author photo
By Bruce Sussman
Thu | Feb 28, 2019 | 8:20 AM PST

The Department of Homeland Security needs InfoSec to weigh in on what could be considered a cyber emergency in emergency response.

The rough draft of the 2019 National Emergency Communications Plan is out, and the authors are looking for feedback, including yours. A core goal is to increase the cybersecurity of emergency communication systems.

Comments are being accepted until March 22, 2019. So please keep reading and see if you have any input.

State of cybersecurity in emergency response communications

The draft of the new DHS report paints a bleak picture when it comes to the cybersecurity posture and readiness of systems used to communicate in an emergency. This is based on research from last year:

"According to the 2018 Nationwide Communications Baseline Assessment results, 37 percent of respondents indicated that cybersecurity incidents have had an impact on the ability of their emergency response providers and government officials’ ability to communicate over the past five years.

Yet, almost half of respondents had not instituted cybersecurity best practices, such as risk assessment, continuous monitoring, and identity management.

In fact, only one in five respondents indicated having cybersecurity incident response plans, policies, and capabilities."

Proposed cybersecurity improvements to emergency response comms

The report, which looks at a number of goals for emergency response communications systems across the U.S., lists its final goal like this: "Strengthen the cybersecurity posture of the Emergency Communications Ecosystem."

And here are some of the areas being proposed for this work, starting on page 60 of the complete report. You can weigh in on these three areas of IT security.

  • Develop and maintain cybersecurity risk management
  • Mitigate cybersecurity vulnerabilities 
  • Determine public safety-specific, standards-based cyber hygiene minimums, and fund ongoing risk mitigation

How can you give your feedback in these areas? Read pages 60-64 of the report, then use this form to give specific feedback and email it to OECNECP@hq.dhs.gov.

Let's hope next year's update paints a brighter picture of cybersecurity in emergency communications.

And if you like sharing ideas about InfoSec and what's working, join your local SecureWorld cybersecurity community in 2019.

Comments