As a police, fire, or other public safety agency your mission is to protect the life and property of the public citizens within your jurisdiction. Thanks to technological advances over the last few decades, your department has become increasingly dependent on its information technology systems in order to deliver on this mission.
Failures within your critical IT systems can have devastating immediate and long-term impacts on your agency, your personnel, and the public you protect. As a result, your agency may lose its ability to communicate, to access stored data, and may lose control of sensitive, private information.
For these reasons, public safety agencies need to take IT security seriously. Training your personnel on security best practices is a great first step, but it is likely that further changes are needed to improve the cybersecurity of your agency's hardware and software. The turn of the decade has seemingly brought increased cyber risks for any organization across the United State, including those in public safety.
In April 2021, a Russia-linked cybercrime group infiltrated the computer systems of the Colonial Pipeline Company. The attack took down the company's computer systems, which subsequently shut down the operation of the largest fuel pipeline in the United States for nearly two weeks.
The shutdown of the pipeline caused gas stations in some regions to run out of fuel, caused long lines, and increased the price of gas. The company ended up paying the attackers a $4.4 million ransom to release control of their company computers. This was the largest ever successful cyberattack on American infrastructure. Not long after, in May 2021, the City of Tulsa was hit with a ransomware attack that took down its public safety computer systems for a weekend. Police officers had to revert back to pen and paper reports, firefighters went back to old-school radios, and both agencies had to stop handling non-emergency calls.
Tulsa ended up being a minor incident, likely conducted by amateurs, as the system was only down two days. No data was lost and no ransom needed to be paid. But the incident is an example of how vulnerable a public safety agency is to these types of attacks.
A recent report from Mimecast shows that 61% of companies experienced a ransomware attack in 2020, with an average loss of six working days of system downtime. Of the ransomware victims, 52% ended up paying the ransom to the criminal.
Experts are confident that the number and severity of ransomware attacks will continue to grow. They are also concerned that as major private companies successfully tighten their cybersecurity belts, the attackers will move on to softer public agency targets.
Many large corporations are moving away from local computer servers and migrating their data to huge data centers. These data centers, and all of the hardware inside, can be owned by the company or owned by an independent company that specializes in data center operations.
And it is more than just “data” being moved over to these data centers. Organizations are also moving over applications, operating systems, processors, and almost everything else that makes an IT system run. Essentially, the only IT system typically left onsite at a company location is the “dummy” hardware needed to access the data center. These data centers are accessed over an internet connection and are more broadly known as “the cloud.”
A simplified consumer example of a cloud in action is the Google Chromebook laptop. The laptop hardware has just enough power to launch an internet connection and tap into the Google Cloud. From there, all applications, such as Google Docs and Google Drive, are run using the power and security of Google’s cloud data center.
It is understandable that government agencies might be hesitant to pack up all of their computer data and applications and ship them off to a private cloud company being managed in unknown locations, by unknown employees. Agency leaders, especially those without technical backgrounds, feel better knowing their agency’s data is sitting behind a locked door down the hall, being managed by agency employees.
Unfortunately, we are discovering that those “down the hall servers,” like those in the City of Tulsa, are not only expensive to maintain and upgrade but, even more worrisome, are vulnerable to cyber and ransomware attacks. Agency IT personnel will simply be outmatched and outgunned against state-sponsored cybercriminals, and public safety agencies will need new IT weapons to defend themselves. Many agencies will likely find cloud computing solves both their budgetary and cybersecurity requirements.
With the threat of cyber and ransomware attacks expected to rise, IT companies have stepped in to sell innovative products to protect against these risks with the help of technology companies who know the cloud best. One such product is Microsoft’s Azure Government Cloud.
Microsoft recognized the unique needs of government IT systems, so they created cloud data centers to be used solely by government agencies.
“Azure Government is the mission-critical cloud, delivering breakthrough innovation to US government customers and their partners. Only U.S. federal, state, local, and tribal governments and their partners have access to this dedicated instance, with operations controlled by screened U.S. citizens. Azure Government offers the broadest level of certifications of any cloud provider to simplify even the most critical government compliance requirements.”
Microsoft invests $1 billion per year into cloud cybersecurity, and the company has access to the best hardware, software, and people talent in the world. It is safe to assume that the servers sitting in the back of many administration buildings do not receive the same type of investment that Microsoft gives its cloud data centers.
Agencies that are serious about protecting themselves against cyber and ransom attacks should only consider IT solutions that can match the type of security that Microsoft cloud offers.
Orion offers operational workforce management software designed for public safety agencies. This software can be used for the management of employee scheduling, time and attendance, payroll calculations, equipment, training and more.
Orion provides its software through a cloud-based infrastructure that is protected from cyberattacks via the Microsoft Azure Government network security platform.
Orion recognizes the growing threat public agencies face in the digital space. The company takes workforce data security seriously, which is why it has partnered with Microsoft to deliver best-in-class cloud security including Network Segmentation, Network Access Control, and Azure Firewall and Monitoring and Threat Detection.
When done right, the security tools available today can give every agency the protection it needs against the increasing threats of state-sponsored cybercriminals.