Strengthening Municipal 911 CAD Systems: Stemming the Rising Threat of Cyber Attacks
A distraught caller immediately dials 911. But something is awry. Instead of a dispatcher promptly picking up, there’s a busy signal. Throughout municipalities, the story is the same. Callers cannot get through for hours as emergencies pile up because of an ongoing cyber-attack that has disrupted 911 call center operations.
That’s just one of many alarming scenarios unfolding across the United States in the face of cybersecurity attacks on city emergency systems.
In today’s digital age, the security and safety of municipalities hinges on effective emergency response systems. Computer-Aided Dispatch (CAD) technology is central to these systems, which play a crucial role in coordinating emergency services. Unfortunately, as technology evolves, so do cyber-attacks that threaten these essential systems. Over the past few years, the increase in attacks targeting 911 CAD systems has raised significant concerns, and with good reason.
Recent 911 CAD System CyberAttacks
In Dallas, a ransomware assault affected numerous IT systems and even shut down the Dallas Police Department’s website. Worse yet, CBS News reported the attack also impacted the CAD department. In Baltimore, an attack disrupted the city’s CAD system, forcing city officials to resort to slower manual operations to handle emergency calls.
However, it is not just large cities like Dallas and Baltimore that are being impacted by cyber-attacks. Small municipalities have been hit, too, including:
- Newburgh, New York experienced a ransomware attack in November 2022 that paralyzed its 911 system, leaving residents unable to call for emergency assistance.
- West Plains, Missouri and Maryville, Missouri suffered similar attacks in 2022 that compromised their 911 systems.
- Just this year (2023), East Haven, Connecticut and St. Charles, Missouri were also attacked with each city unable to access emergency services because compromised CAD systems caused major distress and put lives potentially at risk.
These examples serve as a stark reminder that cyber-attacks on emergency systems can occur anywhere, regardless of the size or location of the municipality. They also underscore the importance of having robust cybersecurity measures in place to prevent cyber-attacks’ impact on 911 CAD systems. In this VirnetX blog, we’ll address this increasing threat while emphasizing the need for municipal leaders to prioritize cybersecurity measures to protect their cities and citizens.
Understanding 911 CAD Systems
Serving as the nerve center for emergency response operations, 911 CAD systems enable the efficient dispatching of police, fire, and medical personnel to emergencies and incidents. CAD systems incorporate vital functionalities, including call intake, resource allocation, location mapping, and incident management. By streamlining information and communication flow, CAD systems allow emergency responders to respond quickly and successfully to incidents.
911 CAD Systems Vulnerable to Cyber Attacks
While 911 CAD systems are created with a focus on security, they have become prominent targets for cyber thieves and other threat actors. These cyber criminals may possess ideological or political motivations to disrupt essential services like 911 dispatch and public safety operations. Many criminal organizations, not surprisingly, seek financial gain through their malfeasance. They deploy tactics such as blackmail, the threat to expose stolen data unless a ransom is paid, or use ransomware to render systems inaccessible. In addition, opportunistic bad actors actively search for vulnerable endpoints to enter a municipality’s network.
Different Cyber Attacks
There are several types of cyber-attacks on 911 CAD systems, including:
- Ransomware. Criminals use ransomware to encrypt critical file systems, holding them hostage until a ransom is paid. These attacks can hinder emergency response capabilities until the systems are restored or replaced, causing potentially life-threatening delays.
- Unauthorized access and data breaches. Weaknesses within CAD systems can let unauthorized individuals gain access to sensitive information. Breaches compromise the integrity and confidentiality of data, undermining trust in emergency services and endangering public safety.
- Distributed Denial of Service (DDoS) attacks. These attacks overwhelm 911 CAD systems with a flood of illegitimate requests, rendering them unable to function correctly. DDoS attacks can disrupt the entire emergency response process, putting public safety at risk.
- Social engineering attacks. Hackers may deploy social engineering tactics to manipulate employees or gain unauthorized access to the municipal 911 CAD system through phishing emails, impersonation, or pretexting personnel to trick employees into revealing sensitive information or providing system access.
- Insider threats. Insiders with authorized access to municipal 911 CAD systems. For example, disgruntled employees or contractors may intentionally misuse or sabotage the system.
Steps to Protect 911 Systems from Attack
Because of cyber-attacks’ implications on 911 CAD systems, municipal leaders must take proactive steps to protect these public safety communication systems. The following are some key actions to combat attacks:
- Implement strong access controls: Ensure only authorized personnel can access the 911 CAD system. Regularly review and update access privileges to prevent any unauthorized changes or tampering.
- Use strong passwords and implement multi-factor authentication to protect against unauthorized access.
- Regularly update and patch CAD software: Stay up to date with the latest software updates and patches provided by the CAD system vendor. These updates often include security fixes and enhancements that address vulnerabilities. Promptly apply patches and updates to minimize the risk of exploitation by attackers.
- Employ network segmentation: Segment the network that hosts the 911 CAD system to isolate it from other systems and networks. This prevents attackers from easily moving laterally within the network and accessing critical components. Implement firewalls, intrusion detection systems, and network monitoring tools to enhance network security.
- Conduct regular security audits: Perform security and vulnerability assessments on the 911 CAD system. Identify any potential weaknesses or vulnerabilities and address them promptly. Penetration testing can also help identify security gaps and allow for remediation before an attack occurs.
- Train and educate personnel: Provide comprehensive training to all personnel operating and maintaining the 911 CAD system. Educate them about common cybersecurity threats, social engineering techniques, and best practices for maintaining system security. Encourage a culture of security awareness and ensure that employees are vigilant against suspicious activities or potential threats.
Remember, these recommendations should be implemented with industry best practices and the guidance of cybersecurity professionals experienced in security 911 CAD systems.
The First Step to Robust 911 CAD Protection – Matrix
Matrix, a cost-effective platform, provides an unparalleled layer of protection specifically designed to secure your city’s 911 CAD systems. By stopping unauthorized access, enforcing access policy controls, and enabling real-time network management, Matrix ensures the utmost security for your 911 CAD systems. Defend your system from malware, ransomware, and other cybersecurity threats confidently.
Utilizing Zero-Trust Network Access protection and user-friendly “single-click” technology, Matrix answers the cybersecurity call for effectiveness, cost, and ease of use. Embrace the future of cybersecurity solutions that cater to evolving network requirements, including 911 CAD systems. Schedule your demo today and discover how Matrix can safeguard your municipality’s 911 CAD system. Say goodbye to vulnerabilities and embark on a new era of protection for your emergency systems and city.