1-888-510-8911 info@neatoware.com

Safeguarding Mission-Critical Public Safety Systems

Jun 10, 2025 | Cybersecurity, David Talks Tech

In an era where cyber threats are evolving at an unprecedented pace, the public safety sector faces unique challenges in protecting its mission-critical systems. A joint study released by the Public Safety Threat Alliance (PSTA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) reveals a sharp rise in cyberattacks targeting essential services like public safety radio, computer-aided dispatch (CAD), and public safety answering points (PSAPs). This advisory is a critical call to action for technology leaders to strengthen cybersecurity defenses and ensure the resilience of systems that first responders and communities depend on.

Key Findings

The advisory highlights a 60% increase in cyberattacks targeting mission-critical technologies in 2024, despite a 12% overall decrease in attacks on public safety entities. This shift underscores how cyber threat actors (CTAs) are honing their focus on disrupting vital systems. In 2024, 24 successful attacks rendered emergency communications completely unavailable, with ransomware emerging as the dominant threat. These incidents caused significant downtime and hampered first responder efficiency, amplifying the urgency for robust security measures.

Threat Landscape

CTAs are leveraging a range of tactics to exploit vulnerabilities in public safety systems:

  • Ransomware: The leading attack type, ransomware has caused prolonged outages and financial strain. For example, a municipality paid $1.5 million to recover encrypted CAD, IT, and jail systems in 2024.
  • Credential Abuse: Stolen or weak passwords enable attackers to infiltrate networks, escalate privileges, and access mission-critical systems via tools like VPNs or Remote Desktop Protocol (RDP).
  • Vulnerability Exploitation: Unpatched systems are prime targets. Incidents like the exploitation of “Zerologon” (CVE-2020-1472) highlight the risks of neglecting updates.
  • Targeting Remote Services: Poorly secured VPNs and remote access tools have been entry points for attacks, such as a Kansas ransomware incident that disrupted all first responder communications for a day.

These attacks often stem from improper security configurations—unpatched systems, unsecured remote access, and inadequate network segmentation—making prevention a top priority.

Recommendations

The advisory offers actionable steps to bolster defenses:

  • Multi-Factor Authentication (MFA): Require MFA for all IT accounts, especially those accessing mission-critical systems, to thwart unauthorized entry.
  • Patching Vulnerabilities: Regularly update systems to close exploitable gaps, prioritizing vulnerabilities that enable remote code execution.
  • Changing Default Passwords: Mandate replacing default passwords on all hardware, software, and firmware to block easy access.
  • Network Segmentation: Isolate mission-critical networks from other IT systems using firewalls or demilitarized zones to contain breaches.
  • Limiting Internet Exposure: Keep critical assets off the public internet unless essential, and enforce additional protections like MFA for exceptions.
  • Managed Detection and Response (MDR): Deploy MDR solutions to monitor and respond to suspicious activity in real time.

Implementation Strategies

Technology leaders can put these recommendations into practice with a structured approach:

  1. Asset Inventory: Map out all mission-critical systems and their dependencies to understand the attack surface.
  2. Security Assessment: Review current configurations—remote access, passwords, and network design—to identify weaknesses.
  3. Patch Management: Establish a schedule to prioritize and apply updates, including to legacy systems.
  4. MFA Rollout: Begin with high-risk accounts and expand MFA organization-wide.
  5. Network Segmentation: Use firewalls and access controls to create isolated segments for critical systems.
  6. Monitoring Enhancement: Invest in MDR tailored to public safety, tracking indicators like failed logins or unusual traffic.
  7. Staff Training: Educate employees on cybersecurity best practices, such as spotting phishing emails and managing passwords.

Conclusion

With cyber threats growing more sophisticated, technology leaders bear the responsibility of safeguarding public safety systems. The PSTA and MS-ISAC advisory provides a roadmap to counter these risks, emphasizing proactive measures to protect mission-critical services. By implementing these strategies, organizations can defend against current threats and build lasting resilience, ensuring the safety of both their systems and the communities they serve.

For a deeper dive into the threats and recommendations, download the full advisory and Neatoware’s Cybersecurity Essentials.