NIST Researchers Analyze Security Threats to First Responder Devices in New Study

Researchers from the National Institute of Standards and Technology have performed an analysis of the threats affecting modern communication and wearable devices that public safety officers use when performing their duties.

The threat analysis is part of a new NIST study entitled “Security Analysis of First Responder Mobile and Wearable Devices,” a draft version of which has recently been made available for public comment.

In the threat analysis, Joshua Franklin, Gema Howell, Scott Ledgerwood and Jaydee Griffith list different kinds of events that could affect a mobile or wearable device and associate each threat with a systemic or procedural vulnerability.

The researchers then characterize each threat in terms of how severely it may affect either data confidentiality, integrity or availability. Impact severity changes depending on which public safety service is using the affected device.

Next, the authors of the study describe the nature of the threat event —  whether it is the result of an attack, human error, hardware or software failure, or a natural disaster — and predict its likelihood of occurrence.

Franklin and his co-authors point out that "[by] understanding the threats and risks posed to public safety systems and their users, life-threatening scenarios can be prevented from escalating due to malicious or accidental failures of technology."

The proponents of the study also called for "robust and innovative mitigations for the threats identified within this report, along with practical guidance for their implementation."

Check Also

NSA

NSA Warns of Cyber Vulnerability in Email Transfer Software

The National Security Agency has identified a vulnerability that Russian cyber actors take advantage of to attack mail transfer networks. Sandworm Team, a Russian military group, has exploited the CVE-2019-10149 vulnerability found in the Exim software that Linux and Unix systems use as a mail transfer agent, NSA said Thursday.