Increased need in Cyber Security Solutions for Public Safety Organizations
Strong growth of internet usage, combined with the inability to prevent data leakage, has forced organizations to reexamine their approach to cyber security. Baruch Eylon talks about how to address cyber security issues within the Public Safety sector.
Security has always been an issue, especially at Public Safety organizations. The technological complexities of the digital-age pose significant challenges to securing business assets and information. The growing internet usage, combined with the inability to prevent data leakage over open networks, has forced organizations to reexamine their approach to cyber security. Whether it is the susceptibility of C-level employees’ social media accounts, the vulnerability of individuals’ connected devices, or the exposure of organizational assets outside of the IT domain, organizations, and especially police or similar public safety organizations, must be proactive in developing a comprehensive set of cyber security policies and strategies. This applies to their IT assets but also to their communication networks of all kinds, which utilize infrastructure that is not much different and can be exposed to similar threats.
The anonymity of the Internet, coupled with the difficulty of enforcement, has given rise to a new generation of cyber criminals. These criminals prey on newly-created vulnerabilities, as organizations security apparatuses are scaled back to allow for interaction with multiple networks, and additional entry points are uncovered.
The damage created by cyber-attacks should not be underestimated. In addition to the obvious damage, such as unavailability of service, theft of organizational assets and exposure of sensitive information ‒ organizations can suffer damage to their public reputation. In the face of increasing online weaknesses, organizations must find a way to maintain as much control as possible over their footprint in cyberspace.
Suite of Proactive Cyber Security Solutions in the Cyber arena
A set of proactive activities are very useful in preparing for and preventing cyber-attacks damages.
1. Automated and proactive cyber intelligence: an array of tools that optimize the ongoing intelligence information collection and analysis, to create an effective and reliable intelligence grid that would allow to investigate and report on any conclusions applicable for the organization. Intelligence is collected from any and all legal sources of information varying from indexed web, the deep-web and the Dark-net.
2. Penetration testing: This test can be conducted on both the infrastructure (IT and other networks, such as Tetra) level or the application level. Tests include a mapping of the segments, identifying weak links in the infrastructure chain, misconfiguration and out of date systems which could allow an unauthenticated attacker to gain privileges inside the network. This test examines a wide array of components inside the network that are mostly untested and less secure oriented (Printers, Switches, Storage systems, DVR systems) and more common systems (web applications, mail, file systems and monitoring servers)
Tests on the application layer - A specific test on an application (win32 and WEB) includes the use of automatic tools and a manual analysis of the application's logic, high risk functions and overall security in both application level and deployment level.
3. APT - Advanced Persistent Threat: This test is a high level sophisticated penetration test focusing on information assets rather than information systems. This attack simulates a motivated hacker or team of hackers, which target a specific asset in the organization, be it operational procedures, emails, network information, SCADA environment or any other organizational level assets.
Such test uses all means necessary, within given resource limitations, in order to get it.
The attacks can include custom developed tools and research in order to bypass security appliances and software’s on the client premises.
Tests may include the following:
- Social engineering
- Malware manipulations
- Advanced Phishing (Internet or Cellular)
- Circumventing protection systems.
- Resilience of networks separation.
- Use of external Dark web available tools for filtering, decoding, bypassing and "Crypting"
4. Cyber Security Operation Center (SOC)
A Cyber SOC is a significant component in cyber defense. It should include multi-layer monitoring and response capabilities, from basic "Tier 1" up to "Tier 4" of the engineering level and additional advanced cyber capabilities, designed from an "Attacker's point of view" approach. It provides a 24/7 expert monitoring and analysis of output from relevant systems, devices, sites and applications within the organization, initiating proactive actions within the organization’s networks and working arena, designed to provide actionable alerts and essential warning guidelines, to better identify, understand and manage cyber and security incidents.
The above would Enhance Your Security Monitoring and Response Capabilities
5. Cyber forensics and response team: Providing the ability to identify, contain and neutralize a cyber-threat with the additional ability to analyze and investigate a specific mobile, network or PC event or incident. Having a 24/7 response team provides the ability to meet specific operational needs, to best respond, block, contain, remedy and manage a cyber-security incident.
5. Cyber Security Audits and Surveys: Cyber security assessments, based on "attacker oriented" approach provides an in-depth survey of the organization’s defensive capabilities and cyber security readiness against any and all cyber related threats, allowing to take corrective actions in time.
6. Training and qualifications: Cyber training courses, seminars and workshops for staff responsible for cyber-related tasks at all management and technological levels, are key to allow them to fulfill their roles.
Summary
Like other commercial companies and enterprises, Public Safety organizations are also exposed to cyber threats. Damages may end up even bigger. With the increasing amount of Cyber Attacks, it is imperative that Public Safety organizations take actions to develop and implement appropriate policies, measures and staff that will professionally address these threats. Companies such as Cyber Hat, can be very helpful in this process.
baruch@eylonconsulting.com