recognise that this expands the attack surface, and increases the risk of unauthorised access and exploitation. This could significantly impact response times and coordination during emergencies, making regular security reviews and implementing additional controls essential.

Back in 2022, Ted Lawson, Cybersecurity and Infrastructure Security Agency (CISA), SAFECOM Cybersecurity Working Group Federal Lead wrote an interesting Blog: SAFECOM Releases Guidance on Cyber Risks to Land Mobile Radio. 

In his Blog Lawson discusses the SAFECOM 'Cyber Risks to LMR First Edition', a document that helps public safety managers and officials better understand such potential threats. The document provides an overview of LMR systems, explores various forms of cyber risks to public safety communications, and identifies methods and resources to help secure these systems.