Cybersecurity is an ever-present challenge. More public safety agencies are falling victim to high-profile cyberattacks. New threats appear daily and security standards are constantly evolving.
As workforces modernize and leverage new digital tools, the opportunities for cyberattacks increases. Organizations are addressing the increased risk by investing in stronger controls and cybersecurity budgets. According to Cybersecurity Ventures, a leading cybersecurity research firm, organizations spent an estimated $262.4 billion on global cybersecurity in 2021.
Despite the complexity and expense of cybersecurity, there are three critical components to protecting networks, infrastructures, applications, products, and data:
- Confidentiality — You need to know your data is protected from unauthorized access.
- Integrity — You have to be able to trust your data.
- Availability — You need to be able to access your data.
Confidentiality
Is your data protected from unauthorized access?
Following the principle of least-privilege, users should only have the read, write, and execute permissions that are absolutely necessary for their jobs. Because public safety agencies handle sensitive information, confidentiality is often front-of-mind for agencies, community members, and oversight organizations.
To ensure data confidentiality, agencies should:
- Comply with all FBI Criminal Justice Information Services (CJIS) guidelines
- Follow the practice of least-privilege access, where employees can only access the data they need for their job duties — no more, no less
- Mandate cybersecurity training for agency employees
- Implement an identity access management program, including identity and privilege access management, multi-factor authentication (MFA), SSO, and regular access reviews
- Enforce secure password guidelines
- Encrypt data and use encrypted connections to access data
Integrity
Is your data protected against unauthorized changes?
Like a student accessing school systems and changing their grades, cyberattackers can access mission-critical systems and change and remove data. Public safety agencies rely on data to make informed decisions and serve their community, and incorrect data can lead to costly mistakes.
To protect data integrity, agencies should:
- Work with infrastructure providers who store data in physically secure locations
- Encrypt data and securely store the encryption key
- Audit data access and changes regularly
- Use cyber analysis tools to monitor the flow of information and users into, through, and out of your systems, and address irregularities quickly.
- Create a data backup and restoration strategy
- Evaluate data integrity strategy and adherence to best practices often
Availability
Can authorized users access data when and where they need to?
Availability is compromised when the servers storing your data are offline or when remote access to servers is limited or unavailable. While some government systems, like a wastewater SCADA system, can operate in an air-gapped environment (that is, not connected to the internet or other systems), public safety technologies must be connected to the internet and other agency systems to effectively collect, update, and share information.
To ensure data availability, agencies should:
- Run regular quality control tests to verify availability
- Maintain hardware and software through regular maintenance, upgrades, and patches
- Choose cloud-native systems, which reduce downtime through a continuous delivery development approach
- Eliminate siloed, single-function, and monolithic applications, and implement multi-functional, interoperable applications and systems
- Create connection redundancies so communications continue during an internet service provider outage
The three elements needed to protect mission-critical systems
There’s an old proverb that says, “A threefold cord is hard to break.” Confidentiality, integrity, and availability work together to provide a functional and secure environment for mission-critical systems and data.
One way to bolster the confidentiality, integrity and availability of your mission-critical systems is by leveraging cloud-native technologies from cyber-smart vendors. Cloud-native technologies, like Mark43’s records management system (RMS), computer-aided dispatch (CAD), and analytics platform strengthen the confidentiality, integrity, and availability by:
- Leveraging the expertise of government cloud providers
- Providing system updates and upgrades with zero downtime
- Offering access from anywhere there’s a secure internet connection — and capabilities to help keep you working when there is not
- Validating data through cloud-computing capabilities
- Conducting regular vulnerability and penetration testing
- Monitoring the environment for incidents 24/7/365
Want to learn more about cloud-native technologies? Check out our blog, Benefits of a Cloud-Native Solution.
About the Author
Larry Zorio
Chief Information Security Officer
