https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Public Safety


Article

Five steps to NG-911 protection

Five steps to NG-911 protection

Network, equipment and data security are the keys.
  • Written by Lori J. Kleckner
  • 29th January 2013

Because next-generation 911 (NG-911) requires moving from a closed analog environment to an interconnected Internet Protocol (IP) network environment, security must increase to a level that protects networks, equipment and data. The steps along the path to secure NG-911 environments are addressed in the National Emergency Number Association (NENA) Next Generation Security (NG-SEC) standard. Although other standards could be used — such as the National Institute of Standards and Technology (NIST) Special Publication 800-53, or the Criminal Justice Information Services (CJIS) Security Policy version 5.0 — NENA’s NG-SEC is stated in terms written specifically for the NG-911 environment.

It is important to note that the CJIS Security Policy is a mandate for systems processing criminal justice information. It also is an excellent resource to secure the remainder of the network.

Whether ultimately choosing to use NENA, NIST, CJIS or another security standard, typically they call for:

  • Planning
  • Policies
  • Training
  • Monitoring
  • Auditing

Moving from a traditional telephony Centralized Automatic Message Accounting (CAMA) environment to an Emergency Services Internet Network (ESInet) with full IP connectivity is a major change. For example, phone “phreaks” (analog hackers) are replaced with distributed denial-of-service attacks and techno-savvy hackers seeking to gain much more than free long-distance service. Also, there was a time when the exact location of a caller was known because it was the same as their telephone billing address. Today, GPS coordinates are used to locate a growing majority of callers.

What do we need to do today to keep pace with these changes requiring IP connections? Buy new equipment and software, and hope for the best? The first is true but we can do more than hope; we can plan.

The essential elements of the planning stage are described in five steps:

Step 1: Security

Decide the best means to address security in the environment. What are the requirements and mandates? Who is responsible for the overall security? Articulate a security plan that establishes the vision and tone for securing the network. This is a formal document announcing the security framework, and further instructions exist (or will exist) in the form of policies and procedures.

Assess — Know the environment, including all call-taker workstations, servers, printers (check the environment because it might have an IP address), wireless access, radios, service providers, ANI/ALI databases and GIS databases. Inventory everything and everybody who touches the network, whether directly or through another system. List current policies and procedures. Determine what already is in place.

Compliance Roadmap — Now that you know what the environment has, compare it to the requirements of the chosen security standard. Note the requirements that are not in place. The differences represent the gaps. Each of the missing requirements on the gap analysis needs a remediation plan. This may take the form of a compliance roadmap, which is a list of activities that will bring the network into compliance with the chosen standard.

A compliance plan should include a rough order-of-magnitude estimate of the costs associated with activities, as well as a timeline for completion. The timeline demonstrates the opportunity to distribute costs and the workload over five years (more or less as time and funds permit). If the IP network connectivity will be established soon, consider compressing the timeline and choosing the activities that can be accomplished quickly, or those that offer the most security. Mitigation strategies should be put in place to provide a viable plan to correct the remaining gaps and achieve complete security compliance.

Now let’s examine the remaining steps for implementing an NG-911 security standard.

Step 2: Policies

Much thought, planning and enormous amounts of coordination are needed prior to arriving at the point where policies can be written. Policies are used to communicate the expectations and appropriate behavior on the network.

During the planning stage, regulatory, legislative and administrative documents that impact the environment are identified. When authoring policies, it is important to involve entities that have a stake in the network and, specifically, the security of the network. From governing authorities to other agencies on the network, each may provide rules for network connectivity and information sharing. Your agency’s security standards may differ. Always choose the most secure requirements. Do not permit access to the network unless the requestor honors your agency’s security standards while connected to the network.

Procedures are instructions to use when performing a task — e.g., configuring a workstation. Documenting procedures allows tasks to be conducted consistently, avoiding security issues caused by conflicting methodologies. It also is helpful to provide a change-management procedure to coordinate changes to installations, upgrades and other activities that potentially could impact network security.

Step 3: Train

There is a lot of new information for employees to assimilate so provide training to help them understand the security plan, policies and procedures. Training also provides a platform to discuss processes and resolve misunderstandings. Technology is dynamic and creates ever-changing security needs. Annual and periodic training is necessary to keep employees informed of changes to security requirements.

Step 4: Monitor

All of this hard work, planning, coordinating and documenting will be for naught if the network isn’t monitored. Systems that are capable of logging information should do so. A systematic approach for reviewing logs and providing reports should be established. High-impact events, such as a virus on the network, should trigger an alarm that immediately notifies personnel to take action. If services are provided by another entity, require reports and establish notification procedures via contracts and service-level agreements.

Step 5: Audit

Audit the network annually. Compare the environment to the chosen security standard. Remember the gap analysis from Step 1? Again, identify security gaps and execute strategies to remain compliant. Use the information gained from audits to update the plan, policies and procedures, if needed. Continue to monitor the environment to assure that security measures are providing the expected outcome. Security requires persistent commitment.

This article merely touches on the basics. Firewalls, intrusion detection and prevention systems, authorized access (physical and cyber), passwords and encryption are a few of the many other security considerations.

Security compliance is complex. It requires perpetual planning and coordination, but it is a necessity. From agencies that find their personnel information posted on a hacker’s website to networks that are unable to provide service due to a denial-of-service attack, these are real world events that can be prevented — in five steps.

Lori J. Kleckner is a cybersecurity consultant for L.R. Kimball with extensive experience in collaborating with local, state and national governments. The feature originally appeared in Urgent Communications, an American City & County sister publication.

Tags: Public Safety Smart Cities & Technology Article

Most Recent


  • Amid digitization of public infrastructure, cybersecurity is increasingly a challenge
    The digitization of public infrastructure is a double-edged sword: While technology can streamline workflows and make systems run more efficiently, it’s also vulnerable to digital threats.  “The integration of new technologies into the public transit industry has resulted in improved service offerings to customers. But while these new services provide important information and conveniences to […]
  • security
    Note to cities: Watch out for security gaps and hidden expenses as you acquire new IT systems
    Government purchasers need to be aware of the security concerns new technology can introduce into a network or system, says Jeffrey Jones, a national security and global trade attorney with the firm of Lowenstein Sandler LLP. “State and local governments are soft targets for ransomware actors and cyberattacks because smaller government entities often lack the […]
  • $52B semiconductor investment intended to rejuvenate American manufacturing
    Three decades ago, American manufacturing dominated the semiconductor industry, producing about 40 percent of the global supply annually. But over time, companies shipped business overseas looking to cut costs, and today, the nation produces only 10 percent of all semiconductors. It’s something the Biden Administration is trying to change through CHIPS and Science Act. “There […]
  • Chattanooga, Tenn.
    Capitalizing on hybrid work, these 10 cities are ready to take advantage
    Hybrid work is an accelerating trend that’s becoming the norm as attitudes rapidly change. And amid this nationwide shift to work-from-home setups, local governments are moving quickly to capitalize on the emerging opportunities that come with a workforce that’s not physically tied to any particular office building. For administrators seeking to entice remote workers to […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Preventing cyber-attacks needs to be a priority for local governments
  • Building community and officer wellness through data sharing
  • California city combines advanced technology with dedicated public safety team for comprehensive emergency management
  • 10 tactical modifications for healthier public facilities

White papers


Modern American Perspectives on Law Enforcement

14th July 2022

Reimagine the Employee Experience

12th July 2022

How to Assemble a Rockstar Website Redesign Steering Committee

7th June 2022
view all

Events


PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

Twitter


AmerCityCounty

Here are 12 of America’s most walkable cities with vacancies for renters dlvr.it/SWlBkd

16th August 2022
AmerCityCounty

Amid digitization of public infrastructure, cybersecurity is increasingly a challenge dlvr.it/SWh6Ww

15th August 2022
AmerCityCounty

Note to cities: Watch out for security gaps and hidden expenses as you acquire new IT systems dlvr.it/SWgth1

15th August 2022
AmerCityCounty

When spending federal stimulus dollars, local governments should consider long-term, community impact dlvr.it/SWXJWZ

12th August 2022
AmerCityCounty

In Nevada county, data underpins efforts to address climate change dlvr.it/SWTGHy

11th August 2022
AmerCityCounty

$52B semiconductor investment intended to rejuvenate American manufacturing dlvr.it/SWPqHQ

10th August 2022
AmerCityCounty

How capital improvement project prioritization helps secure infrastructure funding dlvr.it/SWLQB7

9th August 2022
AmerCityCounty

Climate bill lauded; predicted to reduce nation’s carbon foot print by 40% within decade dlvr.it/SWHGQL

8th August 2022

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X