Urgent Matters

Could cybersecurity issues undermine migration efforts to IP-based solutions?

by Donny Jackson
Apr 21, 2016

Internet Protocol (IP) has revolutionized the communications industry, enabling significantly greater functionality and lower costs than many would have dreamed possible even two decades ago. Will the growing cybersecurity problem prevent IP-based solutions from reaching their full potential?

Internet Protocol (IP) has driven changes in the communication industry in a manner unlike any other technology in the history of the sector. From the Internet to commercial wireless to land mobile radio (LMR), IP has allowed even advanced communications to be available to the masses.

Combined with Moore’s Law for computing and other technological advances, the adoption of IP-based solutions has resulted in greater availability and more functionality in communications, all while prices continue to drop. Meanwhile, the IP ecosystem has matured rapidly, and significant innovations seem to occur multiple times per year.

Properly designed IP-based systems can be more resilient that circuit-switched solutions, while allowing remote-monitoring capabilities and levels of interoperability that would have been unthinkable a couple of decades ago. Given this, it is no wonder that IP-based platforms are at the core of next-generation systems, from smart grids to smart cities to public-safety initiatives such as public-safety LTE or next-generation 911.

Communications historically has been an industry focused on tradeoffs, but IP’s better-faster-cheaper mantra seemed immune to normal truisms. No matter what problem was identified, the massive IP ecosystem would work on it, and a solution seemed to be in the marketplace within two years or less.

But the interconnected nature of IP-based solutions—the feature that makes them so valuable, because data from multiple sources can be gathered quickly and leveraged to make informed decisions—is the very characteristic that is being exploited to create a problem for IP-based systems, and it’s a whopper: cybersecurity.

No one seems to be able to solve the cybersecurity puzzle. Reports of data breaches, denial-of-service attacks and malware hacks seem to be in the news on a weekly basis, and the victimized enterprises seem to be in every kind of enterprise, in both the private and public sectors. Meanwhile, experts repeatedly tell us that those entities that have not been in these reports likely have been hacked—they just haven’t realized it yet or have taken steps to conceal the information.

Now, older communications systems are not immune to security problems; the number of cloned radios found on public-safety LMR networks is evidence that issues exist.

But even if someone deems private LMR networks to be technically less secure than IP-based systems, the siloed nature of the LMR networks—the characteristic that hampers interoperability—makes them much less desirable targets. The resale market for the information is limited, and many LMR networks require some sort of physical presence—a device or person—within the coverage territory, which requires a certain amount of effort that may be more trouble than it’s worth for a hacker.

In contrast, IP-based systems are much more likely to be targeted by a guy in Russia sitting in front of a computer screen. This is particularly true of high-profile IP-based systems, such as those run by the U.S. Department of Defense or a federal intelligence agency. Information from such sources is very valuable.

FirstNet hopes to have its public-safety broadband network operational within the next couple of year, and everyone is very aware that the system will be a prime target for hackers, given all of the very sensitive data that it will carry for first-responder agencies.

Related Media: 

Discuss this Blog Entry 2

on Apr 21, 2016

Interesting that this should come up as I sit in a place where the internet went out for several hours today, where a simple thing like a wet snow storm brought a modern P25 Digital Radio network to its knees a few days ago. Where some time this spring or summer it is highly likely that a guy with a back-hoe is likely to bring several towns and cities to a grinding halt as he digs up the fiber that connects them together. By the way, that same fiber connects several PSAPs and dispatch centers. While I can certainly agree that LMR systems may have some level of vulnerability it is unlikely that any of the above mentioned things will single-handedly take out an entire LMR system that is properly configured. Anything connected by IP is likely to have numerous single points of failure. While I have no problem searching for recipes or news on the internet the idea that same technology is used to deliver urgent/emergency services and that they are vulnerable to hackers and state sponsored attacks makes me cringe. Successful attacks have been launched against entities with the unlimited power of the taxpayers purse. DOD, NASA, and many others have been hacked, how long will it take for some radical fundamentalist from the middle-east to figure out how to get into FirstNet or any of the other myriad communication systems that leverage IP for network expansion/connectivity. I suspect that those plans are already underway in some way or another. The last decade or so has certainly expanded the number of our enemies, gee we even import them now. Not to mention increased the number of nation states that no longer fear the US paper tiger. I'm am wary of the increasing dependence on a technology that is almost constantly under attack from the most remote corners of the planet. IP has exponentially increased the vulnerability of mission critical communications.

GBH (not verified)
on Apr 21, 2016

Wonderful article. This is an approach to the issue I have not seen in other writings on cyber security. As a person who has some this whole career in the utility industry, I am more and more of the opinion that IP is not the perfect fit for Utility Telemetry. It presents security challenges which are immense and often the remedy reduced the advantages of IP to the point of little gain. It's sad it true. Thanks for directly addressing this issue.

Post new comment

or register to use your Urgent Communications ID