Emergency jurisdictions prepare for next generation 911 cost, security threats

There are signs all around, if one knows where to look, that next generation 911 is approaching fast.

Upgrades have started without much fanfare in dozens of jurisdictions around the country, and in recent weeks some of these efforts have gained momentum. 

New York City, Philadelphia, New Jersey and Chicago are just a few of those who have most recently announced progress, while data collected by the U.S. Department of Transportation in 2016 shows 20 of 46 states surveyed had at least adopted a statewide plan for next generation 911. The new class of technology will allow emergency call and dispatch centers to receive not only phone calls, but texts, images, geospatial data, video and other information.

On Tuesday, Michigan Gov. Rick Snyder signed a law to raise phone fees in the state to fund a next generation 911 upgrade, signaling a coming change that was largely shrouded in local news coverage by financial considerations.

Surcharges like the one authorized by Snyder — a monthly 19 cent fee is now boosted to 25 cents for each phone service subscriber in the state — are a common mechanism for what is anticipated to be an unavoidable and expensive transition away from an analog past. The fee hike is expected to generate an additional $20.2 million annually, or almost $49 million annually in total for the state.

While new federal funding is scheduled to be awarded for next generation 911 sometime in early 2018, an official connected with the program who asked not to be named said it’s merely “a drop in the bucket” compared to what is needed for a national rollout.

The State of Maryland is also among those preparing for next generation 911 and the inevitable security threats the technology will bring along.

Through a partnership with Mission Critical Partners and SecuLore Solutions, the state is now conducting a security audit of call and dispatch centers in all 23 counties and Baltimore. By working with the Emergency Number Systems Board, emergency managers and contractors say they plan to complete the work by the end of the year.

The audit’s purpose is to provide a detailed, or what network engineers call level 3, logical diagram, which will give emergency managers a more thorough understanding of how their equipment is connected and what vulnerabilities need to be considered.

David Jones, a vice president with Mission Critical Partners, told StateScoop that mapping architecture often reveals major problems that no one was aware of, like missing equipment that a jurisdiction had been paying maintenance on or extra equipment that wasn’t accounted for or indicated a security vulnerability.

The contractors will also monitor network traffic.

“I’m not saying this happened in Maryland, but in many cases they can see traffic that’s going to Russia or China or people from Saudi Arabia are trying to get into the [call centers] and we can analyze that traffic and find vulnerabilities on what’s coming out and who’s trying to get in,” Jones said.

The approach of next generation 911 is driving more jurisdictions to take inventory of their emergency call center equipment, Jones said.

Jack Markey, director of the division of emergency management in Frederick County, Maryland, cites next generation 911 as one of the main reasons for pursuing this cybersecurity inventory. As an early adopter, the Frederick County jurisdiction has been able to receive text-to-911 transmissions since 2013.

“We’ve been very aware of the evolution from the old analog copper wire telephone world to the IP world,” Markey said. “As we’re continuing to move toward the enhanced abilities that next generation 911 will bring, it’s sort of a good news/bad news.”

The good news is the new capabilities — transmitting more detailed and location-based information that some predict will save lives. The bad news, Markey said, is that going digital means security threats. A denial of service attack to an analog phone system means busy signals, on digital systems, the potential results are more varied and frequently severe.

Public safety answering points (PSAPs), as call centers are referred to in emergency management parlance, frequently have external connections. Frederick County’s PSAPs, which are part of a local, state and even federal jurisdiction, connect to a lot of outside sources, including Canada.

Markey said he’s particularly interested in what network monitoring will yield. So far, only a pilot in Washington County has been conducted, while the remaining counties and Baltimore await results.

“Even if you can’t detect what the vulnerability is, you would at least know there’s traffic leaving your network that’s unexpected,” Markey said.