How to Protect Public Safety IT Systems from Cyberattacks
In today’s volatile cyber landscape, public safety organizations such as Fire Departments and Law Enforcement agencies are prime targets for foreign cyber adversaries. With Iran possibly looking to retaliate for the recent bombings, hacking, and disrupting public safety networks and databases could be one of their avenues of attack. The increasing reliance on digital tools, from dispatch systems to confidential investigative databases, makes these agencies vulnerable to espionage, data theft, ransomware, and operational disruptions. If you work in Cyber Security or the IT industry, stay vigilant in protecting your systems.
Why Public Safety is a Target
Foreign actors, including nation-states and their proxies, target critical infrastructure to:
· Disrupt emergency response capabilities.
· Steal sensitive operational or personal data.
· Undermine public trust in local governments.
· Leverage compromised systems for larger attacks on national infrastructure.
The 2021 ransomware attack on U.S. police departments and the 2020 SolarWinds breach demonstrate how determined foreign entities can penetrate public sector networks [1][2].
The #1 avenue for attacking Government IT infrastructure is through Phishing and Social Engineering, specifically spear-phishing emails designed to trick users into revealing credentials, clicking malicious links, or downloading malware.
Why Phishing is the #1 Threat
Numerous government and cybersecurity reports consistently identify phishing as the leading attack vector, especially for:
· Initial access to secure government systems.
· Credential theft leading to privilege escalation.
· Delivery of malware, including ransomware and remote access trojans (RATs).
Phishing exploits human error, bypassing even advanced technical defenses by targeting employees, contractors, or public officials.
Verizon 2024 Data Breach Investigations Report (DBIR)
· Reports phishing as the most common initial access vector in both public and private sectors.
· Notes that government entities, especially local agencies, are disproportionately affected due to resource gaps.
Source: https://www.verizon.com/business/resources/reports/dbir
Cybersecurity and Infrastructure Security Agency (CISA) Alerts
· CISA identifies phishing as a primary method used by foreign threat actors, including nation-state groups from Russia, China, Iran, and North Korea.
· Phishing campaigns often mimic official communications, making them highly effective.
Source: https://www.cisa.gov/news-events
Microsoft Digital Defense Report 2023
· Highlights that over 90% of nation-state cyberattacks begin with phishing.
· Points out increasing sophistication in attacks targeting government workers, with fake login pages and business-like communications.
Source: https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report
Real-World Examples
SolarWinds Attack (2020):
Although initially a supply chain attack, compromised credentials gained through phishing were used for lateral movement within U.S. government networks.
U.S. Elections Targeting (2016-2020):
Foreign entities, including Russian groups, used spear-phishing to target election officials, IT administrators, and government contractors.
While technical vulnerabilities, such as unpatched systems or exposed servers, are also exploited, phishing remains the primary attack vector for breaching government IT infrastructure. This method:
· Bypasses perimeter defenses.
· Targets individuals rather than systems directly.
· Enables credential theft, malware deployment, and long-term compromise.
Mitigation Recommendations
To defend against phishing:
· Implement Multi-Factor Authentication (MFA) across all systems.
· Conduct regular phishing awareness training for all staff.
· Deploy email filtering and threat detection tools.
· Encourage a “trust but verify” culture for unexpected emails and links.
Key Strategies to Protect Public Safety IT Systems
1. Implement Zero Trust Architecture (ZTA)
Zero Trust means “never trust, always verify.” Agencies must:
· Authenticate users and devices continuously.
· Enforce least-privilege access to applications and data.
· Segment networks to limit the spread of breaches.
The Cybersecurity & Infrastructure Security Agency (CISA) strongly recommends Zero Trust for government and critical infrastructure systems [3].
2. Regularly Patch and Update All Systems
Foreign attackers often exploit known software vulnerabilities. Agencies must:
· Keep operating systems, applications, and firmware updated.
· Apply patches promptly, especially for vulnerabilities listed in CISA’s Known Exploited Vulnerabilities Catalog [4].
3. Deploy Endpoint Detection and Response (EDR) Solutions
EDR tools provide:
· Real-time monitoring of devices for suspicious activity.
· Automated threat detection and response capabilities.
· Insight into attempted intrusions or malware infections.
Many foreign hacking campaigns begin with compromised endpoints, making EDR a frontline defense [5].
4. Protect Communication Systems
Voice over IP (VoIP), radio dispatch, and mobile apps are vulnerable without:
· Strong encryption for all communications.
· Secure VPN access for remote connections.
· Regular audits of telecommunication infrastructure.
The FBI has warned of foreign attempts to intercept or disrupt police communications [6].
5. Conduct Regular Cybersecurity Training
Human error is often the weakest link. Agencies should:
· Train staff to recognize phishing and social engineering attacks.
· Simulate cyber incidents to improve response readiness.
· Require strong, unique passwords with Multi-Factor Authentication (MFA).
Foreign attackers frequently target employees to gain initial access [7].
6. Collaborate with Federal Cyber Defense Programs
Fire and Law Enforcement agencies should:
· Engage with CISA’s Cyber Hygiene and vulnerability scanning services.
· Participate in the FBI’s InfraGard program for threat intelligence sharing.
· Utilize the DHS-funded Multi-State Information Sharing and Analysis Center (MS-ISAC) for alerts and technical assistance [8].
7. Secure Critical Data with Backups and Encryption
Agencies must:
· Encrypt sensitive files at rest and in transit.
· Maintain offline, immutable backups to recover from ransomware attacks.
· Implement strict controls on data access and transfer.
This is crucial to prevent the exposure of investigative records, personnel files, and operational plans.
Conclusion
Foreign cyberattacks are not abstract threats; they are a clear and present danger to the safety of communities. Fire Departments and Law Enforcement agencies play a vital role in protecting the public, and securing their IT infrastructure is essential to maintaining that mission.
By following these best practices and collaborating with trusted cybersecurity partners, public safety organizations can significantly reduce their risk of falling victim to foreign cyber aggression.
I have over 26 years of experience in the IT field with education in Cyber Security and specializing in VoIP Phone Systems. If you need assistance in finding resources to help you with your IT infrastructure, Summit Response Group is here to help. We can assist in getting the resources you need. Consulting on IT infrastructure is another way that Summit Response Group assists in our mission to deliver public safety training and leadership development services so that your team is ready to respond.
References
1. CISA. “Ransomware Attacks Targeting Police and Public Safety.”
https://www.cisa.gov/news-events
2. U.S. Senate Report on SolarWinds Breach. https://www.hsgac.senate.gov
3. CISA Zero Trust Maturity Model. https://www.cisa.gov/zero-trust
4. CISA Known Exploited Vulnerabilities Catalog. https://www.cisa.gov/known-exploited-vulnerabilities-catalog
5. National Institute of Standards and Technology (NIST) Cybersecurity Guidelines.
https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
6. FBI Public Service Announcements on Cyber Threats to Law Enforcement.
https://www.fbi.gov/news
7. Verizon 2024 Data Breach Investigations Report.
https://www.verizon.com/business/resources/reports/dbir
8. MS-ISAC for State, Local, Tribal, and Territorial Governments.
https://www.cisecurity.org/ms-isac
