Security for 1st Responders

The First Responder Network Authority (FirstNet) https://www.firstnet.gov an independent agency created under the Department of Commerce’s National Telecommunications and Information Administration (NTIA) https://www.ntia.doc.gov, is going to develop, build, and operate the country’s first Nationwide Public Safety Broadband Network (NPSBN).

NPSBN will enable first responders to use modern communications devices, sensors, and wearables for public safety activities along with land mobile handsets. New technologies will be needed to act against threats to establish device and communication security.

In addition to utilizing the NPSBN, mobile devices and wearables can be part of a network dedicated to the individual known as a Personal Area Network (PAN). PANS use a completely different set of wireless networking protocols than cellular or LMR devices such as Wi-Fi or Bluetooth. Security interactions between these device and protocols need to be understood to ensure public safety activities are not adversely affected.

The National Institute of Standards and Technology (NIST) https://www.nist.gov within the Department of Commerce recently released the Draft document “Security Analysis of First Responder Mobile and Wearable Devices” (Draft NISTIR 8196).

The safety of mobile devices can include various concerns that can relate to the use of telemedicine. For example, if a paramedic is at the scene of an emergency and requires extra assistance, the paramedic can use a video application to communicate with a physician for guidance.

The security concern when using video, is that the paramedic may not encrypt the video session, which may result in allowing external third parties to observe the conversation and obtain a detailed view of the paramedic’s surrounding.

In another case, if a paramedic is using the “Push-To-Talk (PTT) Telemedicine application if they are not able to establish a video session via their tablet to treat a patient, the paramedic may want to resort to communicating with the physician using PTT.

However, the security concern for PTT is that if unauthenticated users are able to access the channel, there is an increased chance of collisions on the network which could result in information loss between the paramedic and physician. This may also occur if the communication path is intentionally jammed.

A third security incident related to monitoring a patient can happen when a wearable sensor is placed on the exposed skin on each patient at the scene of a mass casualty incident. The sensor can be used to check blood pressure, heart rate, respiratory rate, blood oxygen, and then the sensor can send the vital signs to a laptop via Wi-Fi.

Also, security concerns can exist for sensors transmitting data to a laptop, since the information needs to be protected if the patient is sent to a hospital. If the data from the sensor is spoofed or modified, the medical professional observing the readings may perform a wrong or unnecessary medical treatment or fail to provide treatment when it is needed.

Go to https://nvipubs.nist.gov/nistpubs/ir/2018/NIST.IR.8196-draft.pdf to view the report.