News

Dispatch News

DOWNLOAD THE WHITEPAPER

IT-derived cybersecurity policies are becoming increasingly integral and expected parts of critical information systems like radio dispatch. While InterTalk generally does not operate critical infrastructure serving the public, we provide solutions for organizations that operate security dispatch software.

We know that cybersecurity is a lot more than just cipher suites, TLS, and AES.

Framework

To aid agencies in ensuring that their systems are appropriately secured and operated, the US Federal government National Institute of Standards and Technology (NIST) provides an excellent framework for assessing and measuring information systems in their Cybersecurity Framework (CSF) with the latest version of the guide (v2.0 released Feb 26, 2024) no longer applying only to critical public infrastructure but applying to all organizations that have cybersecurity requirements and risks to manage.

NIST CSF v2.0 Core provides for six functions that organizations should provide when considering cybersecurity: Govern, Identify, Protect, Detect, Respond, and Recover.

Organizations that intend to purchase InterTalk solutions often have existing cybersecurity policies, regulations, and laws that apply. As a system that is built with open source componentry, in-house fabricated hardware, and standard Commercial Off The Shelf (COTS) components, most organizational cybersecurity governance policies are fully accommodated by InterTalk solutions.

The InterTalk hosted architecture of Enlite complies with rigorous data center security and operational regulations. It aligns with ISO 27001:2013 for information security management, ISO 9001:2015 for quality management, and adheres to the NIST 800-160 guidelines for systems security engineering. We offer management options tailored to specific jurisdiction requirements, ensuring adherence to regional data protection regulations such as GDPR in Europe and CCPA in California.

During the design and planning phases of any InterTalk solution, the specific components that we propose to install will be identified in detail, as well as key staff, supply chain origins, support and maintenance expectations, physical site requirements, and training needs.
We encourage cybersecurity governance to review suggested componentry and assess them in line with your organizational risk profiles at the outset of any project and ongoing throughout the operational lifetime of your system.

We encourage active scanning of the networks we deliver to detect devices and register them and can accommodate adjustments to hardening guides to enable easier network monitoring. There is always a balance between transparency for governance and monitoring versus opacity to make malign actors’ offensive reconnaissance more difficult.

Enlite’s ISO 27001:2013 secure software development methodology incorporates a fully automated deployment pipeline with a separation of duties encoded in it. This encompasses Continuous Integration/Continuous Delivery (CI/CD) practices, automatic vulnerability scans, peer reviews, pervasive training and awareness of secure development practices, and transparent deployments to ensure that release artifacts have strong accountability at every step of their creation and delivery. These practices ensure rigorous scrutiny and testing of any code changes before deployment, thereby reducing the risk of introducing security vulnerabilities.

InterTalk’s ISO 27001:2013 hardware engineering and production methodology incorporates rigorous inventory management, origin tracking, testing, and reporting to ensure that hardware complies not just with functional requirements but that we know exactly what each component does in every piece of hardware we fabricate. We can also comply with any import/export laws relating to electronic componentry and supply chain attacks.

All our operating system services are hardened by ensuring only minimum services are exposed, that root/administrator accounts are properly protected, that we only use FIPS-140-2 acceptable cipher suites like AES-256-SHA with TLS 1.2+ encryption, that we use FIPS-140-2 compliant implementations like OpenSSL / libssl between the insecure network exposed parts of the system, that all 3rd party dependencies are patched and up-to-date, that we use well known prolific COTS components wherever possible with strong communities of active users, and that encryption keys and certificates expire and are rotated out. Where data enters the system from perimeters, it is considered to be intrinsically unsafe, untrusted, and possibly malicious. We consider most system activities to be privileged and protected, requiring authentication and encryption between various elements. We encrypt data at rest at several levels using strong encryption. Operating system root keys and drive encryption hardware can be protected using Trusted Platform Modules (TPM).

For P25 Phase 2 Trunked connections, we offer certified FIPS-140-2 Level 3 HSM support for storing encryption keys, UKEKS, and the like. User authentication and authorization can be federated to Active Directory or securely hashed and stored in local encrypted data stores. Encryption/decryption happens at the perimeter of the ILS core so that analog radios and digital radios can be transcoded, mixed, signals processed and recorded. All traffic leaving the DCS core and destined for consoles is encrypted to the PC using TLS 1.2 or better, FIPS 140-2 approved cipher suites, and, depending on PC configuration, FIPS 140-2 cryptographic modules.

For console positions that use wireless headsets, traffic can be encrypted from the PC to the headset using DECT or Bluetooth encryption. Network links between radio perimeter devices like Sentinel and the DCS ILS Core can be secured using FIPS 140-2 VPN clients and FIPS 140-2 firewall VPN appliances like FortiGate 80F.

All software and operating system configurations are regularly scanned with both active-creative and automated vulnerability scanners to detect any known vulnerabilities in componentry, and we encourage and welcome any 3rd parties doing that to prove your security posture is safe. Where components have assessed vulnerabilities, they are triaged, analyzed, patched, and remediated according to a standard risk model. We encourage the integration of enterprise central logging like ElasticSearch/Logstash/Kibana (ELK), Splunk, Syslog-ng, and log using 12-factor application design principles with rich event log streams to analyze and alarm at multiple levels of granularity. We provide several SNMP traps on multiple services to detect when services change state. We provide active agents to Zabbix, Grafana, and other system monitors for real-time system instrumentation.

As a console dispatch system, individual connections to individual consoles result in notifications of presence to other consoles, so it is hard for an unauthorized person to log in invisibly. GPS locations are broadcast by default, and video cameras may be enabled by supervisors without the consent of logged-in dispatchers.

During a cybersecurity incident, InterTalk has 24/7 support on hand to assist with monitoring and insight. Advanced supervisory controls can be used to isolate and contain intruders with access to various pieces of equipment, including revoking keys, stunning/inhibiting radios that support it, opening microphones and cameras without user consent, force logging out, overriding transmission priority, and other active interventions. Logs, recordings, and reporting are available in common formats for transmission to law enforcement for use in investigations.

As a console systems provider, availability is the most common top criteria for customers and so recovery efforts are focused on restoring service quickly and preventing the spread of disaster outside the affected systems by isolating them from each other. While data is retained with encrypted backups in multiple places, the most common cybersecurity disaster recovery is to design the system with mutually supportive sites where each can access resources on some of the others. During a significant outage (including human operational considerations like evacuations), a compromised site is removed from operation, and the modular architecture of our systems allows operations to seamlessly shift to the peers. The sites share access to resources but do not share data or allow administrative access between them using shared credentials or intra-node network access. In significantly secure architectures, sites have their own overlapping radio infrastructure.

Where there is a desire to recover a system rather than replace it, our high availability configurations and strong automated deployment tools make this simple and well-exercised – restoring the system to a previous data state using regular backups, synchronizing the data, and adding it back into service.

Keep your operations secure and connected. Upgrade your dispatch console to Enlite™ Cloud Ready Dispatch today!

FAQ

What is the NIST CSF v2.0 and how does it relate to InterTalk?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) v2.0 is a guideline for organizations to assess and manage their cybersecurity risks. Released on February 26, 2024, it applies to all organizations with cybersecurity requirements. InterTalk aligns its cybersecurity measures with this framework to ensure robust security across its systems.

What cybersecurity functions does the NIST CSF v2.0 Core include?

The NIST CSF v2.0 Core outlines six critical functions for cybersecurity management: Govern, Identify, Protect, Detect, Respond, and Recover. These functions guide organizations in establishing a comprehensive approach to managing cybersecurity risks effectively.

How does InterTalk ensure compliance with existing cybersecurity policies?

InterTalk solutions are designed to comply with existing cybersecurity policies, regulations, and laws by using open-source components, in-house hardware, and standard commercial off-the-shelf components. This compliance extends to various security standards, including ISO 27001:2013 and NIST 800-160 guidelines.

What measures does InterTalk take to protect its systems?

InterTalk employs multiple cybersecurity measures such as using FIPS-140-2 compliant cipher suites, hardening operating system services, regularly updating third-party dependencies, and implementing strong encryption practices for data at rest and in transit.

How does InterTalk detect and manage cybersecurity threats?

InterTalk utilizes active and automated scanning tools to detect vulnerabilities, alongside integrating enterprise central logging systems like ELK and Splunk for detailed event analysis and notification. This proactive approach ensures timely identification and management of potential cybersecurity threats.

What actions does InterTalk take in response to a detected cybersecurity incident?

In the event of a cybersecurity incident, InterTalk provides 24/7 support to manage and mitigate the situation. This includes isolating and containing threats, revoking access, and coordinating with law enforcement for investigations if necessary.

How does InterTalk handle recovery from cybersecurity incidents?

InterTalk focuses on rapid recovery to minimize downtime. This involves utilizing high availability configurations, regular data backups, and modular system architectures that enable seamless operational transitions to unaffected systems.

Recent News

Innovating with Public Safety Cloud Solutions

Things are constantly changing and evolving within the public safety sector. Everything from the equipment we use, how we connect with each other, and how our mission-critical services are provided to us has changed significantly, even in the short period of 10 years....

The Right Business Communication Solutions for Your Company

Introduction   Whether you are a medium-scale logistics company, or a large-scale international manufacturer of goods and services, communication is the oil that keeps your day-to-day operations running smoothly. Without appropriate communication channels, your...

Join The (R)Evolution Of Dispatch Today

Book a needs assessment with our amazing team below!

  • This field is for validation purposes and should be left unchanged.