What Is the State of Public Safety Cybersecurity?
According to the survey, while 87 percent are extremely or moderately confident in the cybersecurity of their LMR systems, and 78 percent of organizations point to cybersecurity as extremely or very important, only 53 percent conduct active security monitoring, just 48 percent have documented security policies and procedures and only 42 percent patch their LMR systems. Meanwhile, less than a third (30 percent) say they conduct period risk assessments.
And while cybersecurity is listed as the fourth most important aspect needed for LMR network performance, 18 percent of those surveyed say do not take any cybersecurity measures at all.
The trends are similar for associated technologies, according to the survey. “For dispatch systems or command center technologies, only 56 percent conduct active security monitoring, followed by documenting security policies and procedures at 53 percent, security patching at 47 percent, periodic risk assessment at 36 percent, and 20 percent not applying any of these security measures,” the report says. “The levels are also comparable for broadband networks, mobile devices, cloud solutions and vendor-hosted solutions.”
How Public Safety Agencies Can Boost Communications Security
Public safety agencies can guard against threats to their communications systems by breaking free of the thought process that “once a security solution is in place, a system is protected with no further action needed.”
“Cyber threats are constantly evolving,” Motorola’s report says. “The strategy and solution you have in place today need to evolve with the changing threat landscape.”
Monitoring is the most applied security measure in the survey, but it is not enough. “Managing and staying ahead of evolving threats requires consistently applying measures such as risk assessments, information assurance road maps, security patching, and active security monitoring to your LMR systems and associated technologies,” the report says.
First responder agencies can also rely on cybersecurity standards as a guide. The National Institute of Standards and Technology’s cybersecurity framework and other standards, such as ISO 27001, are critical cybersecurity tools agencies should use, Motorola says.
“They can help shed light on network vulnerabilities and risks, then guide users through each phase of cybersecurity: identify, protect, detect, respond, recover,” the report notes. “This has proven to be an effective approach and should be adapted to an organization’s individual security goals and resources.”