Author: Ted Lawson, Cybersecurity and Infrastructure Security Agency (CISA), SAFECOM Cybersecurity Working Group Federal Lead
Land Mobile Radio (LMR) systems are terrestrially based, wireless communications systems commonly used by federal, state, local, tribal, and territorial first responders, public works companies, and the military in tactical and non-tactical environments. They are designed to provide instant, reliable, and secure mission-critical push-to-talk communications to the public safety and first responder community. However, as the digitization of LMR systems continue, the LMR networks, devices, and data are becoming increasingly susceptible to cyber threats. Some may perceive LMR systems to be analog or separate from other systems directly connected to the internet. Nevertheless, the Confidentiality, Integrity, and Availability information security triad applies to LMR network, devices, and data; therefore, LMR systems are a vector for malicious cyber actors to target public safety organizations.
SAFECOM has developed Cyber Risks to LMR First Edition (1.32 MB,.pdf) to help public safety managers and officials better understand such potential threats. The document provides an overview of LMR systems, explores various forms of cyber risks to public safety communications, and identifies methods and resources to help secure these systems. Appendix A presents additional LMR and cybersecurity resources. Appendix B compiles a checklist for all recommended risk mitigation steps. SAFECOM recommends the below best practices to help secure LMR systems:
- Acknowledge that LMR systems are susceptible to vulnerabilities and attacks just like other IT infrastructure. As such, assess the LMR system network components/security posture and recognize the various forms of cyber threats to the network.
- Develop and implement cyber incident and vulnerability response plans that establish the policies and procedures to provide identification, evaluation, remediation, reporting, and notification of incidents and vulnerabilities affecting systems, data, and networks.
- Implement regular security patching and updates on all operating systems and software to ensure physical and virtual assets are secure. Remove any unauthorized or outdated component from the system that could provide insecure access to the LMR network. Maintain proper encryption protocols and key management policies.
- Regularly scan the network for abnormal activities and develop security violation detection processes that the system users and administrators know.
- Respond to cyberattacks immediately to reduce impacts on the system. Threats can be mitigated by having a well-developed incident response and disaster recovery plan that prioritizes resources.
- Get the LMR system back online as soon as possible with a comprehensive recovery plan that is periodically tested to ensure system users and technicians are prepared to respond to cyberattacks before they occur.
Stakeholders are encouraged to share this document with their respective networks. For questions about Cyber Risks to LMR First Edition (1.32 MB,.pdf), please contact SAFECOMGovernance@cisa.dhs.gov or visit cisa.gov/communications-resiliency for additional public safety communications and cybersecurity resiliency resources.