Today’s law enforcement, fire/rescue and emergency medical services (EMS) and 9-1-1 agencies have numerous communications systems and applications that play a critical role in supporting their critical mission of preserving lives and property. These systems and applications often are interconnected, but they always are interrelated.
Despite this interrelation, public safety managers often do not have a holistic perspective on how these systems interact. In some cases, they aren’t even aware of all of the systems and applications that are being leveraged by the agency.
This is problematic on several levels:
- Agencies often make changes to their communications systems, for example when vendors release a new software or firmware version. If the agency does not have holistic visibility into its systems and how they interconnect/interrelate, a change can have a detrimental effect on another system. In a worst-case scenario, a change could trigger a cascading series of events that leads to one or more system failures.
- It is difficult, if not impossible, for an agency to chart a course for the future—and secure the desired funding—when it does not have an intimate, up-to-date knowledge of its systems. Said another way, how does one determine what is needed—and then convince policymakers of the need—if one is unaware of what it has, or its current condition? This becomes even more complicated when an agency has multiple PSAPs.
- Moreover, when such depth of knowledge is lacking, it is exceedingly difficult for an agency to know what questions to ask of its vendors. The result is that systems often are over- or under-engineered.
- As previously mentioned, today’s communications systems are often interconnected. The interconnection of systems creates multiple entry/access points that can be leveraged to launch intrusive attacks. Knowing where every entry/access point exists in every system is the first step toward cybersecurity—but it is a step that cannot be taken without a deep, up-to-date knowledge of system assets.
Read to learn more about steps you can take to stengthen your knowledge of your system assets.
Steps you can take to protect your agency
A deep knowledge of system assets will be even more imperative in the future, when all systems—both internal and external—will be interconnected via Internet Protocol (IP)-based systems, including Emergency Services IP Networks (ESInets), that are being deployed. This knowledge can be gained in part by taking the following initial steps:
- Create an inventory map of all network/system infrastructure currently in use across the jurisdiction, including all components, firmware, software and application Learn how to do this with our whitepaper, "Developing a Dynamic Documentation and Asset Management Strategy."
- Conduct follow up inventories on a regularly scheduled basis, but at least once per year.
- Create a database that identifies how every network and system component is configured—this information will be vital to change management, as well as any future updates or expansions.
Not every agency will have the financial wherewithal or internal expertise to perform these tasks, and those that do not should consider a third-party service, such as the co-managed IT services provided by MCP. However, regardless of how it is accomplished, holistic visibility into a public safety agency’s systems and applications is powerful knowledge to have.