Riley County System Outage

[Fireattack484]

Riley County emergency responders using backup radios due to cybersecurity incident

On Monday morning, Riley County’s P25 public safety agency lost radio communication system connection due to a cybersecurity incident.

www.wibw.com

 

[AB5ID]

That's one way to get rid of encryption.

 

[KAA951]

I am hoping that they release some more information on this so other agencies can protect themselves from this threat. This system is only a few years old and should be secure.

 

[keithb]

They have the COW trailer set up in Manhattan and running comms on the ICS talkgroups.

 

[N8WCP]

Is the Riley system Moto or Harris?

 

[KevinC]

Is the Riley system Moto or Harris?

Harris.

 

[keithb]

Harris. Everything appears to be back to normal now.

 

[mmckenna]

I am hoping that they release some more information on this so other agencies can protect themselves from this threat.

L3Harris did release an "infosec" notice that was likely related to this:

Threat Actors are using brute force activity against Virtual Private Networks (VPN) protecting public safety networks. Threat Actors with enough time, have demonstrated the ability to compromise single factor authentication systems (i.e. a username/password combination) resulting in LMR system outages.​

This system is only a few years old and should be secure.

General consensus on other radio discussion boards is that someone at the county didn't secure their part of the system well enough. Someone found a weak point and exploited it. The radio system itself isn't likely the cause. Some IT guy cutting corners or someone not setting up suitable access controls to that segment of their data network likely is.

 

[mmckenna]

demonstrated the ability to compromise single factor authentication systems (i.e. a username/password combination) resulting in LMR system outages.​

I think this tells us what we need to know right here.

"Single Factor Authentication" is not suitable for a public safety system. Dual Factor Authentication is better, but still not good enough.

There needs to be an air gap, or there needs to be some very tight controls that would prevent the outside world from ever being able to reach a public safety radio system (or 911 system, or database, or anything else PS related).

I think L3Harris did a nice job of wording that. They did't cast blame, they didn't point fingers, but their wording made it very clear to us that the owner or VAR for that system really messed up on the security side of things.

There shouldn't have been any damage to the RF systems. Likely the core server(s) got pwned and rather than paying ransom to get the data back, they are just replacing them. Hopefully someone had a good backup of the system, and the agency hired an IT Security consultant to make sure this doesn't happen again. Hopefully other agencies are looking at their own systems and making sure they are not leaving the security screen door flapping in the wind.

Makes me think about the kind of low life scum that would exploit a public safety system like that to make money. Would much rather they go after the guys with deep pockets that can afford multiple yachts, rather than the taxpayers.

 

[lenk911]

Makes me think about the kind of low life scum that would exploit a public safety system like that to make money. Would much rather they go after the guys with deep pockets that can afford multiple yachts, rather than the taxpayers.

I have a great idea for a novel. Say a new SEAL team roams the world. Visit these clandestine hackers, scammers and ransom chasers in the middle of the night. Especially life safety system hackers. Even the ones who rip-off old granny are not immune. Outcome: Not a nice experience for them--their computers vaporized. Our creative readers can fill in the plot and start typing! Can't wait to read your work.

Meanwhile until fiction and dreams become fact we need to mind our own store better!