NIST Releases Draft Report for First Responder Mobile Devices

The National Institute of Standards and Technology (NIST) on Monday released NISTIR 8196, its draft report on the cybersecurity of mobile devices and wearables for first responders, and is seeking comment on the draft until January 7.

With the Nationwide Public Safety Broadband Network–under the jurisdiction of FirstNet–going nationwide and expanding its network, NIST’s goal is to set guidelines to prevent cyberattacks against phones, tablets, wearables, and other mobile devices.

“Public safety has unique needs regarding the security of their mobile devices and wearable technology,” the draft guidance notes. “Public safety also handles more sensitive data (e.g., patient information, law enforcement data) than the typical commercial user. The overarching goal of this work is to identify security objectives for public safety mobile and wearable devices, enabling jurisdictions to more easily select and purchase secure devices and device manufacturers to design and develop them,” the draft document states.

The guidance describes use cases and potential risks for mobile information collection and sharing, shared equipment usage with multiple users, bring-your-own-device policies, and mobile applications, among other concerns. The study also includes examples of past cybersecurity threats to public safety databases, from ransomware to denial of service attacks.

Under NIST’s draft study, the guidance breaks down these examples by the category of threat, threat source, severity to EMS, fire department, law enforcement, and the likelihood of the threat.

The study identified eight main security objectives for first responder mobile devices:

  • Availability
  • Confidentiality
  • Ease of Management
  • Authentication
  • Interoperability
  • Integrity
  • Isolation
  • Healthy Ecosystem

“The results of this study support the notion that mobile devices, tablets, and wearables used by public safety have a very strong need for availability. Yet a more nuanced view is necessary, as confidentiality and integrity must also be thoroughly evaluated within each public safety discipline,” the document states.

Recent