Your Guide to Securing NG911

The arrival of Next Generation 911 (NG911) -- systems which operate on an Internet Protocol -- will allow for interconnection on a range of public and private wireless networks, including the internet.

Traditional 911 capabilities will be augmented by NG911, opening them up to accept more media formats. These traditional 911 systems operate over telephone lines and closed, internal networks. This limits the types of information that PSAPs can accept and process.

NG911 infrastructure, on the other hand, operate on an Internet Protocol platform which enables interconnectivity across a range of public and private networks. This allows PSAPs to receive mixed media including text, photos, voice, and video.

The National Emergency Number Association, or NENA, has a project working towards replacing traditional 911 systems to a next generation, IP-based infrastructure. Some of the capabilities they are aiming to accomplish are:

• Technical development 
• PSAP operations development 
• NG911 system operations development 
• Policy change needs and methods development (NG Partner Program [NGPP])
• Transition plan development
• Education Steering Committee 
• Interoperability testing (Industry Collaboration Events [ICE]).

Let’s dive into some of the technical advantages of a next-generation IP-based emergency services infrastructure.

1. Standardization of interfaces combines call and message services from emergencies
   
   
2. Multimedia including, voice, text, photos, and videos can be processed
   
   
3. Emergency call data that is useful for call routing and handling is integrated
   
   
4. Emergency calls, messages, and data are delivered to the right PSAP (and other entities)
   
   
5. Coordinated response and management is better supported by delivering both data and communication needs
   
   
6. PSAPs and other first responder entities have broadband (faster)

Faster, resilient, connected and more expansive, an internet protocol based infrastructure enables a better experience and likely outcome for call-takers and citizens alike.

NENA has defined 3 building blocks of NG911 systems, also known as the i3 architecture. While the building blocks are not formally accredited nor required, these standards help to ensure stability across PSAPs and other entities.

The i3 structure defines NG911 functions. The 3 functions or building blocks are:

1. Emergency Services IP Networks (ESInets)
   • ESInets are the heart of NG911 systems. They enable voice and multimedia like texts to be delivered to PSAPs through broadband networks. The managed and engineered IP networks provide a faster, more resilient, more capable system that even allows for linked communications across state and local governments.
2. Applications and Database

   • A mix of internal and external databases support its services.

   • Internal Databases
     • Validate and route data
     • Record call details
     • Enforce policy and business rules
   • External Databases
     • Location data
     • Government records
     • Law enforcement records
     • Healthcare information
     • Infrastructure data
3. Standards and Security
   • The Association of Public-Safety Communications Officials (APCO)
   • The Alliance for Telecommunicatioons Industry Solutions (ATIS)
   • The Internet Engineering Task Force (IETF)

Each building block adds specific features and functions to the i3 architecture. This architecture, if adopted by all, provides interoperability. With this, PSAPs can serve as backups to one another. So if one PSAP experiences an emergency outing (although diverse routing should be in place), another PSAP would be able to step in and serve emergency callers. Barriers to adopting this system appear to be from lack of funding, however, grant money has been allocated across the nation to help institute these systems.

The National Infrastructure and Protection Plan of 2009, later revised in 2013, defined Cyber Infrastructure as:

“…electronic information and communication systems, and the information contained in these systems…Information and communications systems are composed of hardware and software that process, store, and communicate data of all types. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic and all other media types. Communications include sharing and distribution of information.”

If we apply that definition to NG911 systems, cyber infrastructure would include:

• IP-based networks
• Assets
• Databases
• Services

More specifically:

• Assets from ESInets
• Service provider networks and applications
• Government applications and services
• Dispatch systems and components

Since both IT and communications systems have converged, it is important to look at them holistically in order to better combat risks.

The interconnectivity of NG911 is enhancing emergency response capabilities. However, this new interconnectivity also expands worries of cyber risks and opens NG911 systems to new potential attack vectors. While the rewards far outweigh the risks, it's critical that PSAPs understand and proactively manage risks to ensure full functionality of our emergency response systems. 

NG911: Rewards

• Facilitates the reception of data from the public over an array of networks.
• Facilitates the transmission of new and diverse media formats including video, photo, voice, and text.
• Enhances situational awareness for dispatchers and first responders.
• Enhances location data.
• Enables more effective emergency responses. 
• Enables data sharing between PSAPs.
• Supports virtual PSAPs for survivability.

NG911: Risks

• Needs to have standardized identity management and credentialing across systems.
• Potential cyber attacks could escalate fast and spread across systems.
• Increases the surface area for potential attacks to occur.

A cybersecurity risk occurs when a threat exploits a vulnerability that results in a negative event and negative consequences for the network. To do begin assessing your risks, it's handy to use the following formula:

A+T+V=R

Let A = the asset you're protecting. Assets could be people, property (both tangible and intangible), or information.

Let T = the threat you're defending against. A threat is anything that can exploit a vulnerability, weather malicious or accidental.

Let V = the vulnerability in your system. A vulnerability is any weakness or hole that can be exploited by a threat.

Let R = your risk. Your risk is the sum of your assets, threats, and vulnerabilities.

You may have a threat against your assets but if you have minimal vulnerabilities then your risk will be low. Similarly, you may have vulnerabilities in your system but if there are no threats that exploit your vulnerabilities then your risk will be low. However, if your defending a high-value asset then your risk will be higher by default, all other variables being the same.

The emergency response realm, in particular, is severely impacted by the loss of confidentiality, integrity, or availability. Imagine the loss of confidentiality in an NG911 environment. Identity thieves would have a field day with the information at their disposal. Ongoing police investigations would be disrupted. Losing integrity would see 9-1-1 calls and responses disrupted. Loss of availability would see urgent requests failing to reach PSAPs.

Risks to NG911 Components

The risks listed above hold severe potential impacts that range from work disruptions for affected network users, to financial losses from unauthorized use of data and the cost of resolution, to the loss of life or property from inadequate or unavailable emergency response operations.