NG911 was initiated in 2007 when it became clear that the United States was going to need an emergency system that could support evolving communication technologies over time. Nationwide, more than a dozen states have begun using NG911, while others are still in the planning stages. Traditional 911 networks typically use standard voice telephone networks and computer dispatch systems on closed, internal networks. Because they aren’t connected to external networks, there’s little opportunity for attack vectors, although cybersecurity continues to be a concern because of issues like spoofing and swatting.
New NG911 systems use an IP platform and communicate across both private and public networks. This allows NG911 to utilize more types of communication during an emergency, like texts, photos or videos, as well as provide precise location data. This affords first responders a deeper level of situational awareness that hasn’t previously been possible.
All of this connectivity begs the question: Will data transmitted via NG911 be secured and safe? It can be, but that will depend on how individual emergency service providers and NG911 vendors decide to handle cybersecurity.
The Multi-State Information Sharing and Analysis Center reports that since 2017, more than 3,600 state, local and tribal governments across the country have been hit by ransomware hackers. This is a critical issue to be taken seriously. It’s not a matter of if your system will be targeted in a cyber attack, but when. Consider Suffolk County, N.Y., where a fall 2022 cyber attack on the county’s government had 911 dispatchers taking calls by hand, among a litany of other issues. Months later, the county is still unraveling the totality of the incident and is identifying new problems as a result of the attack.
Cyber threats are only going to evolve in complexity and sophistication. The Department of Homeland Security says attacks could become more severe against an NG911 system because attackers can launch multiple, distributed attacks with greater automation from a wide geographical area. To ensure that your organization is prepared for the changing nature of cyber concerns, it can help to implement an all-encompassing system that takes into account your business needs and offers a notification and security management platform that can provide additional safety services to bridge the gap between first responders and your organization. You'll need to understand what types of data should be blacklisted, whitelisted or examined, and how quickly that can happen. You should be able to “fingerprint” digital traffic using encryption or algorithms to ensure the availability and integrity of traffic coming to your network. This could involve using artificial intelligence or machine learning and will help you understand traffic trends and establish what appears “normal” and what does not. You could also then quarantine specific data types for inspection to flag anything that could potentially be malicious to your system.
One thing is for sure: The landscape of public safety, the technology we use and the ever-present need for cybersecurity will only continue to evolve over time. That’s why it’s important for government agencies and municipalities to put in place a solution that will eliminate the guesswork in their processes and ensure they're meeting regulatory requirements. Even after NG911 implementation nationwide, it will be imperative for municipalities to routinely identify and understand new or evolving risks, prioritize those risks, develop mitigation strategies, and develop an approach for response and recovery procedures. When data security is on the line, minutes matter — but seconds count.
Ivo Allen is a 30-plus-year veteran of the telecom industry. He is the CEO of 911inform, a public safety company providing mission-critical situational awareness to the existing 911 system.
