Cybersecurity

GAO: Protect next-gen 911 from cyberattack

NG911 logo

The Government Accountability Office wants the Department of Homeland Security to work with the departments of Commerce, Justice, and Transportation and the Federal Communications Commission to ensure next-generation, IP-based 911 emergency response systems are not vulnerable to cyberattack.

The Next-Generation 911(NG 911) technology that local Public Safety Answering Points (PSAPs) are installing in towns and cities across the nation relies heavily on IP and cloud-based technologies to handle emergency calls from the public, GAO noted in a report released Jan. 28. The next-generation technologies carry photos and other data-heavy packages such as building blueprints and maps to help emergency responders do their jobs, which also can make systems more vulnerable to cyberattack, GAO said.

The National Public Safety Broadband Network being set up by the Commerce Department under its FirstNet initiative to improve communications among local emergency responders is also expected to rely heavily on IP-based communications.

The GAO report recommended DHS spearhead an effort among the five agencies to ensure the new, more feature-rich NG 911 emergency response systems are secure.

GAO said the list of possible cyber intruders that might interfere with, or even commandeer, 911 systems is a long one: insiders with personal grudges; thrill-seeking hackers; phishers intent on stealing personal identification information; spammers looking to sell bogus products or set up phishing schemes; and terrorists trying to disrupt emergency response or cause mass casualties. Natural disasters, like the powerful June 2012 storm that knocked out 911 systems in the Washington, D.C., area, could also disrupt new systems.

Last spring, a rash of crude denial-of-service attacks flooded PSAPs' administrative telephone lines with calls. FCW's sister publication, GCN, reported at the time that DHS had issued a notice saying there had been about 600 denial of service attacks on critical government phone systems and as many as 200 of those had targeted government public safety offices. The agency speculated the attacks were associated with extortion schemes.

The new GAO study looked to determine how federal agencies could coordinate with state and local governments' cybersecurity efforts at emergency operation centers, PSAPs and first-responder organizations involved in handling emergency calls. The study noted there are more than 6,000 PSAPs at the county or city level that answer more than 240 million 911 calls each year.

Although GAO said DHS has been working to insure 911 systems' security through its Emergency Services Coordinating Council, it believed the new technology needs a closer look. DHS told GAO in a Jan. 14 letter that the latest version of its National Infrastructure Protection Plan released in December integrates core cyber security considerations for critical infrastructure.

It concurred with GAO, however, that a closer look at NG911 services was in order. Under the newly revised NIPP, DHS said it is working with its partners across all critical infrastructure sectors to update sector-specific plans and it will include NG911, as well as the National Public Safety Broadband Network in those plans. The agency expects to complete the updated plans by the end of 2014.

About the Author

Mark Rockwell is a staff writer covering acquisition, procurement and homeland security. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above