SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC) recently released a white paper, Link Layer Authentication and Link Layer Encryption: Are You Really Secure?
The white paper explains these two security features – Link Layer Authentication (LLA) and Link Layer Encryption (LLE) – and their role in securing land mobile radios (LMRs) that adhere to the Project 25 (P25) Standards. The paper explains the impact of LLA and LLE on securing public safety communications and provides a case study demonstrating why these features should be used to provide additional LMR system safeguards.
Project 25 (P25) standards are used by manufacturers to ensure that their LMR equipment can interoperate with equipment produced by other manufacturers. Most P25 radio systems come with built-in safeguards, but the availability of software key generators and other attack vectors used by threat actors means that new P25 features are needed to maintain P25 communications security.
Over the past few years, Link Layer Security (LLS) features such as Link Layer Authentication (LLA) and Link Layer Encryption (LLE) have received increased attention from manufacturers and users looking to improve communications security.
- LLA ensures that only authorized radios with the appropriate radio unit identification (ID) and matching authentication keys can register on the P25 system.
- LLE is a feature that encrypts air interface messages on both trunked and conventional P25 systems. These messages contain important identity and signaling information related to user IDs, talkgroups, and supplementary data services.
While both LLA and LLE sound similar and improve P25 security, they serve different purposes and are in different stages of development and adoption. First included in the P25 Standards in 2005, LLA is available from most radio manufacturers and some infrastructure manufacturers. However, this function has seen limited adoption to date. LLE, on the other hand, is still under standards development and not available on any P25 systems today.
For questions about the LLA and LLE: Are You Really Secure? whitepaper, please contact SAFECOMGovernance@cisa.dhs.gov or visit cisa.gov/safecom/p25 for additional P25 resources.
(Source: CISA)
The National Risk Index shows the communities most at risk to 18 natural hazards. FEMA officially launched the National Risk Index in August 2021. Since then, it has become a key tool to helping communities better learn and reduce their risk. It can support mitigation planning, community preparedness and emergency management.
In late March, the Federal Emergency Management Agency (FEMA) will release major updates to the National Risk Index. Updates will include Census 2020 data and geographies, risk assessment for U.S. territories, Centers for Disease Control and Prevention (CDC) Social Vulnerability data, shifting all scores to percentiles, adding risk metrics for trend analyses and more.
FEMA is hosting a webinar before the release on March 20 at 12 p.m. EDT. The webinar will preview the updates and review any impacts to the data services. Registration is required on Zoom and login information will be emailed after you register. An open Question and Answer Session will follow the presentation.
This webinar is for those who use the National Risk Index data and reporting or have integrated the application’s data, GIS services or information into any tools or applications. This may include emergency managers, planners, GIS developers, community stakeholders, state, local and federal agencies, commercial organizations and more.
Register for the March 20 webinar via FEMA’s Zoom page for the event.
(Source: FEMA)
CISA will host a webinar on its Power of Hello and De-escalation Program on Tuesday, April 11, 2023, at 1 p.m. EDT.
CISA leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. CISA provides access to a multitude of capabilities that can enhance security posture in a cost-effective and informed manner. To augment security beyond traditional protective measures, organizations can enable their security and non-security personnel to reduce risk through non-confrontational techniques.
This presentation will discuss CISA’s Power of Hello and De-escalation Program. These resources empower employees to identify suspicious activity, navigate the threat of potentially escalating behavior, and take measures to stabilize or de-escalate the encounter. The presentation will also discuss how to report the situation to an organization’s multi-disciplinary threat management team or directly to local law enforcement.
This webinar is part of CISA’s Emergency Services Sector (ESS) Resilience Development Webinar Series, a quarterly webinar series facilitated by CISA’s Emergency Services Sector Management Team that focuses on topics of interest to ESS stakeholders. The target audience for this webinar series is homeland security, public safety, emergency management, and emergency response personnel.
No advanced registration is required to join this webinar. Save the date and go to CISA’s Homeland Security Information Network (HSIN) Connect Room for this webinar at the scheduled time to join: https://share.dhs.gov/powerofhello/. A HSIN account is not required to join; participants may enter the room as a guest.
For more information or to seek additional help, contact the Emergency Services Sector Management Team at EmergencyServicesSector@cisa.dhs.gov.
(Source: CISA)
|