• As the Principal Investigator (PI), conducted a macro level cybersecurity assessment of legacy/NG911 Public Safety Answering Point (PSAP) & legacy/NG911 PSAP technical architecture.
• Created the “PSAP Profile” as a curated set of cybersecurity controls based on NIST SP800-53A and aligned the PSAP profile with the Cyber Security Framework (CSF),
• Supported the implementation of the PSAP Profile in DHS funded Cyber Secure Dashboard (CSD) tool.
• Following a consultative assessment methodology, conducted Pilot assessments of PSAPs using the PSAPProfile, to develop the risk profile of PSAPs across the country and document their cybersecurity posture.
• Published an updated PSAP Profile for cybersecurity interoperability of NG911 PSAPs
Through a joint effort between CIRI, University of Illinois, DHS Science & Technology, and CISA Offices, KC led a comprehensive research project to identify and develop best practice solutions around improving the cybersecurity posture of the U.S 9-1-1 Critical Infrastructure Emergency Communications System.
The national 911 system is an essential part of the critical infrastructure of the United States. It is intertwined to our national security fabric and offers reach and comfort of emergency public and medical security and safety to all. DHS recognizes the 9-1-1 Public Safety Answering Points (PSAP) as part of the nation’s critical functions of its Critical Infrastructure, and one that is to be protected from cyber-attacks.
The core objective of this requirement was to enhance the security and resilience of the nation’s 9-1-1 system. KC led the advancement of this important initiative first through a cyber security assessment of the of the nation’s 9-1-1 PSAPs, especially as the nation transitioned from an analog based 9-1-1 system to the next generation digital and IP-based connected 9-1-1 system. All PSAPs were placed on a spectrum from legacy to next-generation 9-1-1 (NG911) systems. Legacy systems refer to an old style of telephone system that many users likely think of when they picture an emergency call center. On the other end of the spectrum are NG911 centers, which are working to integrate text and video into emergency communications. Through this KC led research initiative, the NIST CSF and SP 800-53A based PSAP Profile was developed to assess the cybersecurity posture of the PSAPs/9-1-1 systems.
A hack into the PSAP system could take down the emergency network altogether or send false information to the public or emergency responders. While an attack affecting the call system could be devastating, the cybersecurity framework developed by the CIRI team would also need to cover the internal and external communications of employees to make sure a hacker couldn’t break into the computer network. Telephone Denial-Of-Service (TDOS) attacks on the legacy 9-1-1 system have already occurred. This attack vector came in via wireless networks, channeled via a social media and internet sites; proving that the existing legacy system is vulnerable, and cyber-risk is real, and present. Ransomware has also been used extensively against public safety networks.
CISA Emergency Communications Division (ECD) and the Emergency Public Safety Sector, and more specifically, PSAPs across the nation are intended to be the primary beneficiaries of this project.
While transitioning to NG911 is a primary goal, currently no PSAPs across the country have completely reached this milestone. Most 9-1-1 centers are currently operating under a "hybrid" model, somewhere between legacy and NG911. KC and our research partners are actively working to complete this systems transition process and (over time) will have updates to this report to share progress.
Proposed criteria for categorizing and developing a curated “PSAP Profile”, using the NIST SP 800-53A controls and Cyber Security Framework (CSF) to measure and track the cybersecurity posture of PSAPs.
Conducted consultative PSAP profile based “pilot” assessments of PSAPs.
As the PSAP threat landscape rapidly changes so does the urgency to secure and improve this critical infrastructure. This project addresses the Goals and Objectives identified in the CISA Strategic Intent document (published in August 2019) by proposing to enhance the current and ongoing security and resilience of the PSAP ecosystem.
Phase 1 research of PSAPs completed and final report published.
PSAP Profile published and approved by CIRI/CISA/DHS S&T.
PSAP profile implemented in the Cybersecure Dashboard tool.
PSAP Profile based “Pilot” assessments completed.
Phase 2, further research to understand the unique requirements of PSAPs migrating to NG911 completed.
Take a look at what KC is doing to contribute to global cyber security, agile software development and cloud services.
Felix Martin, 571 435 7632 fmartin@karthikconsulting.com
CAGE: 56GH3
DUNS: 828199880 UEI: FGNNM7KNUPF6
GSA MAS
GSA OASIS Pool 1 and 3
NIH CIO-SP3 8(a) & SB
GSA STARS III 8(a)
Air Force SBEAS
Army RS3
Navy Seaport-NexGen
FAA eFAST