FirstWatch reports sudden, sharp increase in cyberattacks against public safety
Taigman calls on departments to immediately alert IT staff to check the integrity of their data, software and networks
By Greg Friese
CARLSBAD, Calif. — Public safety data experts are reporting a sudden and sharp increase of cyberattacks against public safety targets on Saturday, January 29, 2022.
According to an email alert from FirstWatch attacks are ongoing against 911 Centers, Public Safety agencies, telecom operators, local governments and medical facilities.
"We are aware of at least 16 active cyberattacks happening at this moment," Todd Stout, FirstWatch founder & president, wrote in the email alert.
"Departments need to contact their IT administrator immediately to check the status and security of their computer systems," Mike Taigman, FirstWatch improvement guide, said. "Don't wait until Monday morning. Call now."
"This email is to give our partners and friends a heads-up to immediately monitor your IT systems even more closely than you normally would," Stout wrote.
The email from Stout included these suggested actions:
- Document your network and systems in detail, clean up your networks
- Develop business continuity plans for handling a breach
- Step up seriousness of cyber-related threat training as an organizational priority
Enhance Security Posture
- Backup your data – real-time, incremental, offsite, glacial
- Develop best practices for keeping all hardware patched
- Implement multifactor authentication, ideally with phone-based or stand-alone tokens
- Ensure in policy and practice that there are no rogue devices on your network with IP and MAC scanning and 802.1 authentication
- Don’t leave “hot” network ports open for connection
- Encrypt data at rest and data in motion, PCs, tablets, phones should all be fully encrypted with auto-wipe after set number of failed logins
- Geo-block the known bad actors in your firewalls
- USB devices and ports are not your friend
- Improve training for personnel regarding social engineering and phishing – take a look at www.knowbe4.com
- Think “Zero Trust” as an overall concept – operating as if you are already working with a breach
- Cyber safety and security must be a concern of everyone in the organization
- Understand any regulatory compliance items you are required to meet
- Stay updated on daily and weekly cyber updates issued from official government sources
- Must dedicate some education budget and time for cyber education and awareness
- If the organization makes cyber security and hygiene a consistent priority, personnel will too
- Encourage personnel to point out cyber concerns and weaknesses to help improve overall positioning, get stronger
Monitor – Detect
- Develop logging systems to capture every action passing in and out of your firewalls and edge routers
- Capture traffic bouncing off of your firewalls
- Maintain at least a year of this logging data, it is vital for forensics in tracking down culprits in a breach
- Establish alarms to notify the player and stakeholders when certain firewall events occur
- Develop logging systems for user activity within your network for the same reasons as firewall logging
- On larger networks, consider “honeypot” systems to help identify intruders that leverage access via third-party products
- Study the logs regularly, know what normal looks like so that abnormal jumps out
- Always follow up on the odd things
- Have a planned response to a breach, practice the plan
- Be certain that everyone knows how to sound the alarm as soon as an anomaly is discovered, most targeted breaches occur at night, on weekends and holidays when more junior staff is usually working, junior staff can be hesitant to sound the alarm
- Know who you will be notifying such as local and federal law enforcement
- Two to four times per year, confirm that your plan is workable in the ever-changing environment
FirstWatch turns raw data into meaningful information, helping agencies improve situational awareness, operational performance and clinical patient outcomes.