SAFECOM and NCSWIC Address Communications Dependencies on Non-Agency Infrastructure


Author: Ted Lawson, Cybersecurity and Infrastructure Security Agency (CISA), Joint SAFECOM and NCSWIC Technology Policy Committee Federal Lead

The world of emergency communications can be astoundingly complex, especially as additional capabilities and services become necessary to successfully deploy, maintain, and protect communications systems. Many agencies rely on multiple third-party entities to provide these capabilities, including provisioning of critical system infrastructure, cybersecurity, and other services. For example, agencies readily rely on commercial vendors for subscriber units or on commercial utilities for power supply. An agency and its contracted non-agency entities alike are vulnerable to events that threaten the uptime, continuity of services, operations, or resiliency of communications. Regardless of how unpredictable these events may be, agencies can take steps to be prepared when those disruptive events occur.

Using the depth of experience among their members, SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC) have published a white paper―Public Safety Communications Dependencies on Non-Agency Infrastructure and Services (.pdf, 1.04 MB) —outlining several techniques to prepare throughout the communications system lifecycle for challenges associated with such dependencies, as shown in the graphic below.

System Lifecycle Planning Guide Phase 01 PrePlanning Phase 02 Project Planning Phase 03 Request for Proposals and Aquisition Phase 04 Implementation Phase 05 Support, Maintenance, And Sustainment Phase 06 End of Lifecycle Assessment and Replacement Phase 07 Disposition  Resiliency Techniques Phase 1  -Understand communications infrastructure dependencies and interdependencies -Identify potential obstacles to service provider continutiy of operations -Establish a back-up plan -Exercise due diligence Phase 2 -Identify, assess, and communicate appropriate security and resiliency requirements or plans -Issue request for information (RFIs) as needed Phase 3 -Incorporate resiliency and continutiy of operations requirements into acquisition processes -Follow agency procurement policies and statutory requirements -Identify contingency services -Confrim that security policies and best practices are followed Phase 4 -Enhance testing -Promote and use priority services Phase 5 -Maintain proper levels of qualified personnel -Manage cyclical repair, replacement, testing, and training to prevent network or infrastrucutre issues -Establish acces network redundancy -Be prepared for catastrophic events Phase 6 -Work with service providers to account for technology evolution Phase 7 -Ensure non-agency partners properly dispose of materials

Given the potential for disruptive events impacting non-agency partners, public safety stakeholders—including system administrators, public administration officials and decision makers, and other communications personnel—might benefit from understanding the potential complications or obstacles they may face when depending on outside sources for infrastructure or services.

To learn more about this document and other helpful resources, visit cisa.gov/safecom/technology or contact SAFECOMGovernance@cisa.dhs.gov.  

Keywords