5 Questions to Ask Your First Responder Solutions Provider
By Ken Bednasz
February 22, 2019
By Ken Bednasz
February 22, 2019
Following the rollout of a dedicated first responder network in the U.S., municipalities are choosing providers and building out their arsenal of network gateways and connected devices. As you weigh your options and choose devices that fit your needs, be aware of the potential pitfalls—especially security risks—that face you on the market.
To avoid unneeded exposure to risk, ask your solutions provider or device manufacturer these questions to evaluate their readiness to support first responder usage:
Key components are the elements that define the device and ensure its proper function. Most devices have at least one primary component that’s easy to recognize—for example, the sensor, lens, and image processor on a body cam. In a piece of connected clothing, it might be the sensor that records the wearer’s vital signs.
Another element that’s essential to every connected device is the data card or embedded cellular module. Some Internet of Things (IoT) devices use removable data cards, which work the same way a USB drive does—just plug it in and go.
These modules can easily connect to existing hardware and deliver high data speeds, ranking them as higher category LTE devices and making them ideal for public safety routers and gateways.
Most mobile and wearable devices use embedded modules because their connections are solid and immovable, resilient to vibration, heat, corrosion, and dust. Embedded modules are also smaller than standard data cards, making them a better fit for end-devices.
Once you’ve identified the device’s main components, ask your service provider about their sourcing practices and requirements.
The exploding IoT market contains a huge range of products, widely varying in quality and security. Generally, products from new, untried companies should be viewed with caution.
Some established companies are also viewed with suspicion, such as Chinese telecom giant Huawei, which has come under scrutiny from U.S. and Australian authorities for suspected security risks associated with its products. New Zealand recently joined the other nations in blocking Huawei’s products from its new 5G mobile data network, which will handle IoT devices. U.S. officials also caution against ZTE’s mobile devices, saying they pose a security risk.
Because IoT technology is developing more quickly than private and government security measures can keep up with, cyber threats remain a serious problem that first responders must acknowledge and guard against.
The risks of using key components from questionable sources are tremendous.
Unsecured IoT devices are vulnerable to ransomware attacks and data breaches, and the results could be “catastrophic,” according to 97 percent of risk professionals surveyed in SFG’s Second Annual Study on the Internet of Things (IoT): A New Era of Third Party Risk.
Even if a device’s key components are sourced from reputable companies, there is still a risk of data breaches if security is not a priority. Talk with your provider about the systems they have in place around security of data.
Firmware bugs are notoriously prominent in IoT end-devices, making users vulnerable to security breaches and system failures. Denial of service (DoS) bugs represent 42 percent of firmware problems, according to a study by Bitdefender. DoS can render your device temporarily or permanently inoperable—not an option in emergency situations, when every second counts.
Security researchers are working to create new tools that can test for IoT device vulnerabilities, with the goal of identifying and securing problematic devices before a data breach happens.
Until a reliable detector emerges, it’s best to talk with your provider about the dangers of firmware bugs in IoT devices and research the track records of each key component.
The IoT market is crowded with competitors, large and small. While longtime technology giants are deeply involved in the field, so are startups and small businesses around the world. Device developers often create their own protocols for IoT operations, making it difficult for those trying to create clear, across-the-board security standards that could protect gateways and end-devices from cyber attacks.
While you wait for clear standards to emerge, you can protect your first responder devices by looking closely at the companies that manufacture their inner components.
Ask your solutions provider how long they and their component manufacturers have been in the market. Have they encountered any security or other problems with those manufacturers? Could there be sourcing problems if a trade war between your country and the manufacturer’s country emerges and shipments are restricted?
Solutions providers should have a plan in place to cope with loss of key components from a primary manufacturing facility.
To mitigate potential risks, gain a working knowledge of device’s security features and ask your solutions provider to demonstrate a commitment to quality, security, and responsiveness.