Mitigating cyber risks in PSAPs: strategies to protect critical systems

, , , ,

PSAPs are critical components of national security infrastructures. With increasing reliance on digital systems, these centers face growing cyber threats. Protecting them requires a proactive approach that combines vulnerability assessments, advanced cybersecurity technologies, and robust staff training.

Multi-tenancy CAD and the road to Cloud services

 

Top cyber risks faced by PSAPs

EENA – European Emergency Number Association highlights that cyberattacks targeting PSAPs primarily occur via the internet, exploiting everyday tools like email or web browsers. These risks are expected to grow in the future due to increased reliance on online connectivity. At the same time, the internet enables criminal activities, such as "Ransomware-as-a-Service," allowing ransomware to be deployed as a cloud-based service.
PSAPs are therefore exposed to various vulnerabilities and cyber risks associated with connectivity and the use of the Computer Aided Dispatch (CAD) platform, which can jeopardize operational continuity.

  • Service Disruption. PSAPs host numerous devices, operating systems, and platforms connected to the internet, which can potentially be accessed remotely. The devices and software used daily can serve as attack vectors for hackers, who may exploit them to compromise network security. The use of outdated operating systems, software lacking the latest security patches, and hybrid networks necessitates constant monitoring. Each component must be cataloged and included in a control plan that regularly verifies its status and update level, in compliance with vendor recommendations and on a predefined schedule.
  • DDoS Attacks – Distributed Denial of Service. This cyberattack technique aims to render a service unavailable by overwhelming the operational center’s servers with massive data traffic from a botnet of compromised computers. Such saturation can block access to emergency systems, causing delays in handling calls and managing crisis situations. Consequently, operators’ ability to coordinate responses is severely impaired.
  • Unauthorized Access. Credentials (e.g., usernames, passwords) pose a cybersecurity risk due to personnel errors or criminal social engineering activities. Attackers can use techniques such as phishing and malware to compromise CAD systems, databases, and network infrastructures.
  • CAD Vulnerabilities. CAD systems may contain software vulnerabilities, such as bugs or insecure code, that attackers can exploit to gain unauthorized access. These vulnerabilities often stem from outdated patches. Additionally, since CAD systems are frequently integrated with other platforms like databases and monitoring software, the risk escalates further: a vulnerability in any of these systems can compromise the entire operational environment, making emergency call centers more susceptible to cyber threats.

Risks are primarily driven by both technological and behavioral factors, which can be mitigated through the implementation of robust cybersecurity platforms, advanced access control systems, and comprehensive staff training.

4 steps to mitigate cyber risks

Cybersecurity platforms are essential tools in combating cyber risks. Their primary role is to monitor network traffic and detect any anomalous machine behavior. Their implementation follows a four-step process:

  1. Installation of agents and probes. Software and hardware components are installed on machines and designated network nodes. In case of abnormal traffic or suspicious process execution, alerts are generated, triggering notifications or predefined actions (such as blocking the connection or interrupting the process).
  2. Log analysis. Suspicious events, whether isolated or connected, are identified. Similarly to the previous step, alerts are sent or specific processes are executed. It’s important to note that log analysis requires platform-specific training, as the events to be tracked are unique to each operational context.
  3. Integration with CAD. Using the Application Programming Interface (API) provided by the platform, or through dedicated functions, the Computer Aided Dispatch (CAD) system is integrated to manage the alerts generated by the cybersecurity platform.
  4. Platform configuration. The software must be trained to identify "false positives," or legitimate activities incorrectly flagged as threats. For example, a system file or application might be mistakenly identified as malware, causing unnecessary alarms and potential service disruptions.

In addition to using cybersecurity software, EENA recommends configuring the network by implementing network separation. Along with firewalls, proxies, and routers, the European association suggests dividing the networks connecting all clients in the control center. Rather than one unified network, it should be partitioned into independent networks tailored to the specific needs of each client. If a virus infects one client, it will not spread to other networks. Similarly, APCO International – the Association of Public-Safety Communications Officials – emphasizes the need to isolate and monitor all IP-based equipment (such as Building Management Systems (BMS), Uninterruptible Power Supplies (UPS), or other Safety & Security equipment).

RTT implementation in PSAPs: a step-by-step guide

 

How to mitigate cyber risk in PSAPs

Staff working in PSAPs can present significant cybersecurity risks, both from mishandling access credentials and from activities like email usage or internet browsing. These risks can be addressed through a combination of advanced control tools and proper staff training:

  • Authentication. Biometric recognition methods, such as facial recognition, fingerprint scanning, or iris scanning, ensure the identification of authorized personnel. Additionally, multi-factor authentication or the use of temporary codes further strengthens access control.
  • Training. Social engineering attacks and fraudulent emails are common tactics used to attempt intrusions. To increase awareness and vigilance among PSAP personnel, it is crucial to implement ongoing informational and training programs. As criminal techniques are continuously evolving, staying informed is key to reducing associated risks.

APCO emphasizes that cybersecurity must be embedded from the very beginning in the design of PSAPs, rather than being an afterthought. Cybercriminal activities are constantly evolving, and platforms must be regularly updated to stay ahead of new vulnerabilities. Cybersecurity, therefore, should not be seen as a temporary technological solution to an immediate problem, but rather as a cultural evolution. It enables PSAPs to fulfill their core mission: safeguarding people and assets for the benefit of the community.

Potrebbe interessarti