L.R. Kimball recently conducted a second survey on cyber security issues to gain an understanding of how the awareness, attitudes and issues regarding cyber security have changed in the last year. Here are some of the survey highlights:
- 65% of respondents are aware of NENA’s new cyber security standards indicating that while awareness has increased to a decent sized majority, there are still a significant number of folks who are simply not aware of these standards from NENA.
- Overall awareness and recognition of the importance of cyber security in a NG9-1-1 environment continues to be very high at around 71%.
- Approximately 57% of respondents suggested that cyber security is a high priority, while 16% indicated that this is their #1 priority. This is increase of about 3% of each measurement from the preceding survey.
- Respondents believe their IT department is responsible for the security of their organization. While it is true that the IT department is responsible for executing the efforts related to cyber security, it is the management of the call center who is ultimately responsible for the entire center – including cyber security.
- The number of respondents who believe the public is concerned about the security of public safety systems has dramatically risen to 61%. We believe this to be a result of the many high profile attacks that have been highly publicized, including those on public safety systems.
- 50% of respondents (an increase of nearly 40%) have started the planning and budgeting process. The compelling urgency of protecting against cyber attacks appears to be growing.
In an effort to understand where respondents were on the migration continuum for NG9-1-1, we asked questions related to what stage of the process folks were in. L.R. Kimball’s new survey showed that 28% of those surveyed are implementing NG9-1-1. This is a 6% change from our previous survey indicating that the transition to NG9-1-1 continues to occur. Approximately 57% indicated they were still in the planning phases for NG9-1-1.
It is here, during the NG9-1-1 planning stages, that L.R. Kimball believes the journey to effective cyber security begins.
- Organizations can start the planning and compliance process with a security assessment which will provide a formal and accurate picture of what they have in place.
- Following the security assessment, an organization should then create a Security Plan which documents its intentions to execute due diligence and defines how it intends to secure its NG9-1-1 system.
- The Security Plan ultimately leads into the next set of steps necessary to secure a call center: implementing safeguards (e.g. antivirus software, firewalls, policies, etc) and then monitoring and maintaining what's been put in place.
Funding was noted by respondents to our survey as an important issue. 60% felt that lack of budget/funding was a moderate to significant problem. In fact, of all of the potential obstacles to success, funding was the only one that was denoted as a real problem. This is a difference from the previous survey where lack of standards, leadership, and other priorities were identified as obstacles.
What can we do about it? L.R. Kimball believes this is an opportunity for Congress to act -- by providing funding via a grant program specifically targeted at securing public safety agencies. Public safety systems are part of our nation’s critical infrastructure. Funding improvements in their security will bolster its ability to withstand attacks while potentially creating jobs (e.g. the new role of security administrator for public safety agencies).
The nation is currently undergoing one of the most important transformations of its public safety infrastructure as it evolves its legacy 9-1-1 system to NG9-1-1. In this new interconnected, IP-enabled world, the need for cyber security has never been more critical. We know that, the industry knows it, and so do the hackers. Now what?