Public safety agencies depend on always-on systems like 911, CAD, and RMS, making cyber risk an operational and leadership issue rather than just a technical one. The article highlights collective defense through CIS, MS-ISAC, MDBR, CIS MDR, and the CIS Critical Security Controls to improve resilience against ransomware, phishing, doxing, and other threats. #CIS #MSISAC #MDBR #CISMDR #CISCriticalSecurityControls
Keypoints
- Public safety cybersecurity is mission-critical because 911, CAD, and RMS systems support 24x7x365 operations.
- Cyber threats can disrupt operations directly, forcing agencies into manual workflows, reduced dispatch capabilities, or radio-and-paper processes.
- Many U.S. SLTT agencies face rising risk with limited staff and resources, making it hard to prioritize alerts and respond effectively.
- Collective defense through MS-ISAC provides shared threat intelligence, IOCs, and real-time advisories that improve detection and response.
- Leadership must treat cybersecurity as a resilience issue and ask questions about ransomware readiness, system protection, and personnel risks such as doxing.
- Continuous assessment using CIS Critical Security Controls and readiness for human-targeted threats helps agencies adapt to evolving risks.
- A layered defense strategy combining MDBR and CIS MDR strengthens prevention and endpoint detection for public safety environments.
MITRE Techniques
- [T1566 ] Phishing – Used as an initial access and disruption vector against agencies, with campaigns that trick personnel into enabling compromise (‘phishing campaigns can force agencies into manual processes’).
- [T1486 ] Data Encrypted for Impact – Mentioned in the context of ransomware disrupting agency operations and forcing recovery actions (‘prepared for ransomware and recovery scenarios’).
- [T1598 ] Phishing for Information – Threat actors are described as targeting personnel and sensitive information, including doxing-related exposure (‘risks exist for personnel, including doxing and exposure of sensitive information’).
- [T1591 ] Gather Victim Org Information – The discussion of surveillance and exposure of sensitive information reflects adversaries collecting details on personnel and operations (‘Exposure of sensitive information’).
- [T1114 ] Email Collection – Not explicitly detailed, but implied through phishing activity targeting agency users (‘phishing’).
Indicators of Compromise
- [Organizations/Platforms ] Mission-critical public safety environments – 911, Computer-Aided Dispatch (CAD), Records Management System (RMS)
- [Organizations/Services ] Shared defense and response resources – Center for Internet Security (CIS), Multi-State Information Sharing and Analysis Center (MS-ISAC)
- [Security Tools/Services ] Detection and blocking capabilities – Malicious Domain Blocking and Reporting (MDBR), CIS Managed Detection and Response (CIS MDR)
- [Operational Context ] Threat and exposure categories discussed for agencies – ransomware, doxing, PII leakage, surveillance