top of page
Search

How 9-1-1 Cybersecurity Protects National Security

  • 2 days ago
  • 7 min read

Public safety professionals are among the most important and underrecognized defenders in any community. Every day, 9-1-1 personnel help save lives, coordinate emergency response, and serve as the connective tissue between a crisis and the help that follows. That mission has always been critical. Today, it is also inseparable from cybersecurity and, by extension, national security.


That may sound like a dramatic claim at first. It is not. In the modern threat environment, the systems that support emergency communications are no longer just local public safety infrastructure. They are part of the national fabric of resilience. When they are targeted, the consequences can extend far beyond a single jurisdiction.


Chris Triolo, one of the early leading voices in modern cybersecurity, once said, “Hackers only need to get it right once, and we need to get it right every time.” That principle captures the challenge facing 9-1-1 centers today. If an attacker fails, they move on. If a Public Safety Answering Point loses call capability, goes to manual operations, or has its data held hostage, the cost is measured in response delays, degraded trust, and potentially human lives.


Why This Topic Matters


At OTM Cyber, we focus on protecting critical infrastructure, especially within public safety. Our company was founded after our principal recognized a major gap in cybersecurity support for emergency services during defense support to civil authorities exercises. That gap was real, it was dangerous, and it was largely unaddressed.


My own background includes 14 years in the U.S. Army, including service in cyber operations. One of the most relevant parts of that experience was helping build one of the military’s first Multi-Domain Task Forces, where I served as the Cyber and Electromagnetic Activities Chief. A central part of that work involved understanding how adversaries target critical infrastructure with nonlethal capabilities, not only in wartime, but in the competitive space below open conflict.


That matters here because 9-1-1 is no longer just a municipal function. It is an element of national resilience. Today, through OTM Cyber, we help protect public safety networks serving more than 30 million Americans across numerous states. That scale reinforces an important truth: attacks on emergency communications systems are not isolated technical issues. They are strategic events.


The United States Is the Primary Cyber Target


The broader threat landscape makes this even clearer. The United States remains the most targeted nation in cyberspace by a wide margin. In 2024, reported victim losses from cybercrime reached $16.6 billion, up from $12.5 billion the year before. Thousands of incidents were reported every day. Just as important, attacks are becoming more targeted and more costly, even if raw volume fluctuates.


Critical infrastructure has become an especially attractive target. Reported attacks involving critical infrastructure rose sharply in 2024, demonstrating that adversaries increasingly understand the leverage gained by disrupting essential services rather than merely stealing data. That trend should concern anyone responsible for emergency communications.


When attackers target critical infrastructure, they are not only seeking financial gain. They are often testing access, exposing weaknesses, draining resources, and undermining public confidence. In that sense, cyberattacks on 9-1-1 systems fit squarely within broader national security competition.


The National Security Connection


To understand why, it helps to look at how the concept of conflict has changed over time.

In the past, national military strategy focused primarily on conventional capabilities: transportation, logistics, intelligence, communications, and medical support. Those remain vital, but modern strategy now explicitly recognizes additional domains of warfare, including space and cyberspace. That change is more than semantic. It reflects a new reality: nations now compete continuously in the digital domain, often below the threshold of open war.

This is sometimes described as the competition continuum. States compete politically, economically, informationally, and technologically in ways designed to weaken rivals without triggering full-scale armed conflict. Cyber operations are especially attractive in this space because they are relatively inexpensive, scalable, deniable, and capable of producing meaningful disruption.


Adversaries do not always need to launch missiles or move troops to create strategic effects. They can impose cost and erode confidence by targeting the systems people rely on most. If a 9-1-1 center loses CAD, shifts to cards, or must activate contingency operations, there is an immediate operational cost. If the public begins to doubt whether emergency services will work when needed most, there is also a political and psychological cost.


That is why attacks on emergency communications matter at the national level. They affect trust, continuity, and the perceived reliability of government services. In modern competition, those are meaningful strategic effects.


Why 9-1-1 Is Increasingly Vulnerable


Next Generation 9-1-1 has brought major advantages. It enables richer data exchange, greater interoperability, and more flexible communications. There is no realistic path backward to older analog systems, nor should there be. But modernization has also introduced more complexity, more interdependence, and more attack surface.


Most people think of 9-1-1 as a call taker and a phone line. In reality, modern emergency communications depend on radio systems, broadband and data infrastructure, alerting systems, automation, vendor-managed platforms, governance processes, compliance frameworks, training pipelines, and increasingly cloud-connected applications. Cybersecurity must exist throughout that entire ecosystem.


Threats now reach well beyond traditional desktops and servers. Malicious payloads can be delivered through text, video, or image files. Wearable medical devices and building alarm systems often include internet-connected interfaces. Vehicle-based computer systems used by public safety personnel can also become targets. Each new integration can improve service delivery while also creating a new avenue for compromise if security is not built in from the start.


Policy is evolving to respond to this, but it often trails implementation. Frameworks such as those from NIST provide strong guidance, though they can be difficult for smaller or resource-constrained agencies to fully adopt. CJIS requirements and broader expectations around continuous monitoring are pushing the field in the right direction, but the threat is moving quickly, and many organizations are still catching up.


Real-World Consequences


This is not theoretical.


In recent years, cyber incidents have disrupted police networks, emergency communications systems, and dispatch operations. Some agencies have been forced into manual dispatch methods after ransomware or malware events. Others have experienced prolonged downtime after compromises originating in adjacent or interconnected networks.


That operational degradation is not trivial. In emergency response, seconds matter. If a cardiac event, fire, or violent incident is delayed because a center has shifted from efficient digital workflows to degraded manual procedures, the consequence is not just inconvenience. It is risk to life.


The issue is often compounded by interconnectedness. Many attacks do not begin directly inside the dispatch environment itself. They often originate through related agencies, vendors, shared infrastructure, or insufficiently secured third-party pathways. This means a center can do many things right internally and still remain vulnerable if the broader ecosystem around it is not held to comparable standards.


What 9-1-1 Leaders Can Do Now


The good news is that not every improvement requires a major procurement or years-long transformation effort. Some practical steps can be taken immediately.


Strong policy is one of them. Organizations need clear, enforceable cybersecurity policies covering acceptable use, data handling, breach response, and escalation procedures. Training is another. Personnel at every level should understand common threats such as phishing, weak passwords, social engineering, and the importance of updates and reporting.


Culture matters just as much as controls. Organizations should encourage early reporting of suspected security incidents without creating a climate where employees hide mistakes out of fear. If someone clicks something malicious, the worst outcome is exacerbated by a delay in reporting it.


Risk management must also be grounded in the real operating environment. Leaders should work closely with IT staff, cybersecurity partners, and vendors to understand where the organization is most exposed and where limited resources will have the greatest defensive effect. Vendor scrutiny is especially important, because many compromises enter through third-party relationships rather than direct attacks on the agency.


Leadership by example is decisive here. When directors and managers treat cybersecurity as an operational priority rather than a technical side issue, that posture spreads through the organization. Cybersecurity is not an IT problem. It is an everyone problem.


What Requires Long-Term Investment


Some improvements do require more time, funding, and structural commitment.

Adequate budget and staffing are essential. Cybersecurity should be viewed not as overhead, but as a component of life safety and organizational resilience. The financial case also matters. The cost of a serious cyber incident can far exceed the cost of prevention, monitoring, and recovery planning.


Organizations also need access to qualified expertise. Even where internal IT support is strong, many agencies still lack true 24/7 monitoring, active threat hunting, and specialized incident response capability. Those functions matter because attackers do not restrict themselves to business hours, and effective defense depends on speed of detection as much as strength of prevention.


Technology choices matter too. Agencies should prioritize solutions that are secure by design rather than tools that arrive with major security gaps for the customer to close later. Secure-by-design thinking shifts responsibility back toward vendors and reduces the burden on already strained public sector teams.


The long-term payoff is substantial: faster detection, more accurate response, less downtime, stronger deterrence against opportunistic attackers, and lower operational and reputational cost when incidents do occur.


The Strategic Bottom Line


Any organization can become a cyber target. But when a 9-1-1 center is targeted, the implications are uniquely serious because emergency communications sit at the intersection of public trust, crisis response, and critical infrastructure. That is why 9-1-1 cybersecurity is not merely a technical discussion. It is a national security issue.


When emergency communications remain resilient, the public retains confidence in the institutions designed to protect them. When those systems fail under cyber pressure, the damage reaches beyond one center or one county. It affects confidence, continuity, and the nation’s broader ability to withstand disruption.


Protecting 9-1-1 means protecting the systems people rely on in the worst moments of their lives. It also means denying adversaries an opportunity to impose cost, create confusion, and erode faith in those essential services.


In that sense, cybersecurity in 9-1-1 does more than protect networks. It protects lives, communities, and national resilience itself.

 

Sources


 
 
 
bottom of page