Public Safety Communications - September/October 2015 - (Page 52)

TOP Ops Passwords: Keeping Yourself Secure By Frank Kiernan PSC | A 52 s we all know, in this business any day can be your "Friday." Public safety telecommunications professionals work every hour of every day of every week so that rare "weekend" is a welcome addition to the schedule. While we all enjoy our "weekends," there is always something unexpected waiting upon our return. For example, you return from the coveted time off, login to your position, enter your user name and password, and WAM! you get the dreaded notification, "your password has expired; please change your password." You groan and start the process only to receive the notification that you have used the new password before, and you must come up with another one. Why? You just want to be able to work, the center is a secure facility, besides who would want to get into your CAD or other systems, and isn't most of the stuff public information anyway? As a matter of fact, there are several good reasons that passwords need to be changed regularly, and some sound logic behind the rules that apply to changing them. As most of you are aware, there are rules regarding access to Criminal Justice Information System sites like NLETS and NCIC, which require a secure password that includes changing the password every 90 days in order to remain compliant. There also may be state regulations for access to DMV, corrections and other files that require a secure password with periodic changes to those passwords required as well. According to a Jan. 21, 2014, article in CBS News, the most common passwords for 2013 were, "123456," "password" and "12345678." It is no wonder accounts are being hacked with ease. How about this for a login and password "dispatch"? Think it doesn't happen? It does happen, every day, in every job, all over the world. As a result of insecure passwords, you will have insecure systems. All a hacker needs is one ingress point into the system. The simplest, and unfortunately most common, way to access an entire system is to access it as a "trusted" member of that system. In other words, to hack in by username and password. I have worked "under the headset" and appreciate that shift change is no time to be messing around changing passwords while the officers are calling in service. However, password security and network security are becoming more and more important. Rather than becoming frustrated at the timing, we need to coordinate with our IT folks and ask that they send indicators when passwords are about to expire. This gives everyone advance notice and allows us time to make the necessary changes. As a best practice, numerous sources typically recommend using a password of at least eight mixed characters or more. You will need to determine what characters your program will accept and follow those guidelines. Be careful - hackers are clever and have plenty of free time and software to help them. Using numbers in place of letters "d15patch" looks to be secure, but I am sure if I thought of it, so has a hacker. You should use a combination of symbols, capital letters and numbers to create your secure password. If allowed, a combination of words can be used, such as "keep_the_faith" - something you can remember but has nothing to do with the job. How many dispatchers use an operator or badge number? That information is available to the public and can be easily obtained. Your child's initials and date of birth? It is right at the top of the list and not as hard to find as you might think - nor is your address, zip code or birth date. While it may seem troublesome, using a secure, mixed, non-predictable password scheme may save you, and your systems administrator, a lot of trouble down the road. Keep in mind, these same general guidelines apply to all passwords, so you may want to rethink your email, credit card and retail account passwords while you're at it. Not only do we need to protect our terminals within the communications center, we also need to protect the remote access points of our systems. Some of our commercial providers have access to check radio and CAD systems remotely. If these gates are left open accidentally or a technician from the company becomes disgruntled or fired, our systems become vulnerable to hacking. We need to manage these ports so they are open only when access is needed. As we look at the future of our industry, advanced technology is becoming the norm in the PSAP. You can harden your facility to protect against nature's elements and use cameras and electronic access to monitor who comes and goes physically, but what about the "Cyber-wanderer"? The 1983 movie War Games exploited the idea of a teen hacking into NORAD with 1983 technology. Hackers are more sophisticated in 2015. If you were worried about what some "dreamer" could do with a mainframe computer before there was even an Internet in 1983, just imagine what someone with knowledge, skills and access can do in today's fully interconnected world. Security is everyone's responsibility. Both physical and cybersecurity are included in that task. It may take a few minutes longer, may require a little better planning, and might even mean making changes to your personal passwords and access methods but at the end of the day, a little attention to cybersecurity will go a long way. * Frank Kiernan is director of Emergency Communications for the City of Meriden, Connecticut, chair of the Standards Development Committee and Executive Council Representative for the Atlantic Chapter. He has over 30 years of public safety experience.

Table of Contents for the Digital Edition of Public Safety Communications - September/October 2015

Membership Information
Board of Directors, Executive Council & Chapter Presidents
President’s Channel
On Scene
APCO Bulletin
Buyer's Guide
Calls for Fire Service & CDE Exam
Mobile Dispatch & CDE Exam
Institute Schedule
Telecommunicator Spotlight
Top Ops
Ad Index
Member Services

Public Safety Communications - September/October 2015