Public Safety Communications - September/October 2015 - (Page 52)
Passwords: Keeping Yourself Secure
By Frank Kiernan
PSC | apcointl.org
s we all know, in this business any day can be
your "Friday." Public safety telecommunications
professionals work every hour of every day of
every week so that rare "weekend" is a welcome addition
to the schedule. While we all enjoy our "weekends," there
is always something unexpected waiting upon our return.
For example, you return from the coveted time off, login
to your position, enter your user name and password, and
WAM! you get the dreaded notification, "your password
has expired; please change your password." You groan and
start the process only to receive the notification that you
have used the new password before, and you must come up
with another one. Why? You just want to be able to work,
the center is a secure facility, besides who would want to
get into your CAD or other systems, and isn't most of the
stuff public information anyway?
As a matter of fact, there are several good reasons that
passwords need to be changed regularly, and some sound
logic behind the rules that apply to changing them. As most
of you are aware, there are rules regarding access to Criminal
Justice Information System sites like NLETS and NCIC,
which require a secure password that includes changing
the password every 90 days in order to remain compliant.
There also may be state regulations for access to DMV,
corrections and other files that require a secure password
with periodic changes to those passwords required as well.
According to a Jan. 21, 2014, article in CBS News, the
most common passwords for 2013 were, "123456," "password" and "12345678." It is no wonder accounts are being
hacked with ease. How about this for a login and password
"dispatch"? Think it doesn't happen? It does happen, every
day, in every job, all over the world. As a result of insecure
passwords, you will have insecure systems. All a hacker
needs is one ingress point into the system. The simplest,
and unfortunately most common, way to access an entire
system is to access it as a "trusted" member of that system.
In other words, to hack in by username and password.
I have worked "under the headset" and appreciate that
shift change is no time to be messing around changing
passwords while the officers are calling in service. However,
password security and network security are becoming more
and more important. Rather than becoming frustrated at
the timing, we need to coordinate with our IT folks and
ask that they send indicators when passwords are about to
expire. This gives everyone advance notice and allows us
time to make the necessary changes.
As a best practice, numerous sources typically recommend using a password of at least eight mixed characters or more. You will need to determine what characters
your program will accept and follow those guidelines. Be
careful - hackers are clever and have plenty of free time
and software to help them. Using numbers in place of letters
"d15patch" looks to be secure, but I am sure if I thought of
it, so has a hacker. You should use a combination of symbols,
capital letters and numbers to create your secure password.
If allowed, a combination of words can be used, such as
"keep_the_faith" - something you can remember but has
nothing to do with the job. How many dispatchers use an
operator or badge number? That information is available to
the public and can be easily obtained. Your child's initials
and date of birth? It is right at the top of the list and not as
hard to find as you might think - nor is your address, zip
code or birth date. While it may seem troublesome, using a
secure, mixed, non-predictable password scheme may save
you, and your systems administrator, a lot of trouble down
the road. Keep in mind, these same general guidelines apply
to all passwords, so you may want to rethink your email,
credit card and retail account passwords while you're at it.
Not only do we need to protect our terminals within the
communications center, we also need to protect the remote
access points of our systems. Some of our commercial providers have access to check radio and CAD systems remotely.
If these gates are left open accidentally or a technician from
the company becomes disgruntled or fired, our systems
become vulnerable to hacking. We need to manage these
ports so they are open only when access is needed.
As we look at the future of our industry, advanced technology is becoming the norm in the PSAP. You can harden
your facility to protect against nature's elements and use
cameras and electronic access to monitor who comes and
goes physically, but what about the "Cyber-wanderer"?
The 1983 movie War Games exploited the idea of a teen
hacking into NORAD with 1983 technology. Hackers are
more sophisticated in 2015. If you were worried about what
some "dreamer" could do with a mainframe computer
before there was even an Internet in 1983, just imagine
what someone with knowledge, skills and access can do in
today's fully interconnected world. Security is everyone's
responsibility. Both physical and cybersecurity are included
in that task. It may take a few minutes longer, may require a
little better planning, and might even mean making changes
to your personal passwords and access methods but at the
end of the day, a little attention to cybersecurity will go a
Frank Kiernan is director of Emergency Communications
for the City of Meriden, Connecticut, chair of the
Standards Development Committee and Executive Council
Representative for the Atlantic Chapter. He has over 30 years
of public safety experience.
Table of Contents for the Digital Edition of Public Safety Communications - September/October 2015
Board of Directors, Executive Council & Chapter Presidents
Calls for Fire Service & CDE Exam
Mobile Dispatch & CDE Exam
Public Safety Communications - September/October 2015