The DHS's Emergency Services Sector Coordinating Council held its first summit Wednesday in Denver, Colo.
Attendees met to learn about issues affecting the sector, the resources it provides, and to gain insight into the roles of federal, state, and local agencies and departments involved in sector security.
This year's topics included:
*Cybersecurity Threats and Initiatives
*DHS Active Shooter Resource Materials
*Lessons Learned from Natural Disasters
*New Initiatives in the Emergency Services Sector
The session on Cyber Risk in the Emergency Services Sector featured a panel of public safety personnel discussing their involvement in identifying and addressing current and emerging technological threats to response agencies.
These threats run the gamut from hacking and viruses, to congestion on cell phone networks, to copper thefts affecting critical infrastructure, spoofing, jamming, employees copying data onto personal computing devices, and more.
The panel included Mark Hogan, City of Tulsa Chief of Security; Jason Gates and Pete Kirby, DHS NCSD; Peter Jensen, Ventura County Fire; Phil Raum, Montgomery County; and George Perera, Miami-Dade Police.
The panel ran through seven specific scenarios of concern, some of which have been experienced in their jurisdictions to some degree:
1. A natural disaster causes the loss of 911 capabilities
2. Lack of availability of sector database causes disruption of mission capability
3. Compromised sector database causes corruption or loss of confidentiality of critical information
4. Public alerting and warning system disseminates inaccurate information
5. Loss of communications lines results in disrupted communications capabilities
6. Closed-circuit television jamming/blocking results in disrupted surveillance capabilities
7. Overloaded communications network results in denial of service conditions for public safety and emergency services networks
The panel noted that initiatives in the emergency services are inadvertently creating new cyber risk, such as:
Next Generation 911, which will permit access points for voice, data and video on public telephone networks, therein introduces the potential for threats; the Nationwide Public Safety Broadband Network, which will interface with commercial networks, therefore creates openings never faced before on private networks; and cloud computing.
Cloud computing became the hot topic of the Q&A session, with Perera answering, "I'm very, very much afraid of it."
However as Raum noted, "In some cases, Cloud may be safer than where data is currently stored."
The main issues that remain to be studied with cloud computing involve control -- such as who will be in charge of maintaining your service and how reliable will it be, and which clients will get priority if the system is overloaded.
Another risk would be the server intentionally being turned against public safety.
"I think it's too new . . . and I would be very wary to move any of my information into a cloud unless it's government owned," Perera warned.
The panel also discussed solutions on managing cyber risk, "so systems don't have to re-learn mistakes made by others," as Jensen put it.
The Cybersecurity Assessment and Risk Management Approach (CARMA) is a risk-management strategy focusing on critical infrastructure.