Security Boulevard (Original)

NextGen 911 and the Future of Emergency Management

Almost every emergency response begins with a call to 911, and states have begun the process of modernizing the current outdated call-center answering infrastructure with a digital upgrade. NextGen 911 (NG911) is the modernization initiative states are implementing to better facilitate emergency response.

In the NG911 environment, the large telecom companies in charge of maintaining the 911 answering system (AT&T and Motorola) computerize the process, routing calls through an emergency services IP network (ESInet) instead of the currently used call centers. Ideally, computerizing the system reduces the likelihood that calls will go unanswered, either because a system is inundated with too much incoming network traffic or because the resources are not available to handle the calls. But defending a computerized system against cyberattacks is no simple task.

Of course, significant attention is being paid to security and reliability during testing and integration of the new system, but unfortunately, as is the nature of cyberattacks, understanding how to defend against attacks often happens after a disaster has already occurred.

The good news is that the ESInet is a closed-circuit system, meaning outside access is restricted and incoming traffic is limited to incoming 911 emergency calls. Additionally, overwhelming a computer is much more difficult than overwhelming a telephone line. That said, whether a telephony denial of service (TDoS) attack could render a NG911 response center inoperable remains to be seen. Additionally, because NG911 centers are maintained by telecom companies, whether a cybercriminal or terrorist could hack into AT&T, Motorola or whichever telecom company has that jurisdiction’s contract and shut down the answering service also is an unanswered question. The diligence and methodical testing and monitoring of these systems, as well as the cybersecurity practices of the telecom companies themselves, is a very good indicator that shutting down the NG911 infrastructure would be extremely difficult—but of course, not foolproof.

Even further, because of the way emergency managers integrate abandonment and special events routing into the NG911 system, incorporating hierarchical dissemination of calls if the system determines an answering center is unresponsive, the sophistication of an attack capable of shutting down the entirety of a state’s NG911 system would have to be exceptionally complex, even if a single center was able to be taken offline. None of this is to say such an attack is impossible, but the safeguards in place to protect against outside threats should be reassuring to the public.

Third-party hacks are a persistent threat and cyberattacks are becoming consistently more complex. The importance of prioritizing strong defenses and diligent system monitoring cannot be overstated. The computerization of goods and services is inevitable, and there will be devastating consequences if systems like these are not adequately protected. Thankfully, there are dedicated, passionate individuals determined to keep others safe despite any new vulnerabilities that may arise. The ability to disturb and disrupt incoming emergency calls is nothing new, and the extent to which computerizing the process eliminates more issues than it creates is unknown. Likewise, the extent to which a computerized system becomes a more (or less) appealing target is also unknown. NG911 will fundamentally change how emergency calls are received and responded to, which is why we need to make sure securing the system is a top priority.

For now, as a general best practice, I’d advise saving the number of your local police station, firehouse and hospital (EMT) in your phone, just in case getting through to 911 is difficult. Also, make sure your own devices are secured with current security updates to prevent a hacker from compromising you or recruiting your tech into a botnet for nefarious purposes.

Michael Block

Michael Block is a Policy Analyst for the University of Maryland Center for Health and Homeland Security and a freelance policy journalist. As both a tech junkie and a policy wonk, he finds the evolving landscape of regulating and governing the tech space endlessly fascinating and hopes to share that passion with readers.

Recent Posts

Checkmarx Aligns With Wiz to Improve Application Security

Checkmarx has integrated its platform for securing application development environments with Wiz's CNAPP.

9 mins ago

Cybersecurity Infrastructure Investment Crashes and Burns Without Governance

Just like pilot awareness is crucial during unexpected aviation events, cybersecurity's traditional focus on infrastructure needs to shift to more…

2 hours ago

Votiro Listed in 2024 Partner Program Guide by CRN®

The post Votiro Listed in 2024 Partner Program Guide by CRN® appeared first on Votiro.

2 hours ago

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray…

3 hours ago

Using Generative AI to Understand How an Obfuscated Script Works

Tackling Code Obfuscation When facing a new technical challenge, I’m someone who often feels "in over my head," I tackle…

3 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Jerusalem, Israel, March 28th, 2024, Cyberwire In 2023 alone, more than 10 customers and partners signed commercial agreements with C2A Security,…

3 hours ago