Mobile Communications For Public Safety
Mobile Communications For Public Safety
Author: Fernando Castillo, General Manager, Mexico, Bittium
Blog post also in Spanish:Comunicaciones móviles para seguridad pública
Introduction
The ease with which we communicate in these times is amazing. It´s hard to imagine that the speed to send text messages, voice clips and files, or make calls or video calls could be more efficient. Basically it is enough to have a Smartphone, an application and a cellular network with a data plan or Wi-Fi available.
Using communications apps is an almost inherent part of having a Smartphone, and that is why it has invaded the personal and professional spheres without evident differences. Everything was too quick and easy: we exchange photos, files, links to websites or our location, not stopping to think about the value that this data may have for an attacker.
The Challenges For Public Safety Communications
In the professional environment, and especially in public security, the technological adoption of commercial off-the-shelf devices, and applications such as WhatsApp, Telegram and others, happened without an analysis of the risks to the security of the information of the users and their corporations.
This writer has heard several cases from people working on public safety areas in the Latin American region and thus, gathered concerning examples:
• Some use cheap business phones to equip field officers or expensive but unsafe ones, for middle and high ranking officers
• Some send information on security operations (location, files of persons of interest, etc.), through free and unsecure applications
• Some lend their work phones to their children to download games without verifying the permissions they have to give to the applications, others
• Use social networks without any type of control, and others
• Do all the above mentioned…
The results can be potentially harmful and diverse: from leaking confidential information, theft of data, installation of undetected spying malware, or even attacks on the agency´s infrastructure using phones as Trojan horses. How can this problem be addressed?
Part of the problem is ignorance. As mentioned before, the technological adoption of Smartphones in the field of public security was so fast, that there was no parallel education about risks in mobile security, permeating all levels of users in police law enforcement corporations.
The result has been the deployment of commercial devices without a minimum of security, as well as the use of applications of massive usage without control of the organizations. In this sense, the most difficult challenge is learning to identify, assimilate and disseminate the most common risks within security agencies: malware, device cloning, use of unsecure applications, etc., and then choose and implement the most suitable solutions to create a safe ecosystem.
Assertive Diagnose
The diagnostic phase is essential and naturally should lead to basic questions:
1. What kind of phones are in use and how much out-of-the-box security offers to end users and their corporations?
2. Do these phones have tamper detection mechanisms; secure boot, disk encryption, privacy and emergency buttons
3. What applications are used on these phones and how much control does the organization have over them?
4. What application is used to exchange sensitive information (operating instructions, location, videos or photos), or to make calls and video calls?
5. Who developed that application and who controls the server?
6. What geographic control do you have of the fleet of telephones deployed?
7. Can the user´s phones be profiled based on different privileges (use of cameras, Bluetooth, data transfer via USB, location, receiving or sending SMS, MMS and even cell phone calls?
8. How is data traffic protected between the organization’s phones?
One of the most important consequences of the analysis should be the recognition of the need for secure mobile communications, integrating the commanders of the police corporations as well as the officers deployed in the field under the same solution. In other words, if field users are asked to adopt certain technologies, and use specific policies, so must the middle and upper layers of command.
Bittium’s Secure Communications Solution
In this sense, Bittium has been able to assertively answer the questions previously posed, with a Hardware + Software solution developed in Finland, without backdoors and installed on-premise where customers requires it.
Bittium offers the secure Tough Mobile and Tough Mobile 2 Smartphones with various security controls to act as a first line of defense against attacks, checking the integrity of their components and firmware during each boot, detecting physical manipulation attempts that activate contingency processes, or allowing to encrypt expandable memory cards.
The phones may or may not have Google Mobile Services (Youtube, Chrome, Gail, etc.) from the factory, or even have two totally independent operating systems to increase their security and separating professional and profiles in the same phone. These devices also have a robust design to be operated in harsh conditions while giving users the assurance of a secure supply chain for greater reliability.
The security of Bittium Smartphones is reinforced with an administration tool called Secure Suite, allowing corporations to design the parameters of use of the entire fleet, controlling the use of applications and updates, and even manage events based on the location of the equipment, using a mobile Virtual Private Network (VPN) with a sophisticated encryption. All under control of the organization, not of third parties.
Finally, the Bittium solution enrolls its own application called Secure Call, with independent encryption to make IP calls and send messages and attachments, using cellular networks or WiFi without risk of interception or leaks, all installed where the clients require it, that is, in their own data center infrastructure or in the cloud if they wish.
Conclusion
No diagnose is useful if the key windows of opportunity are not properly addressed. Once the corporations understand this is easier to put all efforts in adopting and deploy tailor-made solutions. In other words, public security organizations need to be aware of the risks they face, but also know that there are options that can fit their specific secure communications needs. The tools are at hand and it is time for them to be implemented if the confidentiality of official communications is really to be strengthened.
Fernando Castillo, General Manager, Mexico, Bittium
Fernando joined Bittium in 2017 and ever since, he has led one of Bittium’s strategic projects for Mexico using his management skills to develop strong relationships with key stakeholders. He is also responsible of promoting Bittium’s products and services in the Latin-American region.