https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources
    • Back
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Subscribe to GovPro
    • Manage GovPro Subscription
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
acc.com

Public Safety


Article

Five steps to NG-911 protection

Five steps to NG-911 protection

Network, equipment and data security are the keys.
  • Written by Lori J. Kleckner
  • 29th January 2013

Because next-generation 911 (NG-911) requires moving from a closed analog environment to an interconnected Internet Protocol (IP) network environment, security must increase to a level that protects networks, equipment and data. The steps along the path to secure NG-911 environments are addressed in the National Emergency Number Association (NENA) Next Generation Security (NG-SEC) standard. Although other standards could be used — such as the National Institute of Standards and Technology (NIST) Special Publication 800-53, or the Criminal Justice Information Services (CJIS) Security Policy version 5.0 — NENA’s NG-SEC is stated in terms written specifically for the NG-911 environment.

It is important to note that the CJIS Security Policy is a mandate for systems processing criminal justice information. It also is an excellent resource to secure the remainder of the network.

Whether ultimately choosing to use NENA, NIST, CJIS or another security standard, typically they call for:

  • Planning
  • Policies
  • Training
  • Monitoring
  • Auditing

Moving from a traditional telephony Centralized Automatic Message Accounting (CAMA) environment to an Emergency Services Internet Network (ESInet) with full IP connectivity is a major change. For example, phone “phreaks” (analog hackers) are replaced with distributed denial-of-service attacks and techno-savvy hackers seeking to gain much more than free long-distance service. Also, there was a time when the exact location of a caller was known because it was the same as their telephone billing address. Today, GPS coordinates are used to locate a growing majority of callers.

What do we need to do today to keep pace with these changes requiring IP connections? Buy new equipment and software, and hope for the best? The first is true but we can do more than hope; we can plan.

The essential elements of the planning stage are described in five steps:

Step 1: Security

Decide the best means to address security in the environment. What are the requirements and mandates? Who is responsible for the overall security? Articulate a security plan that establishes the vision and tone for securing the network. This is a formal document announcing the security framework, and further instructions exist (or will exist) in the form of policies and procedures.

Assess — Know the environment, including all call-taker workstations, servers, printers (check the environment because it might have an IP address), wireless access, radios, service providers, ANI/ALI databases and GIS databases. Inventory everything and everybody who touches the network, whether directly or through another system. List current policies and procedures. Determine what already is in place.

Compliance Roadmap — Now that you know what the environment has, compare it to the requirements of the chosen security standard. Note the requirements that are not in place. The differences represent the gaps. Each of the missing requirements on the gap analysis needs a remediation plan. This may take the form of a compliance roadmap, which is a list of activities that will bring the network into compliance with the chosen standard.

A compliance plan should include a rough order-of-magnitude estimate of the costs associated with activities, as well as a timeline for completion. The timeline demonstrates the opportunity to distribute costs and the workload over five years (more or less as time and funds permit). If the IP network connectivity will be established soon, consider compressing the timeline and choosing the activities that can be accomplished quickly, or those that offer the most security. Mitigation strategies should be put in place to provide a viable plan to correct the remaining gaps and achieve complete security compliance.

Now let’s examine the remaining steps for implementing an NG-911 security standard.

Step 2: Policies

Much thought, planning and enormous amounts of coordination are needed prior to arriving at the point where policies can be written. Policies are used to communicate the expectations and appropriate behavior on the network.

During the planning stage, regulatory, legislative and administrative documents that impact the environment are identified. When authoring policies, it is important to involve entities that have a stake in the network and, specifically, the security of the network. From governing authorities to other agencies on the network, each may provide rules for network connectivity and information sharing. Your agency’s security standards may differ. Always choose the most secure requirements. Do not permit access to the network unless the requestor honors your agency’s security standards while connected to the network.

Procedures are instructions to use when performing a task — e.g., configuring a workstation. Documenting procedures allows tasks to be conducted consistently, avoiding security issues caused by conflicting methodologies. It also is helpful to provide a change-management procedure to coordinate changes to installations, upgrades and other activities that potentially could impact network security.

Step 3: Train

There is a lot of new information for employees to assimilate so provide training to help them understand the security plan, policies and procedures. Training also provides a platform to discuss processes and resolve misunderstandings. Technology is dynamic and creates ever-changing security needs. Annual and periodic training is necessary to keep employees informed of changes to security requirements.

Step 4: Monitor

All of this hard work, planning, coordinating and documenting will be for naught if the network isn’t monitored. Systems that are capable of logging information should do so. A systematic approach for reviewing logs and providing reports should be established. High-impact events, such as a virus on the network, should trigger an alarm that immediately notifies personnel to take action. If services are provided by another entity, require reports and establish notification procedures via contracts and service-level agreements.

Step 5: Audit

Audit the network annually. Compare the environment to the chosen security standard. Remember the gap analysis from Step 1? Again, identify security gaps and execute strategies to remain compliant. Use the information gained from audits to update the plan, policies and procedures, if needed. Continue to monitor the environment to assure that security measures are providing the expected outcome. Security requires persistent commitment.

This article merely touches on the basics. Firewalls, intrusion detection and prevention systems, authorized access (physical and cyber), passwords and encryption are a few of the many other security considerations.

Security compliance is complex. It requires perpetual planning and coordination, but it is a necessity. From agencies that find their personnel information posted on a hacker’s website to networks that are unable to provide service due to a denial-of-service attack, these are real world events that can be prevented — in five steps.

Lori J. Kleckner is a cybersecurity consultant for L.R. Kimball with extensive experience in collaborating with local, state and national governments. The feature originally appeared in Urgent Communications, an American City & County sister publication.

Tags: Public Safety Smart Cities & Technology Article

Related


  • Hi-tech sewers can help safeguard public health, environment and economies
    In the wake of the coronavirus, economic recovery is top of mind for all city leaders, the majority of whom believe that investing in infrastructure and technology can spur a rebound. Yet current analyses indicate that we only have funding available to cover approximately 57 percent of infrastructure system improvements through 2029, leaving an investment gap […]
  • Three ways the public sector can minimize remote workforce PC refresh headaches
    Public sector IT organizations must find ways and tools to automate and streamline processes while minimizing hands-on IT involvement in setting up and migrating PCs
  • Tyler Technologies to acquire NIC
    In a huge government technology deal, Plano, Texas-based Tyler Technologies Inc. and Olathe, Kan.-based NIC Inc. have announced they have entered into an agreement where Tyler will acquire all outstanding shares of NIC in an all-cash transaction valued at approximately $2.3 billion. The terms of the transaction have been unanimously approved by the boards of […]
  • The future of transportation – leveraging smart solutions to boost user experience
    It is only a matter of time before cities worldwide embrace technology to improve transit and connect people to economic opportunities and each other – safely

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • AT&T unveils FirstNet innovations, including HPUE, vertical location, deployable offerings
  • As cities praise America’s return to Paris agreement, many have remained on course with climate actions and goals
  • Verizon: Building the next smart city
  • Lessons from the pandemic: Emergency sourcing of lifesaving equipment

White papers


Discover How Public Sector Officials are Monitoring and Managing Overtime in This New White Paper

22nd February 2021

How to Assemble a Successful Government Grant Proposal

5th February 2021

The Rise of Procurement’s Next Normal

5th February 2021
view all

Events


PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

Twitter


AmerCityCounty

American City & County’s 2020 Exemplary Public Servant of the Year Award dlvr.it/RtZbX2

26th February 2021
AmerCityCounty

American City & County’s 2020 Crown Communities Awards dlvr.it/RtZbVz

26th February 2021
AmerCityCounty

2020 Crown Communities Awards winner: Rock Hill, S.C.’s My Ride dlvr.it/RtZSFp

26th February 2021
AmerCityCounty

Three communities hosting Augmented Reality Developer Challenge competitions dlvr.it/RtZ94D

26th February 2021
AmerCityCounty

Using data to improve emergency response resources dlvr.it/RtVSc0

25th February 2021
AmerCityCounty

How small cities are tackling lead service line replacement dlvr.it/RtV9G8

25th February 2021
AmerCityCounty

COVID-19 and pivoting into a new year: It may be 2021, but did we really leave 2020? dlvr.it/RtQRcr

24th February 2021
AmerCityCounty

Six tips for making sure your dispatch is doing all the right moves dlvr.it/RtQBvl

24th February 2021

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X