Security in public safety

According to a recently published report by The Office of the Australian Information Commissioner (OAIC), cyber attacks and subsequent data breaches are on the rise. In fact, since the start of 2020 there have been 2784 breaches reported that put Australians at likely risk of “serious harm”.

History has shown us that if even trusted brands like Optus and Medibank can fall victim to cyber attacks, then Australia’s public safety agencies must consider themselves potential targets. In fact, the public safety industry comprises some of our most trusted personnel including police, fire and land management agencies, defence and intelligence organisations. The sector, which employs more than 186,978 and is valued at $57 billion, is also holding countless pieces of precious personal information that make it an incredibly appealing target for bad actors.

With some of the highest levels of clearance to access personal data, it is vital our public safety sector has effective cybersecurity practices in place. The lure to access this sensitive data is heightened as it has the potential to provide criminals that attain it with serious leverage and bargaining power. The stakes could not be higher.

A 2021 Department of Police, Fire and Emergency Management (DPFEM) internal report found there had been 844 attempts to break into Tasmania Police employee accounts in just one year. As widely reported by media at the time, DPFEM warned that without additional security, the agency is vulnerable to future attacks.

With risk rapidly increasing, we’re seeing the federal government respond in the right direction. It’s investing in ensuring Australia’s privacy laws are enforced, with OAIC set to receive more than $60 million in the latest Budget. Further, in February, Australia’s first Minister for Cyber Security, the Hon Clare O’Neil MP, announced the development of the 2023–2030 Australian Cyber Security Strategy, which sets out ambitions for Australia to become the most cybersecure country by 2030.

To strengthen security and compliance posture through cyber resilience, and ensure data is not stolen and held for ransom, there are four key measures public safety agencies should consider and action: inventory and auditing, access control and data protection, endpoint security controls, and risk and incident response.

Inventory and auditing

With hybrid and remote working now the norm, public safety organisations must not rest on their laurels and need to be vigilant when it comes to accounting for, and monitoring, devices and their use. It’s crucial they take stock and ensure they can account for, and track use of, all their digital assets. They need to understand which devices have access to which specific datasets and be able to watch and record device activity, as well as identify and document any changes to configurations.

Access control and data protection

It is imperative that any public safety agency’s cybersecurity strategy has a focus on restricting and controlling individual employee access rights. There needs to be the ability to disable unauthorised users, and the means to make access decisions based on factors such as location, time of day and job role. Using geolocation enables organisations to detect if a device leaves an authorised area. Capabilities like remote device wiping and removing user accounts can ensure that employees found to be corrupt or terminated, with sensitive access or devices that are unable to be reclaimed immediately, do not pose a risk.

Endpoint security controls

Protecting endpoints is a foundational part of cybersecurity. Public safety organisations need to develop a comprehensive approach to determine whether devices are appropriately updated and patched, be able to verify and fix device configurations, and validate and restore encryption for all sensitive data. Additionally, malware protection helps keep endpoints clean, providing a strong perimeter.

Risk and incident response

In the event that a device is compromised, stolen or misplaced, it is essential that organisations act fast to minimise risk. Having a detailed incident response plan ensures the security team is well-positioned to handle the situation quickly and effectively. In addition, it’s vital to test that plan and ensure the technical controls needed are ready to perform actions such as remotely wiping or isolating a device. Finally, being able to produce a record of suspicious activities that took place will aid digital forensic investigations.

According to a recent report from cybersecurity management firm Rapid7, zero-day exploits and widespread attacks have risen sharply and continue to put considerable strain on security teams. With attacks continuing to hit our shores and grow in complexity, it is likely that public safety agencies will find themselves in the firing line. This threat reiterates the need for our public safety agencies to urgently assess these four evaluation areas against their own security policies. Ensuring they strengthen the systems they have in place today will go a long way to ensuring they remain resilient tomorrow.

Image credit: iStock.com/cherdchai chawienghong