The growth of the Internet of Things (IoT), along with the launch of a dedicated first responder network in the U.S., is causing a monumental shift in police work. License plate and facial recognition devices find connections between suspects on a scene and document offenders. Officers wear body cams and connected clothing to monitor vital signs, receive incident reports on their mobile devices, and collect evidence.
As the IoT’s potential unfolds, incident commanders will be able to access all these connected devices through a portal that displays data, video, and sound communications in real time.
The impact of these devices working in tandem—along with the data they generate—is staggering and promises to greatly improve efficiency. “Unfortunately, American policing has not yet harnessed the data rich world to aid its problem-solving abilities to the greatest degree possible,” writes Lieutenant Brian Ellis of the Sacramento Police Department. “Today is the time to interpret the vast data mines into something significant for policing in America.”
While the IoT presents tremendous benefits for police, it also carries inherent risks. The adoption of connected devices across other sectors has already resulted in a new category of crimes: hacking. “Because of the unlimited possibilities to interconnect one’s life to the internet, an increased amount of personal data will be available for all to see,” Ellis writes.
“Law enforcement’s challenge will be to safeguard the public’s digital footprint.”
In their own realm of IoT usage, police officers must carefully vet the devices they use to transmit sensitive information. Even if the cellular network is secure, vulnerability at the end-device level can result in serious data breaches. In fact, 82 percent of IT professionals predicted that unsecured mobile devices are likely to cause a “catastrophic” data breach, according to a 2018 report by cybersecurity firm Raytheon. And in mission critical situations, product reliability is vital—when you’re responding to an emergency, your device can’t crash.
Here’s what you need to know about any cellular device before implementing it on your network:
1. What are the key components?
Key components are the elements that define the device and ensure its proper function. One primary component is the parts with which the device collects data – that may be a sensor on a piece of connected clothing, the GNSS chip for a car telematics solution, or the image processor on a body camera.
Another element that’s essential to every connected device is the data card or embedded cellular module. Some Internet of Things (IoT) devices use removable data cards, which work the same way a USB drive does—just plug it in and go. These modules can easily connect to existing hardware and deliver high data speeds, ranking them as higher category LTE devices and making them ideal for public safety routers and gateways.
Most mobile and wearable devices use embedded modules because their connections are solid and immovable, resilient to vibration, heat, corrosion, and dust. Embedded modules are also smaller than standard data cards, making them a better fit for end-devices.
2. Are the device and its components from a reliable, sustainable source?
A device is the sum of its parts, and key components cannot afford to fail in mission critical situations. Most devices have at least one primary component that’s easy to recognize—for example, the sensor, lens, and image processor on a body cam. In a piece of connected clothing, it might be the sensor that records the wearer’s vital signs.
Another essential piece of the device is its data card or cellular module. If a device’s connection fails, the data it has gathered becomes useless. And if the connection module lacks adequate security features, it could be vulnerable to cyber attacks.
To guard against device failure and security risks, make sure that all key components are sourced from reliable manufacturers—preferably companies that are veterans in the M2M technology market. And ask about supply sustainability in the event of international trade wars or other shipping complications.
Does the component supplier have an alternate product source if the primary manufacturing facility becomes inaccessible? Will they be there when you need replacement parts, or will they have vanished from the market?
3. Do they meet AT&T and FirstNet certification standards?
AT&T, along with the First Responder Network Authority Device Team, is consistently working to review products prior to use on the network. “The FirstNet Device Approval Program is built upon AT&T’s industry-leading, standards-based wireless device testing and certification program,” writes Joe Martinet, director of devices at the First Responder Network Authority.
It’s a multi-level testing process that vets first responder devices and gateways for safety and reliability. Make sure your device and its cellular component are on the list of certified products.
4. If advertised as rugged or ultra-rugged, does the device meet resiliency testing standards such as MIL-STD-810?
Police officers often need devices that can withstand strong impacts and extreme weather conditions. A series of performance guidelines designed by the U.S. military to ensure resiliency, MIL-STD-810 is the gold standard for determining ruggedness, and the testing process observes a device’s response to a wide range of conditions and situations in 24 categories, including low pressure, extreme temperatures, fog, rain, dust, and more.
If your device claims to be ultra-rugged, ask your solutions provider if it has passed MIL-STD-810 testing.
5. Is the device secure?
We’ve already established that security is a serious issue in IoT applications for police. There are many sides to potential data vulnerability, including failure to load system and security updates (and failure of device manufacturers or app developers to supply them).
Most data breaches occur due to user error or carelessness, so make sure you discuss the following security issues with your systems integrator prior to adopting any new connected device:
- Data Storage. Police officers must keep precise records of their interactions, observations, and decision-making. Make sure your solutions provider can walk you through the process of how (and where) that data is stored, and how you can access it securely.
- Encryption uses complex ciphers to turn readable information into code, which must be deciphered using a specific key. A few of the most common types of encryption are RSA, TripleDES, Data Encryption Standard (DES), and Advanced Encryption Standard (AES), used by the U.S. government. Ask your solutions provider to explain your device’s encryption capabilities and make sure you understand how to manage encryption and other security settings.
- Many first responder devices maintain an ongoing connection to the cloud, ensuring that collected data is backed up constantly. But what happens when you’re in a remote area and service is interrupted? Ask your provider to explain how data storage and recovery works in your particular device. If the device is a low-power sensor without a continuous cellular connection, make sure data backups are happening regularly.
- Default Settings. When you purchase a wireless gateway or IoT end-device, it often comes pre-loaded with a default password and an open interface for ease of setup. Manufacturers expect users to change passwords and settings to suit their needs, and first responders must learn to make needed changes to avoid endangering their mission critical data.
- Password protection, like encryption, is a vital element of any data security plan. While changing your password might be a bothersome task, it’s a needed one: according to the 2017 Verizon Data Breach Investigations Report, hacked passwords account for 81 percent of data breaches. Talk to your solutions provider about password configuration, and be sure to ask for guidelines on password strength and how often to change it.
Even if you’re doing all the right things to maintain IoT security, a device containing unsecured key components, such as a cellular module, can open the door to hackers. Generally, products from new, untried companies should be viewed with caution.
Some established companies are also viewed with suspicion, such as Chinese telecom giant Huawei, which has come under scrutiny from U.S. and Australian authorities for suspected security risks associated with its products. New Zealand recently joined the other nations in blocking Huawei’s products from its new 5G mobile data network, which will handle IoT devices. U.S. officials also caution against ZTE’s mobile devices, saying they pose a security risk.
While cybersecurity is a concern to address, police adoption of IoT devices and data analytics promises far more benefits than risks in the long run.
“The transparency piece of IoT will help connect the unconnected, illuminating the issues that do contribute to crime, delinquency, and the public safety experience in America,” Ellis writes.
“While budgets restrict organizations, data expands our reach, and no public safety organization will be as effective as they can be without it.”