First Responder Devices for Firefighters: Does Your Technology Meet Mission Critical Standards?
As a firefighter, you’re committed to using the best possible equipment to accelerate your response to emergency calls. The Internet of Things (IoT) is set to change how we fight fires, enabling links between personnel on the scene and remote experts who can evaluate and offer advice based on data they receive from connected thermal imaging devices, sensors, and video cameras.
RFID-based trackers can easily integrate with existing equipment and uniforms, allowing commanders to monitor the location of personnel inside a burning building. Taken together, IoT data can provide a clearer picture of the situation and allow first responders to do their job with greater efficiency and safety.
The launch of the U.S.’s first responder network has brought an influx of mobile apps and devices to the market, including body cameras, connected clothing and wearables to monitor vital signs, and mobile routers that turn fire engines into portable offices.
It’s easy to get swept up in the rush of these exciting, potentially life-saving developments, but connecting many devices and generating more data also means increasing your exposure to security risks and device failure.
Before you adopt any connected device, it makes sense to stop, talk with your systems integrator, and make sure the equipment meets mission critical standards in the following areas:
Reliable, continuous connectivity is essential to the performance of any IoT device. In an emergency situation, the stakes go up exponentially and device failure could be life threatening for someone on a fire crew.
Connectivity issues are, unfortunately, common in IoT applications—according to a 2018 report by software intelligence company Dynatrace, 64 percent of IoT users worldwide have encountered performance issues with their devices. Part of the problem is the lack of IT support to match the growing complexity of IoT network structure and cloud technology.
Anyone planning to deploy IoT solutions should take time to consider system architecture, security measures, and troubleshooting strategies.
Make sure your systems integrator can provide ongoing support for the devices in your IoT network.
And ask your solutions provider about your device’s connectivity component — typically a data card or embedded cellular module. With the influx of interest in IoT, new manufacturers are crowding the market, so look for modules from companies that have an established reputation for reliability.
Consult product reviews and ask other crews about the connectivity pieces inside their devices — and whether they’re happy with their performance.
A device is the sum of its parts, and key components cannot afford to fail when you’re racing to save lives in a burning building. Most devices have at least one primary component that’s easy to recognize—for example, the sensor, lens, and image processor on a body cam.
In a piece of connected clothing, it might be the sensor that records the wearer’s vital signs. In every IoT device, the module or data card is also an essential component.
The risks of using key components from questionable sources are tremendous. Unsecured IoT devices are vulnerable to ransomware attacks and data breaches, and the results could be “catastrophic,” according to 97 percent of risk professionals surveyed in SFG’s Second Annual Study on the Internet of Things (IoT): A New Era of Third Party Risk.
To guard against device failure and security risks, make sure that all key components are sourced from reliable manufacturers, preferably companies that are veterans in the M2M technology market.
And ask about supply sustainability in the event of international trade wars or other shipping complications. Does the component supplier have an alternate product source if the primary manufacturing facility becomes inaccessible? Will they be there when you need replacement parts?
Looking at the certifications earned by your device, its key components, and its manufacturer is one way to vet its trustworthiness prior to adoption.
Here are a few important standards to consider:
- AT&T FirstNet Certification. Devices intended for use on the U.S.’s dedicated first responder network must undergo extensive testing by AT&T and the First Responder Network Authority Device Team. “The FirstNet Device Approval Program is built upon AT&T’s industry-leading, standards-based wireless device testing and certification program,” writes Joe Martinet, director of devices at the First Responder Network Authority.
It’s a multi-level testing process that vets first responder devices and gateways for safety and reliability. Make sure your device is on the list of certified products.
- MIL-STD-810 Resiliency Testing. A series of performance guidelines designed by the U.S. military to ensure resiliency,
- Manufacturer Certifications. Look for certifications earned by the manufacturers of your device’s key components, especially from The International Organization for Standardization (ISO), which has developed global standards for business operations, management systems, legal requirements, and more.
Also, look for manufacturers and products that comply with the European Union’s Restriction of Hazardous Substances Directive (RoHS), adopted in 2003.
With lives and property on the line, security is a serious concern for first responders.
The safety of your data directly affects the safety of those you’re committed to serve.
While IoT adoption presents life-saving possibilities for firefighters, it brings with it a high risk of data vulnerability if stringent security measures are not adopted along with the new technology.
Only 10 percent of device manufacturers feel fully confident that their products have adequate security precautions in place, according to Kayla Matthews of IoT for All. That’s a small fraction, considering the host of potential security issues IoT devices face, from malware to botnets to Trojan viruses.
The more familiar you are with potential threats and the security measures that can prevent them, the more secure your data will be.
Here are a few issues to discuss with your systems integrator:
- Data Storage. First responders must keep precise records of their decision-making, patient symptoms, medication dosages, and more.
Make sure your solutions provider can walk you through the process of how (and where) that data is stored, and how you can access it securely.
- Encryption uses complex ciphers to turn readable information into code, which must be deciphered using a specific key. A few of the most common types of encryption are RSA, TripleDES, Data Encryption Standard (DES), and Advanced Encryption Standard (AES), used by the U.S. government.
Ask your solutions provider to explain your device’s encryption capabilities and make sure you understand how to manage encryption and other security settings.
- Many first responder devices maintain an ongoing connection to the Cloud, ensuring that collected data is backed up constantly. But what happens when you’re in a remote area and service is interrupted?
Ask your provider to explain how data storage and recovery works on your particular device. If the device is a low-power sensor without a continuous cellular connection, make sure data backups are happening regularly.
- Default Settings. When you purchase a wireless gateway or IoT end-device, it often comes pre-loaded with a default password and an open interface for ease of setup.
Manufacturers expect users to change passwords and settings to suit their needs, and first responders must learn to make needed changes to avoid endangering their mission critical data.
- Password protection, like encryption, is a vital element of any data security plan. While changing your password might be a bothersome task, it’s a needed one: according to the 2017 Verizon Data Breach Investigations Report, hacked passwords account for 81 percent of data breaches.
Talk to your solutions provider about password configuration, and be sure to ask for guidelines on password strength and how often to change it.
Be wary of “bring your own device” initiatives, which can introduce serious security threats to your systems. If cost is an issue and you’re tempted to go with an inexpensive device with dubious security standards, wait for the necessary funding to get the most secure devices available.
Familiarize yourself with your devices’ security features and meet regularly with your team to discuss how to prevent data breaches—and make plans to deal with one if it does happen.
Before you adopt any IoT device, consider its distinctive pros and cons. “Identify the actual value (efficiency, safety, convenience) of the solution versus the cost and security risk,” writes Chief Charles L. Werner, acting deputy state coordinator and senior advisor for the Virginia Department of Emergency Management.
“Fire service organizations have a responsibility to review new technology solutions and implement those that will enhance their ability to serve their respective stakeholders.”