Skip to main content

Protecting our 911/112 lifeline as cyber threats intensify


For many years, 911/112 emergency services have been an essential lifeline, helping to rescue individual lives and keep the public safe, 24 x 7. Along the way, the services have evolved, adding new lifesaving capabilities made possible by advances in the underlying technology of the 911/112 emergency service.

In the earliest days, for instance, automatic number identification was a breakthrough that helped speed emergency response times for landline callers. Now, major progress in multimedia communications offers an opportunity to deliver a far broader and more sophisticated range of information to emergency response centers (also known as public safety answering points or PSAPs) — including real-time text and video, picture sharing and instant messaging.

Next-generation 911/112: New powers, new vulnerability

This multimedia information has crucial benefits for public safety, because it offers much broader situational awareness for emergency call takers (also known as telecommunicators) and enables faster action where it’s needed most. Widespread digital devices — ranging from smartphones, wearable fitness trackers, and watches to CCTV and unmanned aerial vehicles — can all be used to deliver essential facts, photos and videos to PSAPs, which relay them to emergency teams. The result will be “Total Conversation emergency calls” from citizens to telecommunicators to first responders, making the public safer.

To take advantage of these capabilities, PSAPs must upgrade to next-generation 911/112 (NG911/112), while maintaining interoperability with their legacy systems. This step will expand the voice-based service into a data-centric service, which uses an IP network, called an Emergency Services IP network (ESInet).

However, making the switch to this type of network brings a new kind of vulnerability, along with its valuable benefits. That’s because the NG911/112 infrastructure is connected to other domains, including the internet — where it is exposed to the threat of new and evolving cyber attacks from bad actors that can disrupt 911/112 communications and even PSAP operations, making emergency services unreliable or even unavailable.


The best defense strategy against DDoS and TDoS attacks

With more internet-connected devices and widespread adoption of the Internet of Things, distributed denial of service (DDoS) attacks have become more prevalent, requiring new and more potent cyber security measures. DDoS is a malicious attack that attempts to make a service unavailable to legitimate users by flooding it with a high volume of traffic. For example, an attack against an NG911/112 system would typically use a multitude of compromised connected devices, such as CCTV cameras or IoT sensors around the world — which would send traffic via the internet to the 911/112 system of a particular city or county.

A telephony denial of service (TDoS) is a specialized form of DDoS aimed at the ESInet and the NG911/112 system. It depletes the NG911/112 call resources, or simply jams the internet pipes to the ESInet so that legitimate emergency calls cannot be processed, depriving citizens of the urgent help they need. Common attack methods include flood attacks, like the TCP SYN flood attack, UDP flood attack, and the SIP INVITE flood attack, as well as TCP-/UDP-based reflection/amplification attack.

Clearly, connecting to the internet greatly increases the attack surface of an NG911/112 system. As a result, PSAPs need to deploy an adaptable, cost-effective and scalable mitigation blueprint that can evolve to defend against DDoS/TDoS attacks of increasing frequency and sophistication. The most effective approach uses an innovative multi-tier strategic defense that incorporates the brain of analytics to quickly detect attacks and harnesses the brawn of next-generation router hardware to deploy DDoS filtering as countermeasures, stopping the attacks as they occur and keeping the lifeline open 24 x 7.

To learn more about how to implement our defense blueprint — as well as the mechanics of specific attacks — read the white paper, “Ensure 911/112 emergency calls get through 24 x 7”. It can help keep your emergency communications services up and running.

Share your thoughts on this topic by joining the Twitter discussion with @nokiaindustries using #publicsafety #missioncritical #allwhere

Hansen Chan

About Hansen Chan

Hansen Chan is an IP Product Marketing Manager with a special focus on digital industries and government. He has worked with telecom service providers and critical infrastructure network operators worldwide for more than 25 years on protocol testing, network design and consulting, and product management. When he’s not talking networks, he’s reading up on history and religion, and listening to Baroque and 20th century classical music.

Tweet him @hchan888

Article tags