11 Questions to Ask Your IT Department to Protect Against Cyberattacks
This article is featured in the magazine, Protecting Against Cyberattacks: A Guide for Public Safety Leaders. Download it now.
By Sam Greif, Fire Chief of Plano, Texas
Fire chiefs have plenty to be concerned about while trying to protect the public and our personnel. Over the last several decades, new threats and challenges have emerged, including active shooter events, health epidemics, hazmat disasters, emergencies requiring technical rescues, and high-rise fires, to name a few.
One additional new threat that has devastating consequences and that many fire leaders are not adequately prepared for is cyberattacks. While many fire chiefs feel their IT departments should be more cognizant of cyber threats, many do not consider threats of cyberattack as part of their day-to-day operations.
According to the 2016 Deloitte-NASCIO Cybersecurity Study, state officials, including emergency managers and chiefs of police, are more confident in their states’ ability to address cybersecurity (66 percent) than state chief information security officers are (27 percent). This confidence gap signals a need for increased communication about cybersecurity risk and methods to prevent and mitigate against potential harm.
It is understandable that there is a gap in grasping the complexities of cybersecurity. After all, terms such as authentication, declaration of conformity, DMZ, encryption, firewall, IDS, ISP, IPS, LAN, malware, proxy server, spyware, VPN, WAN, worm, and the rest of the IT alphabet soup are not part of the traditional fire service lexicon.
The good news is fire chiefs do not have to know the details of how to protect our departments and our personnel against cyberterrorists. However, we do need to know what questions to ask IT experts to ensure they fully understand all the vulnerable technology we use on a daily basis.
Systems that need to be protected include 9-1-1, public safety radios, CAD (computer- aided dispatch), electronic patient reporting, records management systems, mobile data computers, and phone PBX systems. These systems are all potential targets for those who wish to do harm to our departments and communities.
Leaders in the fire service need to make sure they are asking the right questions to the right people.
To find out what questions I should be asking, I went directly to my local IT department. I met with IT to learn how we could ensure the systems my department uses are protected as much as possible. Here are the questions all fire chiefs should ask.
11 Questions to Ask Your IT Department
- What is the configuration of our firewall? The firewall should not allow any connections from the outside. All connections to computer-aided dispatch (CAD) and records management systems (RMS) should be made over a virtual private network (VPN).
- Do our systems meet CIS benchmarks? The Center for Internet Security (CIS) benchmarks aid in server setup. Requirements can be found here.
- Do our critical networks have a firewall between the internal network and the protected networks? Critical networks include SCADA, building safety, and CJIS. Critical networks include supervisory control and data acquisition (SCADA), building safety, and Criminal Justice Information System (CJIS). All traffic in and out of the protected networks should be monitored and recorded.
- Have all default passwords been changed? Many systems come with a default password or built-in account from the manufacturer or vendor. These passwords must be changed to lessen the chance they can be hacked.
- Does the network have a central time server called a NTP? A network time protocol (NTP) allows for the clocks on all equipment to stay in sync for logging and audit purposes. Also, some encryption technologies require this.
- Do all critical systems send their log files to a central server? Using a central server allows for logging and audit in case of a breach, and some systems send an alert when it detects a breach.
- Are user permissions on systems set to the minimum necessary for them to do their job? Granting permission greater than the minimum necessary can increase compromises and removes accountability within those systems. If access is limited, it will reduce the chance of changes— accidental or intentional—being made within the system. Limited access also reduces the chance of exfiltration of information from the network.
- Is there an ongoing and updated inventory of assets? This should include date of purchase and disposal, who owns the equipment (IT), and who owns the data on the equipment (PD, fire).
- Does IT use tools to monitor servers for patches? Many departments use tools like Nessus (free for up to 25 servers) or Qualys to monitor systems and send notifications when server patches are needed and available in order to keep them secure.
- Does IT limit the number of administrator accounts on systems? Administrators can expand their power by granting permission to accounts they do not normally have access to. Since administrators have the ability to delete entire systems and shut down access to all computers within the system, background checks should be in place for all administrators.
- For departments storing HIPAA or CJIS data on its server, are those hard drives properly encrypted? Encryption is critical to protecting personal data stored on servers. While encryption is required by HIPAA, it’s smart to verify that IT has proper encryption protocol in place.
Most of the answers to these questions are still foreign to me, and I certainly would not know how to achieve getting them done. However, by having the conversation with my IT department and discussing all the technology involved, I feel more confident they are on track working hard to protect our systems. This dialogue also led to IT providing me with tips for my personnel about how to help protect our systems against phishing, vishing (voice phishing), and pharming attacks—all of which are designed to steal information or cripple an organization’s technology.
Until fire chiefs take an interest in cybersecurity and make time to have ongoing conversations with IT, they risk being vulnerable to cyberattacks.
About the Author: Chief Sam Greif began his career as a paramedic in 1982 and joined the Fort Worth (CO) Fire Department as a firefighter in 1985, where he worked his way up through the ranks to assistant chief of operations. In June 2015, after an extensive nationwide search, it was announced that Greif was selected as the new fire chief for the City of Plano, Texas. Chief Greif holds an associate in applied science degree in fire science, a bachelor’s degree in leadership from Midwestern State University, a master of public administration from the University of Texas at Arlington, and is a graduate of the National Fire Academy’s Executive Fire Officer Program. Chief Greif has served on numerous state and national boards and committees. He currently is the chair of the International CAD Consortium and was on the board of directors for Tarrant County 9-1-1 for eight years. He is a member of the IAFC’s Terrorism and Homeland Security Committee, Metro Chiefs, and Collin County Fire Chiefs, and is an active member of the Plano Rotary Club. To contact the author, email IPSauthor@apus.edu. For more articles featuring insight from industry experts, subscribe to In Public Safety’s bi-monthly newsletter.