New federal funding to secure sensor-based devices used by public safety could bring increased attention to an area of growing concern.
The Department of Homeland Security announced Monday a nearly $750,000 joint project between its Science and Technology Directorate (STD) and Metronome Software, a software research and development firm supported primarily by research arms of the U.S. military. The company will develop a security overlay to harden a first responder voice, video and data framework developed by the STD’s Next Generation First Responder Apex program. Given the Internet of Things’ rapid advancement and government’s tendency to lag behind the private sector on development of adequate security standards, this particular project has been a long time coming, analysts told StateScoop.
Common sensor-based technologies used by public safety that are susceptible to disruption or outside control include air quality sensors, video cameras, gun shot sensors, sirens and radar detectors. Past intrusions into public safety sensor networks have proven a threat to both privacy and operational capabilities that public safety workers have come to rely on.
A 1995 incident in Tokyo in which a cult killed 12 people by releasing a highly toxic synthetic compound onto the subway is just one example of why public safety needs immediate and reliable access to its sensor-based systems, said Bill Searcy, a Unisys executive and former special agent with the FBI.
“You want to be able to detect things like that very quickly so that you can affect a very orderly and rapid exit and also they may have different exhaust systems that you want to be able to activate as well,” Searcy said.
In addition to the primary work being done by Metronome, project partners MobileIron and Kryptowire will use the new funding to expand a suite of client and server software to verify the health of mobile devices — a system called called the Enterprise Cloud Access Lock that was initially developed through Air Force Research Laboratory funding.
A radio-based intrusion that set off more than 150 sirens in Dallas in April is one of the loudest examples in recent memory demonstrating how insecure systems can disrupt public safety. That incident, which ultimately proved to be the result of negligence by the city, carried on for hours and prompted more than 4,400 911 calls. Breaches of the public’s trust in government are one of the reasons that this DHS funding is so needed for both public safety and government generally, said Tom Carpenter, a cybersecurity materials author with Vector Solutions.
“With funding there, it means there will be focus on it and with that focus, they should be able to give the attention needed in order to provide the security required,” Carpenter said. “And hopefully it will expand out beyond the sensor networks for first responders simply because IoT is infiltrating a whole lot of areas.”
IoT devices are a prime target for attackers, Carpenter said, because manufacturers commonly use cheap, outdated radio chipsets to keep down costs. A 2.4 GHz radio, as opposed to 5 GHz, may not support newer authentication methods and is more susceptible to denial-of-service attacks, he said.
“In 2.4 Ghz, I can get devices easily to down the entire band,” he Carpenter said. “In fact, they sell for under $200 and you can take down the entire band —100 percent — and no communications can happen within 150 to 200 feet of the radiating device. So, that’s a security problem.”