A growing concern in the Emergency Management and Crisis Management space is the threat of a cyber security event impacting agency operations or the ability to respond appropriately to a major event. Recently the Wall Street Journal chronicled a cyber attack on 9-1-1 centers in October of 2017. During the event, a single individual tweeted a link which once clicked, infected smartphones and turned them into robo-calling machines targeted on 9-1-1 centers. This small scale, yet very effective cyberattack reminded many in the emergency management profession that while technology proliferates, threats increase exponentially.
Adding insult to injury, WikiLeaks released “Vault 7” which supposedly includes all of the CIA’s hacking arsenal in the Cyber Security. While many in the emergency management profession may be ignoring this event as more of an “IT Issue,” it has major emergency management implications. The underlying threat of this release is that it includes potential exploits for hackers to access mobile phones directly.
So what does that have to do with emergency management?
- How many apps on your phone don’t require secondary passwords to access the data? Email? File Servers?
- Does your employee notification system or community notification system have a mobile app where you can launch notifications?
- Does your phone have GPS enabled which would provide data on work locations, home locations, regularly traveled coffee shops?
- Do you have a listing of passwords on your phone that does not require a secondary password (other than unlocking your phone) to access?
Could your Emergency Notification System be activated for employees or the general public using your cell phone without your knowledge?
So what should you do now?
- Review your agencies mobile device policies to ensure they require secondary methods of password authentication on items that need to remain secure.
- Discuss Emergency Notification System policies and procedures and ensure that any mobile device access requires secondary password validation.
- Review your personal data security process and make sure you secure your personal data as well as you can.
- Take your I.T. Security Manager out for a coffee (in a few days after they decompress) and talk about what can be done to ensure better security in this ever-changing realm of cyber security.
- Stay Informed – make sure you are continuing to evaluate your risks and threats on a regular basis as the landscape changes.