Cyber security
Challenges in cyber security
Public safety network operators are aware of the risks, and
adjustments are being made to address challenges in cyber
security, but there is still a lot of work to be done. “Legal,
operational and organisational changes are needed,” says
Tero Pesonen, chair of TCCA’s Critical Communications
Broadband Group. But this will take time and requires
co-operation between public safety network operators.
“European and international operators of public safety digital
networks – such as the US, Japan and Australia – need
time to discuss security issues arising with the adoption
of broadband,” says Dr Barbara Held, head of directorate
strategy and central management at the Federal Agency for
Public Safety Digital Radio in Germany.
However, she says: “It became clear in international
meetings last year that cyber security is of paramount
importance in critical communications – it comes before legal
and economic issues.” Even so, big changes are needed. Most
public safety network operators are used to running their
networks using niche technology such as TETRA, says Dr
Held. However, the new 3GPP standards will push them into
“the mainstream telecommunications world”.
Although 3GPP standards come with security measures
included, the previously secured public safety technology
will now be open to more avenues of attack, Dr Held says.
“Everyone is worried about how we position ourselves against
new emerging threats.”
In the new broadband world, public protection and disaster
relief (PPDR) operators worldwide have contrasting views on
future networks. However, says Dr Held, they also have things
in common. For example, many are moving towards a hybrid
system: TETRA or P25, and broadband. Yet this also creates
security problems, says Dr Held. “We will need to open up
and have gateways between systems – and that means danger.”
In the future, it is likely some parts of the network will
still be dedicated, and others will be bought in as commercial
services by commercial providers, Dr Held says. “But because
we are opening up to the world, governance and security
are important.”
On the one hand, there are concerns around privacy,
data protection and confidentiality. However, reliability and
availability need to be considered, given that these factors
are key to the communication of first-responders, says Dr
Held. “The big threat is sabotage, and not only by viruses
but through the supply chain. From whom do we buy
components for the system? How do we make sure that
providers who deliver components do not shut down our
networks using remote commands?”
Meanwhile, although it is not likely to become an issue
for some time, public safety network operators are already
voicing concerns about quantum computing. “We know that
most keys and algorithms will be obsolete once quantum
computing becomes standard,” says Dr Held. “This will lead
to changes in security measures when it comes to access.”
At the same time, there are lots of discussions going on
about use-cases in public safety and how these will be secured
going forward. Pesonen cites the example of drones. “They
bring benefits but also risks. To find the balance, we must
have the required regulation in place for using these services.”
Another issue is how public safety can use video. For
example: “What if others are in the video as well as the
We will need to open up and
have gateways between
systems – and that means danger
suspect?” asks Pesonen. “Regulation significantly impacts how
information can be used, and data needs to be secured.”
But many of the challenges are already being addressed.
For instance, Pesonen says, cyber security is being tackled by
having a dedicated core network for public safety. “Ownership
of the core network varies from country to country, but the
essence remains the same: separation from the consumer
network, enabling an upgrade cycle of its own.” In the US,
for example, FirstNet has a public-private partnership with
AT&T including a dedicated distributed core infrastructure.
Rehbehn thinks there is value in operating an extra core
network for emergency services traffic. “By using an isolated
core network, there’s not as much traffic going through the
network, so anomalies can be detected. Also, because the
dedicated core can be monitored and secured, it reduces
avenues for attack.”
5G: a cyber security challenge
Soon-to-launch 5G networks have great potential in public
safety, but they also come with risks. They are, by their very
nature, completely different from previous cellular networks
because the architecture is based on cloud and virtualisation.
In 5G, the network architecture is going to be “completely
different”, Dr Held points out. “It won’t be one network; it
will be a conglomerate of many with new actors in the field.
At least in Germany and Europe, the main architectural
and organisational decisions have not been made in
implementation of 5G: it’s more theoretical and industrydriven
at the moment.”
But another benefit, and risk, of 5G is the potential
number of Internet of Things (IoT) devices it will be able to
enable in the field. 5G will result in more IoT access points,
sensors, and data coming into networks, says TJ Kennedy, cofounder
of the Public Safety Network. “When you add more
nodes, there are additional ways attackers can access data
and networks.” Therefore, he says: “It becomes important that
we maintain software patches and make sure security flaws
in software are taken seriously. This is critical with additional
points of access.”
At the same time, as public safety starts to embrace V2X
communication – where devices are “talking” to each other
– to conduct operations, end-point security is key, says Todd
Kelly, chief security officer at Cradlepoint. “FirstNet in the
US is enforcing routes of trust in the devices. It’s important
to have trust chains we can rely on, not just at times of
communication, but consistently.” For example, he says:
“When phones start up, there will be routes to show ‘I can
trust this phone’ or operating system.”
Another 5G feature is the ability to ‘slice’ the network for
different use-cases or quality of service. Professor Curran
suggests the network slicing capabilities that come with 5G
could be useful in public safety. “Network slicing allows you
to define who uses it, and public safety could benefit from
promises of better quality of service and resilience.”
Dr Held says public safety operators are looking into the
January 2020 @CritCommsToday 15
Adobe Stock/fotosr52