Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jim Lockard, ENP Brian Knueppel C. A. Patrick Voigt, ENP

Published byElmer Luke Marshall Modified over 7 years ago

Similar presentations

Presentation on theme: "Jim Lockard, ENP Brian Knueppel C. A. Patrick Voigt, ENP"— Presentation transcript:

1

2 Jim Lockard, ENP Brian Knueppel C. A. Patrick Voigt, ENP
Cybersecurity & Resiliency in Core Services & the NG9-1-1 PSAP & Network Jim Lockard, ENP Brian Knueppel C. A. Patrick Voigt, ENP

3 Introduction Overview of NG9-1-1 and Security Cyber security landscape
Risk management Threats and Vulnerabilities Penetration testing Operations Considerations

4 9-1-1 9-1-1”Gotchas” 240M 9-1-1 calls annually 6,000 PSAPs
18,700 Law Enforcement Agencies 2,900 Fire Departments 12,200 Emergency Medical Agencies

5 How secure are you? What’s wrong with this picture?
What level of security is being offered? The gate is locked, properly installed and configured to do what it is supposed to…… But….

6 Axioms to keep in mind Security and complexity are often inversely proportional Security and usability are often inversely proportional Good security now is better than perfect security never A false sense of security is worse than a true sense of security Your security is only as strong as your weakest link It is best to concentrate on known, probable threats Security is an investment, not an expense

7 NG9-1-1 NG9-1-1 is comprised of an interconnected framework of hardware, software, data, operational policies and procedures. ESInets IP Standards Data Human Processes SECURITY

8 NG9-1-1 Ecosystem / Simplified
Data CAD SOP Mapping GIS CSP Networks (TDM) CSP Networks (IP) Extended Emergency Networks Radio Networks PSAP Networks NG Core Services

9

10

11 What kinds of threats can happen?
SOURCE: The 2014 Cyber Security Intelligence Index by IBM 

12 Where are we headed? Today Future
Common user trust level (and clearances) across the system environment User trust level by transaction Privileges gained by access to rudimentary roles Privilege assigned to user/DEVICE based upon operational role that can be changed Information "authority" determines required level of protection for the most sensitive information Information "authority" determines the required level of end-to-end protection required to information Manual reviews for releasing information Automated mechanisms allow information to be shared "released" when users/devices have proper privileges Manual analysis of procedures to determine connections

13 Who is against us Espionage and Sabotage Disasters and accidents
Passive intercept attacks Malicious outsider attacks Insider attacks Hardware / Software distribution attacks

14 Threat Vectors Source Intentional Natural Unintentional Outsider
Poorly trained staff Accidents Fires Floods Power Etc Outsider Insider Foreign intelligence hacks Terrorists Criminals Corporate raiders Hackers Disgruntled Employee Service providers Contractors Poor SOP’s

15 NG9-1-1 Security, ESInet Design
SIP & apps Operating systems Support services Network protocols Physical Policies & Procedures Risk Attack, overload, outages Intrusion Privacy Internal threats Follow standards Enryption TLS, SRTP How to Design Encrypt Detect Prepare

16 Points of attack Interfaces Routers Functional Elements Protocols

17 Complex stuff Basic call flow example from NENA 08-003v2
Perform extensive tests or calls will fail One weak stick breaks it down What about deployment?

18 Industry Collaboration Event (ICE)
Value of ICE IP Multimedia around for years new to 9-1-1 Solidifying NG9-1-1 starts here

19 Some additional considerations
Internet of Things (IoT) Applications FirstNet Complexity

20 Suspicion and Bad Actor
Do we take calls from the bad guys? INVITE SIP/2.0 Via: SIP/2.0/TCP host:5060;branch=z9hG4bKk1u8v200do10fl0ij7u1.1;NENA-CallSuspicion=100 From: " " To: User-Agent: friendly-scanner Call-Info: urn:nena:uid:incidentid:CXC257631acb Z:ibcf.charlotte.nc.us;purpose=nena-IncidentId x-NENA-CallSuspicion: 100 SIP/ Your call is suspicious and has been rejected From: " " To: Via: SIP/2.0/TCP host:5060;branch=z9hG4bK74fmbc1048n03och1020.1;NENA-CallSuspicion=100

21 Hacking is easy and fun Search:

22 Penetration Testing Very few do this You should do it State XX did it
Here is how you do it Understanding the results

23 Operations You ‘will’ be attacked
Biggest failures were when there was failure to cover the basics Patch/security updates Access controls Default credentials User authorization levels Constantly evolving risk Not One Size Fits All. Everyone is different Security is mindset not just a checklist NIST, DHS, and NENA

24 Operations – How to Encrypt vs not Authentication
Pros Additional security Cons Troubleshooting Where to employ? Authentication What will be attacked By whom

25 Questions/Collaboration
Ecosystem New apps/connectivity Lifecycle Testing Policy

Download ppt "Jim Lockard, ENP Brian Knueppel C. A. Patrick Voigt, ENP"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
NENA Development Conference | October 2014 | Orlando, Florida Local PSAP IP Network Infrastructure and NG9-1-1 Michael Smith, DSS Nate Wilcox, Emergicom.

NENA Development Conference | October 2014 | Orlando, Florida Local PSAP IP Network Infrastructure and NG9-1-1 Michael Smith, DSS Nate Wilcox, Emergicom.
What Makes It Work? A Panel Discussion on Next Generation 9-1-1

What Makes It Work? A Panel Discussion on Next Generation 9-1-1
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google