Consider for a moment how much we rely on information – is anything more important? How about accurate information? What would happen if the information being provided could not be trusted? How big of an impact could it have on the mission of those entrusted with public safety?
There is an urgent need for a solid cybersecurity program in the field of emergency management. In this context, cybersecurity is "…the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In the computing context, the term 'security' implies cybersecurity" (What is cybersecurity?, n.d.). To clarify – cybersecurity is not information technology.
Recent history has documented the capability of malicious software (malware) develop in complexity to the point where organizations cannot rely singularly on simple security software packages to protect information systems. While it's true that there is a myriad of malware that may be found on most any network using those commercial solutions, not all malware is the same. One quick example is the surge in ransomware, which has become more sophisticated in recent years as the criminals employing this malware target specific individuals (Incidents of Ransomware on the Rise, 2016).
While ransomware can be problematic and has hit close to home here in Texas, the ability to compromise systems seemingly at-will should rank high on anyone's list of issues that would, to say the least, make for a very bad day. Trust in information systems and their accuracy has come into question bit by bit (no technological pun intended) as more incidents begin to highlight the need for cybersecurity awareness. Consider the following:
The two examples above are simple enough, but the impact on the general public or emergency responders answering the call for help could be devastating. Moreover, the aforementioned issues are not limited to devices that are accessible to the general public.
Medical services, which are common in many emergency situations, face challenges that have yet to be adequately addressed. Take, for instance, the recent ransomware incident experienced by Hollywood Presbyterian Hospital, during which they could not use electronic medical records and were forced to revert to the use of pen and paper – not to mention the challenge of referencing patient information. Having to switch processes for retrieving, recording, and disseminating information during key times of an emergency is not only less than optimal, it is life threatening. Delays in treatment, diagnosis, and accuracy of information are but few areas that could be of concern.
As recently as March 2017, concerns over the growing exposure of medical devices to cyber threats have been raised due to a lack of security built into many of those devices.
Disruptions in medical processes, procedures, medicine delivery, and many other issues will hopefully be seen as areas where improved cyber security awareness and training is warranted.
Many reading this might remember how Dallas, TX, made national news in April 2017 after a hacker caused all 156 of Dallas' emergency sirens to sound off at about 1:26 a.m. on a Saturday morning.
What may seem like a prank can have serious consequences down the line. One could imagine how Dallas area residents may now wonder about the reliability of the warning the next time the sirens are activated – imagine the confusion and unneeded flood of phone calls to 911 call centers. The time to combat cyber-related threats and cyberattacks is before they do damage. Depending on the system(s) impacted, the cost to public safety could have local, regional, and statewide implications.
CISSP, NSA/CNSS Security, CCNP, CIW SA, MCSE/MCSA
Cybersecurity Officer | Information System Security Manager
Information Technology Division - Cyber Security
Texas Department of Public Safety
Burgess, M. (2017, July 13). Six million Verizon accounts exposed after cloud server security flaw.
Retrieved July 13, 2017, from http://www.wired.co.uk/article/hacks-data-breaches-2017
Incidents of Ransomware on the Rise. (2016, April 29). Retrieved June 1, 2017, from
Rosenberg, E., & Salam, M. (2017, April 08). Hacking Attack Woke Up Dallas With Emergency Sirens,
Officials Say. Retrieved June 1, 2017, from https://www.nytimes.com/2017/04/08/us/dallas-
What is cybersecurity? - Definition from WhatIs.com. (n.d.). Retrieved June 1, 2017, from