SlideShare uma empresa Scribd logo

Securing 9-1-1 Infrastructure in the NG9-1-1 World

Transferir como PPTX, PDF
Jack Kessler
Jack Kessler

As 9-1-1 technological solutions migrate towards Next Generation 9-1-1, systems are more open to cyber-attacks. We will talk about why security is more essential than ever, especially during and through the migration to NG9-1-1, as well as what needs to be done to ensure these more advanced assets are protected and monitored.

Tecnologia
1 de 38
NG9-1-1 Technology & Infrastructure Securing 9-1-1 Infrastructure in the NG9- 1-1 World
PRESENTER INTRO • Jack’s background – Managing Director of 20/20 Technical Advisors – Twenty years in IT infrastructure design and management – Public Safety – Government and Military Contracting – Fortune 500 companies – Healthcare, Logistics – Network/security architect for Health and Human Services mymedicare.gov website
20/20 TECHNICAL ADVISORS Come see us next year at NENA in Indy! – Infrastructure • Architecture design • Voice/data networks • Servers – Security • Architecture design • Program design • Audit/testing – IT Strategy planning – IT Management • Indianapolis, IN Based Technology Consultancy Firm
20/20 TECHNICAL ADVISORS • Currently working in an advisory roll on a state 9-1-1 network – Network management – Invoice management – Telecom expense management – 9-1-1 fee management • Inventory of the state 9-1-1 voice/data network – Approximately 12K circuits – Over 100 PSAPs – Over 200 carriers – Circuit IDs, Enhanced / NG / Wireless, Detailed network drawings
OVERVIEW • Challenges in security • What are we protecting? – Evaluation of infrastructure and systems – Entry points into public safety systems – Aspects of NG9-1-1 providing a significant security impact over Enhanced 9-1-1 • Who are we guarding against? – Hackers – Who are they? What do they want?
OVERVIEW • How do we mitigate? – Building a security program – Utilize NENA NG-SEC standards – Utilize widely used security standards
CHALLENGES IN SECURITY • Hackers increased activity – Increase in hacktivism • Technology Changes – New technologies • Next Generation 9-1-1 • Text, VoIP, mobile apps – Cloud based solutions – 3rd party management companies • Employees reduced security awareness – “Point and click” world – Social engineering – Fast paced world
CHALLENGES IN SECURITY • Everyday there are more and more threats to the nation’s IT infrastructures • Hackers have a variety of motives • Hackers are getting more advanced with less knowledge • Hacking tools are easier to obtain and use • Funding to install and manage systems are flat or decreasing
WHAT ARE WE PROTECTING • Every system evaluated for risk – All existing and new systems must be evaluated • What systems are mission critical? – Voice systems, dispatch systems, network, etc… • What data is sensitive? – Employee data, call recording, email, ALI, etc.. • What systems stand to be targets?
WHAT ARE WE PROTECTING – Unpatched systems – Viruses on systems – Untrusted networks • Internet • ESInets • Partner networks • Cloud providers • Entry points to systems and network infrastructures – USB drives – USB ports – Wifi networks – Devices not decommissioned – Unauthorized devices
WHAT ARE WE PROTECTING • Examples of dangerous devices – Rubber Duck USB Keyboard – Raspberry PI Micro PC
NG9-1-1 VS. ENHANCED • Traditional voice network (TDM) • Point to point communication • ES/EM trunks • Voice over IP(VoIP) /Session Initiation Protocol(SIP) – Internet Protocol(IP) based network communication – Packet based network – ESINet – MPLS Cloud network used – Can be a multi-point network
WHO ARE THE THREATS • Can be external or internal attackers • Internal attackers • Disgruntled employees • Sympathizers of a protest group • Financially troubled individuals
WHO ARE THE THREATS • Script Kiddies - Not necessarily out to attack 9- 1-1 - Disgruntled employee - Usually hacker starting out / wanting to get noticed - Use code already written - Low tech skillsets but can do lots of damage - Take advantage of improper patching and software deficiencies • Historical Incidents - ILOVEYOU Virus did $7 billion in damage - Melissa virus did $80 million in damage • Catastrophic damage to 9-1-1 - Potential is there - Not a specific target • Patching can mitigate most threats
WHO ARE THE THREATS • Hacktivists – Protestors of the 21st century - vigilantes - Motivated by politics or religion - Expose wrong doing - Exacting revenge - Harass for entertainment - Can be large organizations - Many times no central command - Uses social media to coordinate
WHO ARE THE THREATS • State sponsored hackers - Countries realize that controlling cyberspace is important - China, North Korea, Russia are all in the news • Cyber Terrorist - Motivated by politics or religion - The most dangerous - Goal is to create fear and chaos, maybe even murder - Very skilled - Maybe state sponsored
MOTIVES • Steal data - Publish info about an event – call recordings, radio recordings, logs - Employee information – People involved with an event - Resource data • Look for information dispatchers have for events • Police/EMS staffing and positioning • Incident response plans
MOTIVES • Disrupt service - Tie up 9-1-1 call handling - Voice gateways – VoIP - Dispatch software systems - Dispatch networks - Text 9-1-1 - Radio communication gateways • Monitoring target networks for data - Insert themselves into the environment to monitor data - Monitor data traffic - “Sniff” for passwords to systems - Monitor phone calls/private communications - Monitor email to mine information - Information gathering on resources
SECURITY MYTHS • Technology is a “silver bullet” for security • Technology is more important than people • Outsourcing puts the responsibility on the outsourcer • IT owns security • “They don’t want us.”
HOW TO MITIGATE • Develop Security Program • Developing Security Architecture • We started with: – What do we want to protect? – Evaluation of the risks to those systems? – Who are we trying to keep out of those systems?
SECURITY PROGRAM • Involve all levels of the organization – Any agency that has oversight – Executive management – Operations management – IT management – IT technical staff – Key staff members – Trainers – Outside technology partners
SECURITY PROGRAM • Planning – Standards – Policies – Architectures – Guidelines
POLICY EXAMPLES • Senior management policies - Explains sr. management’s expectations and goal - Identifies who is responsible for security • Functional Policies • Acceptable use • Password • Data protection • Wireless • Physical • Remote Access • Inventory • Change control • Incident Response
STANDARDS EXAMPLES • Hardware / software manufacturers • Global architecture requirements • Service vendors • Device standards • Naming conventions
SECURITY PROGRAM • Policy Implementation/Enforceme nt – Train users – Implement architectures – Document as built configurations – Testing security on systems • Before, during and after implementation
SECURITY PROGRAM • Monitor & Manage – Monitor environment – Monitor tools – Audit – Penetration Testing – Manage changes through policy • Document changes • Notification of changes
SECURITY PROGRAM • Intrusion / Threat Detection – Detect event – Initiate Incident Response
SECURITY PROGRAM • Threat/Risk Assessment – Determine risk – Determine course of action – Mitigate risk
SECURITY PROGRAM • Security Policy Create/Update – Adjust corresponding policies – Obtain approval of adjusted policies
SECURITY PROGRAM • Training – Notify staff of changes in policy – Training classes – Online tutorials – Memos – Update training records
SECURITY PROGRAM • Then the cycle starts again • Security is a continual process and never stops • New system procurement – That system must be put through the program at the planning stage – Security must be tested throughout the implementation of new or updated system – The system should be security tested before allowed to go live
SECURITY REFERENCES • NENA NG-SEC Document – www.nena.org • ISECOM – Open Source Security Testing Methodology Manual (OSSTMM) – www.isecom.org • SANS – www.sans.org • NIST – www.nist.gov • Defense Information Systems Agency - www.disa.mil
SUMMARY • The security climate for any organization will continually change • Build a budget for security in everything you do • Hackers are more active • Changes in your technology are adding more entry points for attackers into your environment • PATCH YOUR SYSTEMS REGULARLY • Implement or review your Security Policy • Remember the security cycle never stops • Involved everyone / train everyone • Enlist help from trusted partners
Securing 9-1-1 Infrastructure in the NG9-1-1 World

Recomendados

Network security
Network securityNetwork security
Network securityUjjwal 'Shanu'
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityPrecisely
 
Physical access control
Physical access controlPhysical access control
Physical access controlAhsin Yousaf
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Ch14
Ch14Ch14
Ch14Roxanne2006
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 

Recomendados

Network security
Network securityNetwork security
Network securityUjjwal 'Shanu'
 
Essential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityEssential Layers of IBM i Security: Physical Security
Essential Layers of IBM i Security: Physical SecurityPrecisely
 
Physical access control
Physical access controlPhysical access control
Physical access controlAhsin Yousaf
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
Ch14
Ch14Ch14
Ch14Roxanne2006
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 
Chap11
Chap11Chap11
Chap11nitin_009
 
Security and privacy
Security and privacySecurity and privacy
Security and privacyHaa'Meem Mohiyuddin
 
Chap11
Chap11Chap11
Chap11Aman Sharma
 
Date security introduction
Date security introductionDate security introduction
Date security introductionLeo Mark Villar
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Intrusion Systems
Intrusion SystemsIntrusion Systems
Intrusion Systemstamilarasan
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
Harshit security
Harshit securityHarshit security
Harshit securityHarshitGupta435
 
Information security
Information securityInformation security
Information securitylinalona515
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICSDr. Prashant Vats
 
9 - Security
9 - Security9 - Security
9 - SecurityRaymond Gao
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Maxpromotion
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
Chap 1 general introduction to computer forensics
Chap 1 general introduction to computer forensicsChap 1 general introduction to computer forensics
Chap 1 general introduction to computer forensicsMalobe Lottin Cyrille Marcel
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hadi Aoun
 
Network Security
Network SecurityNetwork Security
Network SecurityJitin Kollamkudy
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challengesCRM
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
DGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDeron Grzetich, CISSP, CISM, GCIH
 
ECC Cloud and Security
ECC Cloud and SecurityECC Cloud and Security
ECC Cloud and SecurityErlach Computer Consulting
 
AQA AS ICT INFO2 Revision
AQA AS ICT INFO2 RevisionAQA AS ICT INFO2 Revision
AQA AS ICT INFO2 RevisionSnowfairy007
 

Mais conteúdo relacionado

Mais procurados

Date security introduction
Date security introductionDate security introduction
Date security introductionLeo Mark Villar
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Intrusion Systems
Intrusion SystemsIntrusion Systems
Intrusion Systemstamilarasan
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
Information security
Information securityInformation security
Information securitylinalona515
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Maxpromotion
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challengesCRM
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 

Mais procurados (19)

Chap11
Chap11Chap11
Chap11
 
Security and privacy
Security and privacySecurity and privacy
Security and privacy
 
Chap11
Chap11Chap11
Chap11
 
Date security introduction
Date security introductionDate security introduction
Date security introduction
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Intrusion Systems
Intrusion SystemsIntrusion Systems
Intrusion Systems
 
06. security concept
06. security concept06. security concept
06. security concept
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
 
Harshit security
Harshit securityHarshit security
Harshit security
 
Information security
Information securityInformation security
Information security
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
9 - Security
9 - Security9 - Security
9 - Security
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architecture
 
Chap 1 general introduction to computer forensics
Chap 1 general introduction to computer forensicsChap 1 general introduction to computer forensics
Chap 1 general introduction to computer forensics
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Network Security
Network SecurityNetwork Security
Network Security
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challenges
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
 

Semelhante a Securing 9-1-1 Infrastructure in the NG9-1-1 World

AQA AS ICT INFO2 Revision
AQA AS ICT INFO2 RevisionAQA AS ICT INFO2 Revision
AQA AS ICT INFO2 RevisionSnowfairy007
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ securityJisc
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfBabyBoy55
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdfKIYALIBAN1
 
Urooj's Resume May16
Urooj's Resume May16Urooj's Resume May16
Urooj's Resume May16Urooj Pasha
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
experience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.pptexperience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.pptPawachMetharattanara
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systemsfajjarrehman
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department3VR Inc.
 
Information Exchange Collaboration across Technical/Operational/Policy Bounda...
Information Exchange Collaboration across Technical/Operational/Policy Bounda...Information Exchange Collaboration across Technical/Operational/Policy Bounda...
Information Exchange Collaboration across Technical/Operational/Policy Bounda...APNIC
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Information Security
Information SecurityInformation Security
Information Securitysonykhan3
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…Christopher Kranich
 

Semelhante a Securing 9-1-1 Infrastructure in the NG9-1-1 World (20)

DGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_Presentation
 
ECC Cloud and Security
ECC Cloud and SecurityECC Cloud and Security
ECC Cloud and Security
 
AQA AS ICT INFO2 Revision
AQA AS ICT INFO2 RevisionAQA AS ICT INFO2 Revision
AQA AS ICT INFO2 Revision
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ security
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdf
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
Urooj's Resume May16
Urooj's Resume May16Urooj's Resume May16
Urooj's Resume May16
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
experience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.pptexperience_and_perspective_of_security_installation.ppt
experience_and_perspective_of_security_installation.ppt
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systems
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department
 
Information Exchange Collaboration across Technical/Operational/Policy Bounda...
Information Exchange Collaboration across Technical/Operational/Policy Bounda...Information Exchange Collaboration across Technical/Operational/Policy Bounda...
Information Exchange Collaboration across Technical/Operational/Policy Bounda...
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
Information Security
Information SecurityInformation Security
Information Security
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…The Loss of Intellectual Property in the Digital Age: What Companies can d…
The Loss of Intellectual Property in the Digital Age: What Companies can d…
 

Último

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Último (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Securing 9-1-1 Infrastructure in the NG9-1-1 World

  • 1.
  • 2. NG9-1-1 Technology & Infrastructure Securing 9-1-1 Infrastructure in the NG9- 1-1 World
  • 3. PRESENTER INTRO • Jack’s background – Managing Director of 20/20 Technical Advisors – Twenty years in IT infrastructure design and management – Public Safety – Government and Military Contracting – Fortune 500 companies – Healthcare, Logistics – Network/security architect for Health and Human Services mymedicare.gov website
  • 4. 20/20 TECHNICAL ADVISORS Come see us next year at NENA in Indy! – Infrastructure • Architecture design • Voice/data networks • Servers – Security • Architecture design • Program design • Audit/testing – IT Strategy planning – IT Management • Indianapolis, IN Based Technology Consultancy Firm
  • 5. 20/20 TECHNICAL ADVISORS • Currently working in an advisory roll on a state 9-1-1 network – Network management – Invoice management – Telecom expense management – 9-1-1 fee management • Inventory of the state 9-1-1 voice/data network – Approximately 12K circuits – Over 100 PSAPs – Over 200 carriers – Circuit IDs, Enhanced / NG / Wireless, Detailed network drawings
  • 6. OVERVIEW • Challenges in security • What are we protecting? – Evaluation of infrastructure and systems – Entry points into public safety systems – Aspects of NG9-1-1 providing a significant security impact over Enhanced 9-1-1 • Who are we guarding against? – Hackers – Who are they? What do they want?
  • 7. OVERVIEW • How do we mitigate? – Building a security program – Utilize NENA NG-SEC standards – Utilize widely used security standards
  • 8. CHALLENGES IN SECURITY • Hackers increased activity – Increase in hacktivism • Technology Changes – New technologies • Next Generation 9-1-1 • Text, VoIP, mobile apps – Cloud based solutions – 3rd party management companies • Employees reduced security awareness – “Point and click” world – Social engineering – Fast paced world
  • 9. CHALLENGES IN SECURITY • Everyday there are more and more threats to the nation’s IT infrastructures • Hackers have a variety of motives • Hackers are getting more advanced with less knowledge • Hacking tools are easier to obtain and use • Funding to install and manage systems are flat or decreasing
  • 10. WHAT ARE WE PROTECTING • Every system evaluated for risk – All existing and new systems must be evaluated • What systems are mission critical? – Voice systems, dispatch systems, network, etc… • What data is sensitive? – Employee data, call recording, email, ALI, etc.. • What systems stand to be targets?
  • 11. WHAT ARE WE PROTECTING – Unpatched systems – Viruses on systems – Untrusted networks • Internet • ESInets • Partner networks • Cloud providers • Entry points to systems and network infrastructures – USB drives – USB ports – Wifi networks – Devices not decommissioned – Unauthorized devices
  • 12. WHAT ARE WE PROTECTING • Examples of dangerous devices – Rubber Duck USB Keyboard – Raspberry PI Micro PC
  • 13. NG9-1-1 VS. ENHANCED • Traditional voice network (TDM) • Point to point communication • ES/EM trunks • Voice over IP(VoIP) /Session Initiation Protocol(SIP) – Internet Protocol(IP) based network communication – Packet based network – ESINet – MPLS Cloud network used – Can be a multi-point network
  • 14.
  • 15.
  • 16. WHO ARE THE THREATS • Can be external or internal attackers • Internal attackers • Disgruntled employees • Sympathizers of a protest group • Financially troubled individuals
  • 17. WHO ARE THE THREATS • Script Kiddies - Not necessarily out to attack 9- 1-1 - Disgruntled employee - Usually hacker starting out / wanting to get noticed - Use code already written - Low tech skillsets but can do lots of damage - Take advantage of improper patching and software deficiencies • Historical Incidents - ILOVEYOU Virus did $7 billion in damage - Melissa virus did $80 million in damage • Catastrophic damage to 9-1-1 - Potential is there - Not a specific target • Patching can mitigate most threats
  • 18. WHO ARE THE THREATS • Hacktivists – Protestors of the 21st century - vigilantes - Motivated by politics or religion - Expose wrong doing - Exacting revenge - Harass for entertainment - Can be large organizations - Many times no central command - Uses social media to coordinate
  • 19. WHO ARE THE THREATS • State sponsored hackers - Countries realize that controlling cyberspace is important - China, North Korea, Russia are all in the news • Cyber Terrorist - Motivated by politics or religion - The most dangerous - Goal is to create fear and chaos, maybe even murder - Very skilled - Maybe state sponsored
  • 20. MOTIVES • Steal data - Publish info about an event – call recordings, radio recordings, logs - Employee information – People involved with an event - Resource data • Look for information dispatchers have for events • Police/EMS staffing and positioning • Incident response plans
  • 21. MOTIVES • Disrupt service - Tie up 9-1-1 call handling - Voice gateways – VoIP - Dispatch software systems - Dispatch networks - Text 9-1-1 - Radio communication gateways • Monitoring target networks for data - Insert themselves into the environment to monitor data - Monitor data traffic - “Sniff” for passwords to systems - Monitor phone calls/private communications - Monitor email to mine information - Information gathering on resources
  • 22. SECURITY MYTHS • Technology is a “silver bullet” for security • Technology is more important than people • Outsourcing puts the responsibility on the outsourcer • IT owns security • “They don’t want us.”
  • 23. HOW TO MITIGATE • Develop Security Program • Developing Security Architecture • We started with: – What do we want to protect? – Evaluation of the risks to those systems? – Who are we trying to keep out of those systems?
  • 24. SECURITY PROGRAM • Involve all levels of the organization – Any agency that has oversight – Executive management – Operations management – IT management – IT technical staff – Key staff members – Trainers – Outside technology partners
  • 25.
  • 26. SECURITY PROGRAM • Planning – Standards – Policies – Architectures – Guidelines
  • 27. POLICY EXAMPLES • Senior management policies - Explains sr. management’s expectations and goal - Identifies who is responsible for security • Functional Policies • Acceptable use • Password • Data protection • Wireless • Physical • Remote Access • Inventory • Change control • Incident Response
  • 28. STANDARDS EXAMPLES • Hardware / software manufacturers • Global architecture requirements • Service vendors • Device standards • Naming conventions
  • 29. SECURITY PROGRAM • Policy Implementation/Enforceme nt – Train users – Implement architectures – Document as built configurations – Testing security on systems • Before, during and after implementation
  • 30. SECURITY PROGRAM • Monitor & Manage – Monitor environment – Monitor tools – Audit – Penetration Testing – Manage changes through policy • Document changes • Notification of changes
  • 31. SECURITY PROGRAM • Intrusion / Threat Detection – Detect event – Initiate Incident Response
  • 32. SECURITY PROGRAM • Threat/Risk Assessment – Determine risk – Determine course of action – Mitigate risk
  • 33. SECURITY PROGRAM • Security Policy Create/Update – Adjust corresponding policies – Obtain approval of adjusted policies
  • 34. SECURITY PROGRAM • Training – Notify staff of changes in policy – Training classes – Online tutorials – Memos – Update training records
  • 35. SECURITY PROGRAM • Then the cycle starts again • Security is a continual process and never stops • New system procurement – That system must be put through the program at the planning stage – Security must be tested throughout the implementation of new or updated system – The system should be security tested before allowed to go live
  • 36. SECURITY REFERENCES • NENA NG-SEC Document – www.nena.org • ISECOM – Open Source Security Testing Methodology Manual (OSSTMM) – www.isecom.org • SANS – www.sans.org • NIST – www.nist.gov • Defense Information Systems Agency - www.disa.mil
  • 37. SUMMARY • The security climate for any organization will continually change • Build a budget for security in everything you do • Hackers are more active • Changes in your technology are adding more entry points for attackers into your environment • PATCH YOUR SYSTEMS REGULARLY • Implement or review your Security Policy • Remember the security cycle never stops • Involved everyone / train everyone • Enlist help from trusted partners