Jim Lockard, ENP Brian Knueppel C. A. Patrick Voigt, ENP

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

NENA Development Conference | October 2014 | Orlando, Florida Local PSAP IP Network Infrastructure and NG9-1-1 Michael Smith, DSS Nate Wilcox, Emergicom.
What Makes It Work? A Panel Discussion on Next Generation 9-1-1
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lecture 11 Reliability and Security in IT infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE , Fall Security Strategies.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Application Threat Modeling Workshop
Norman SecureSurf Protect your users when surfing the Internet.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
OSP201 Security and complexity are often inversely proportional. Security and usability are often inversely proportional. Security is an investment,
Prepared by: Dinesh Bajracharya Nepal Security and Control.
NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.
Appendix C: Designing an Operations Framework to Manage Security.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Scott Charney Cybercrime and Risk Management PwC.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
Computer Security By Duncan Hall.
Demystifying Next Generation (The elephant in the room.)
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
IS3220 Information Technology Infrastructure Security
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.
Onsite CRM Security
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
3 Do you monitor for unauthorized intrusion activity?
Security Of Information Systems
Internal Security Threats
Cybersecurity - What’s Next? June 2017
Design for Security Pepper.
Lessons Learned in Managing IT Risk
A Thread Relevant to all Levels of the EA Cube
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Joe, Larry, Josh, Susan, Mary, & Ken
Security in Networking
Unit 7 – Organisational Systems Security
IS4680 Security Auditing for Compliance
Firewalls Routers, Switches, Hubs VPNs
CRITICAL INFRASTRUCTURE CYBERSECURITY
Mohammad Alauthman Computer Security Mohammad Alauthman
In the attack index…what number is your Company?
MicroToken Exchange Data Security Solutions
Presentation transcript:

Jim Lockard, ENP Brian Knueppel C. A. Patrick Voigt, ENP Cybersecurity & Resiliency in Core Services & the NG9-1-1 PSAP & Network Jim Lockard, ENP Brian Knueppel C. A. Patrick Voigt, ENP

Introduction Overview of NG9-1-1 and Security Cyber security landscape Risk management Threats and Vulnerabilities Penetration testing Operations Considerations

9-1-1 9-1-1”Gotchas” 240M 9-1-1 calls annually 6,000 PSAPs 18,700 Law Enforcement Agencies 2,900 Fire Departments 12,200 Emergency Medical Agencies

How secure are you? What’s wrong with this picture? What level of security is being offered? The gate is locked, properly installed and configured to do what it is supposed to…… But….

Axioms to keep in mind Security and complexity are often inversely proportional Security and usability are often inversely proportional Good security now is better than perfect security never A false sense of security is worse than a true sense of security Your security is only as strong as your weakest link It is best to concentrate on known, probable threats Security is an investment, not an expense

NG9-1-1 NG9-1-1 is comprised of an interconnected framework of hardware, software, data, operational policies and procedures. ESInets IP Standards Data Human Processes SECURITY

NG9-1-1 Ecosystem / Simplified Data CAD SOP Mapping GIS CSP Networks (TDM) CSP Networks (IP) Extended Emergency Networks Radio Networks PSAP Networks NG Core Services

What kinds of threats can happen? SOURCE: The 2014 Cyber Security Intelligence Index by IBM 

Where are we headed? Today Future Common user trust level (and clearances) across the system environment User trust level by transaction Privileges gained by access to rudimentary roles Privilege assigned to user/DEVICE based upon operational role that can be changed Information "authority" determines required level of protection for the most sensitive information Information "authority" determines the required level of end-to-end protection required to information Manual reviews for releasing information Automated mechanisms allow information to be shared "released" when users/devices have proper privileges Manual analysis of procedures to determine connections

Who is against us Espionage and Sabotage Disasters and accidents Passive intercept attacks Malicious outsider attacks Insider attacks Hardware / Software distribution attacks

Threat Vectors Source Intentional Natural Unintentional Outsider Poorly trained staff Accidents Fires Floods Power Etc Outsider Insider Foreign intelligence hacks Terrorists Criminals Corporate raiders Hackers Disgruntled Employee Service providers Contractors Poor SOP’s

NG9-1-1 Security, ESInet Design SIP & apps Operating systems Support services Network protocols Physical Policies & Procedures Risk Attack, overload, outages Intrusion Privacy Internal threats Follow standards Enryption TLS, SRTP How to Design Encrypt Detect Prepare

Points of attack Interfaces Routers Functional Elements Protocols

Complex stuff Basic call flow example from NENA 08-003v2 Perform extensive tests or calls will fail One weak stick breaks it down What about deployment?

Industry Collaboration Event (ICE) Value of ICE IP Multimedia around for years new to 9-1-1 Solidifying NG9-1-1 starts here

Some additional considerations Internet of Things (IoT) Applications FirstNet Complexity

Suspicion and Bad Actor Do we take calls from the bad guys? INVITE sip:911@host:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP host:5060;branch=z9hG4bKk1u8v200do10fl0ij7u1.1;NENA-CallSuspicion=100 From: "3145551212" <sip:3145551212@host;transport=udp>;tag=SDnj5j101-2728010a-13c4-4dceadbd-29a568-740ea291 To: <sip:911@host;transport=udp> User-Agent: friendly-scanner Call-Info: urn:nena:uid:incidentid:CXC257631acb70270515162805566Z:ibcf.charlotte.nc.us;purpose=nena-IncidentId x-NENA-CallSuspicion: 100 SIP/2.0 600 Your call is suspicious and has been rejected From: "3145551212" <sip:3145551212@172.17.1.62;transport=udp>;tag=SDiu0eb01-2728010a-13c4-4dcf3f4d-2623fec-26287d21 To: <sip:911@host;transport=udp>;tag=3f0111ac-13c4-53757cd3-22b6252-7710c623 Via: SIP/2.0/TCP host:5060;branch=z9hG4bK74fmbc1048n03och1020.1;NENA-CallSuspicion=100

Hacking is easy and fun Search: https://video.search.yahoo.com/search/video?fr=yfp-t&p=how+to+hack+sip+network#id=3&vid=2fa852ec2dc170eb8ad0bce744fc9c39&action=click

Penetration Testing Very few do this You should do it State XX did it Here is how you do it Understanding the results

Operations You ‘will’ be attacked Biggest failures were when there was failure to cover the basics Patch/security updates Access controls Default credentials User authorization levels Constantly evolving risk Not One Size Fits All. Everyone is different Security is mindset not just a checklist NIST, DHS, and NENA

Operations – How to Encrypt vs not Authentication Pros Additional security Cons Troubleshooting Where to employ? Authentication What will be attacked By whom

Questions/Collaboration Ecosystem New apps/connectivity Lifecycle Testing Policy

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.