Improving the Cybersecurity Posture of NG911 Systems

Author: Traci Knight, Office of Emergency Communications

As the Nation’s Public Safety Answering Points (PSAPs) begin to transition into a next generation network environment and deploy Next Generation 9-1-1 (NG911), today’s 911 networks will become more compatible with more types of communication networks, gain greater situational awareness to dispatchers and emergency responders, and establish a level of resilience not previously possible. However, NG911 will also introduce new vectors for attack that can disrupt or disable PSAP operations, broadening the concerns of―and complicating the mitigation and management of―cyber risks across all levels of government. As such, the DHS Office of Emergency Communications and Department of Transportation National 911 Program are proud to present the NG911 Cybersecurity Primer.

The Primer is an introduction to improving the cybersecurity posture of NG911 systems nationwide and provides an overview of the cyber risks that will be faced by NG911 systems. It is intended to serve only as an informational tool for system administrators to better understand the full scope and range of potential risks, as well as recommend mitigations to these risks. The Primer highlights the value of a risk assessment to identify, evaluate and prioritize system risks. It also recommends the following actions for system administrators intending to improve their NG911 systems:

  • Adopt a “security first” perspective. Cybersecurity has become an integral part of mission function and operations for NG911 systems. Working with others within the NG911 community, government, industry, and academia to establish consistent standards, policies, procedures, interoperability and implementation guidance for NG911 deployments is crucial.
  • Leverage historically-successful cybersecurity strategies. Researching available references and resources listed in the Primer, as well as gathering experiences from other NG911 community members, is important to constructing the ideal solution set for each NG911 system’s unique circumstances.
  • Establish a cybersecurity risk framework. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is highly recommended as a flexible, risk-based approach to improving the security of critical infrastructure.
  • Identify, evaluate, and prioritize risks using a community-based risk assessment process. This process should account for threats, vulnerabilities, and consequences associated with all system assets, including systems to which the NG911 system intersects.
  • Develop mitigations. An examination of the likelihood and consequences of attacks should help to prioritize and inform mitigation strategies. Using both prevention and detection techniques, administrators should strive to negate or decrease the impact of an attack. Researching available mitigation techniques and employing them in a prioritized fashion will produce a comprehensive cybersecurity solution. Sample NG911 security mitigation strategies are provided in the Primer.
  • Solidify response and recovery actions. Establishing an incident response team and developing incident response plans, policies, and capabilities for the networks, personnel, and user equipment can prevent expansion of the event, mitigate its effects, and eradicate the incident. These efforts should be supported by regular training and exercises and coordination with external parties so that all participants are aware and capable of their role during and after an event.

Once risks are identified and protection mitigations are in place, the NG911 community has an opportunity to focus on detection and advance planning. Instead of focusing on the individual cybersecurity events and data recovery, an effective framework uses data analytics in PSAPs, joint field offices, and emergency operations centers to accelerate and automate analysis, and to shift from a posture of “what just happened, and how do we fix it?” to “what is going to happen to, and how can we prevent it?” The NG911 community can remain in front of potential cyber events through its ability to feed relevant event data to emergency operation centers, fusion centers, and cyber centers.

Additional information and resources are available through DHS OEC and the National 911 Program, please contact for support.

For more information please visit the NG911 Cybersecurity Primer located on the National Emergency Communications Plan webpage.