The Next Generation 911 – Threat to Confidentiality
From the basic 911 routing solution that was introduced in 1968, the world has emerged in to more advanced and sophisticated emergency contactable mechanisms. From E911, wireless 911, VoIP 911 to next generation 911 (NG911). The evolution of advancements has been by using the system to operate on an Internet platform (IP). The NG911 carries many advantages along with its usage to carry voice, texts, pictures and video. A major drawback answered from the new system is that there is an increased level of accuracy. The platform used by the NG911 mechanism allows to maintain a database of locations that narrows down the location, for an example from a building to a specific room.
As stated by the FCC, “a one-minute decrease in ambulance response times the 90 – day mortality rate of patients by 17 percent (Federal Communications Commission Washington, D.C 20554). There are variety of applications and databases used to store and route data from to operate the NG911.“One of the fundamental purposes for which Congress created the Federal Communications Commission is to promote safety of life and property through the use of wire and radio communications.”(911 Governance and Accountability,2015, ‘Improving 911 Reliability’).
However, servicing in the cyber space brings in a cybersecurity threat. “Cyber environment includes users, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks (ITU, 2008).”.
Many threats to confidentiality can arise on this platform. Threats can be defined as any mechanism that comprises of the potential to harm the existing system. There can be intentional and unintentional threats. Since the public safety answering points (PSAPs) are connected towards the IP platform, it leaves the system open to cyberattacks. The NG911 system are open ended and are interconnected.
The threats to confidentiality on this platform can be received in many forms such as, ransomware attacks where software are used to block the regular operation, denial of service attacks (DoS) is when the hackers take unauthorized access to overload the system which leads it to malfunction, telephone denial of service attacks (TDoS) and unauthorized network access. There are also possibilities for man – in – the – middle attacks where they can download the code to maliciously amend it for any other usage. Examples of few such situations are;
In April 2014, A coding error at a Colorado based 991 call routing lead to a loss of the 911 service to more than 11 million states. (911 Governance and Accountability,2015‘Improving 911 Reliability’ ). In August 2017, hackers attempting to gain access to Schuyler county 91 dispatch center. In March 2018 there was a ransomware attack at Baltimore’s computer aided dispatch (CAD).
Understanding these possible threats which the hackers use to make the NG911 system vulnerable is crucial. To proceed with a secured channel, the three attributes required are called as the C-I-A Triad. Which comprises of confidentiality, integrity and availability (ISO, 2005). Ensuring that all IP based systems are secured and the software updates are managed while controlling them properly is important. Also, establishing a standard operating procedure (SOP) will be helpful in mitigating the confidentiality threats.
Sources
https://www.bandwidth.com/resources/next-gen-911-vs-e911/
www.fcc.gov.
https://www.nokia.com/blog/base-dependable-ng9-1-1-calls-resilient-esinet/
https://www.dhs.gov/sites/default/files/publications/safecom-ncswic_cyber_risks_to_ng911_11.13.19_-_final_508c.pdf
http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf.