Facing the cyber
security challenge
What challenges do public safety network operators encounter as they move
into the mobile broadband ecosystem, and what is being done to address
them? Kate O’Flaherty reports
Cyber security is an urgent challenge for public
safety network operators as they move into
the mobile broadband ecosystem. Indeed,
if cyber attacks such as distributed denial of
service (DDoS) are able to hit networks and
stop them from working, it could be devastating: a slowed
response to a critical incident could cost lives.
Many countries around the world are upgrading existing
TETRA systems or moving towards mission-critical
broadband. This will increase efficiency and capability, but
the transition also sees the end of the closed and controllable
ecosystems of the past, posing cyber security challenges.
One of the greatest issues is that public safety network
operators may not own or control the entire system. “Some
assets will be shared or even owned by others,” says Jason
Johur, Ericsson’s strategy and market development director
for mission critical and private networks, and broadband
industry group chairman, TCCA.
At the same time, the cyber attack surface is rapidly
expanding in the move to IP networks. “The simpler legacy
voice systems were designed without IP data protocols,” says
Ken Rehbehn, directing analyst, critical communications
at IHS Markit. “The attack surface as a result was a much
narrower interface. When we move to heterogenous IP-based
networks, there are many paths through which data can
travel, so the perimeter needs to be secure.”
There are many different types of cyber assaults that may
target public safety networks, but 2019 saw a large number
of ransomware attacks, where data is held to ransom by
hackers in exchange for a payment.
Late last year, the US city of New Orleans was the target of
a ransomware attack which led to officials shutting down the
city’s network and declaring a state of emergency. Earlier in
the year, systems at a number of Baltimore’s city government
departments were taken offline by a ransomware assault
utilising the so-called ‘RobinHood’ malware.
Ransomware was also key in the well-known WannaCry
attack that hit the NHS in the UK back in 2017.
These attacks are often combined with denial of service –
where the network is flooded with traffic to render it useless,
says professor Kevin Curran, senior IEEE member and
professor of cyber security at Ulster University.
Older systems are more vulnerable to malware such as
this because they are no longer automatically updated to
patch security holes. Curran points out that a lot of hospitals
are still using outdated Windows operating systems such
as Windows 7 or even XP, which are no longer supported
by Microsoft.
14 www.criticalcomms.com January 2020
Adobe Stock/Sikov
Cyber security
/www.criticalcomms.com