In today’s hyper-connected world, cyber threats are no longer limited to corporations and financial institutions. Public safety agencies — especially 9-1-1 emergency services — are increasingly becoming high-value targets for cyber criminals. As these systems grow more reliant on digital infrastructure, the risk of cyber-attacks disrupting emergency response grows exponentially. At TUSA Consulting Services, we recognize that ensuring cyber resilience is now as essential as any physical safeguard in the world of emergency communications.

Why Cybersecurity Matters in 9-1-1

9-1-1 Centers/PSAP’s are critical lifelines for communities. When seconds count, any disruption to these services — whether from ransomware, phishing, or system breaches — can mean the difference between life and death. Unlike most industries, downtime in public safety communications is simply not an option.

As the industry transitions to Next Generation 9-1-1 (NG9-1-1), integrating IP-based networks and sharing data such as video, text, and images, the attack surface widens dramatically. With each new point of connectivity comes a new potential vulnerability.

Cyber Threats & Attacks on U.S. Emergency Services (2020–2025)

2020

  • June 2020 – Florence, Alabama
    Type: Ransomware (DoppelPaymer)
    Impact: City systems, including emergency services and police dispatch, were compromised. Attackers demanded nearly $300,000.

2021

  • March 2021 – Breach at Verkada Inc.
    Type: Security camera hack (3rd-party vendor)
    Impact: Hackers accessed live feeds from 150,000 security cameras in facilities, including police stations and emergency operations centers.

 

  • June 2021 – JBS and Colonial Pipeline Incidents
    Note: Though not directly impacting 911 centers, these major ransomware events prompted DHS to issue new guidance to critical infrastructure sectors, including emergency communications.
  • Late 2021 – Multiple Statewide PSAP Vulnerabilities Identified
    Type: Penetration testing and audit reports revealed that outdated software and unpatched systems in several state PSAPs could be exploited. Some states began upgrading systems and segmenting networks.

2022

  • January 2022 – Bernalillo County, NM
    Type: Ransomware
    Impact: County government was paralyzed, and jail and emergency communications systems were affected, forcing use of backup manual procedures.
  • June 2022 – Somerset County, NJ
    Type: Ransomware
    Impact: County offices, including emergency dispatch and communication systems, were shut down. Dispatchers used radios and backup systems for 911 operations.

2023

  • February 2023 – Oakland, CA
    Type: Ransomware
    Impact: City IT systems compromised, disrupting internal communications and some police services. Emergency dispatch was maintained but faced with delays and rerouting.
  • August 2023 – Prince George’s County, MD
    Type: Network outage (suspected cyber component)
    Impact: Temporary 911 service disruption. While officials did not confirm ransomware, cybersecurity teams were called in to assess.

2024

  • March 2024 – Durham County, NC
    Type: Cyberattack (unspecified)
    Impact: Emergency systems were temporarily switched to backup protocols. Investigation pointed to foreign-origin phishing tactics.
  • September 2024 – Multi-State 911 Routing Service Interruption
    Type: Supplier-side cyber incident
    Impact: Affecting states like Nebraska, South Dakota, and Texas. Some 911 calls were not routed correctly. It raised red flags over third-party NG911 system providers.

2025 (To Date)

  • February 2025 – Indiana 911 Centers
    Type: DDoS attack (under investigation)
    Impact: Reports of intermittent failures in emergency call routing. No data breach but caused concern over vulnerability of NG911 IP-based infrastructure.
  • May 2025 – Ongoing FBI & CISA Alert
    Issued: Joint advisory warns of increased targeting of public safety answering points (PSAPs) using ransomware-as-a-service (RaaS) models and social engineering tactics aimed at 911 system vendors.

Trends & Takeaways

  • Increasing attacks on third-party vendors supporting 911 systems (e.g., cloud providers, call-routing services).
  • Transition to Next Generation 911 (NG911) infrastructure has introduced IP-based vulnerabilities.
  • Most PSAPs now have contingency plans and use radio/analog fallbacks, but gaps remain.
  • Growing coordination between CISA, DHS, and local governments on threat assessments and cyber drills.

TUSA’s Role in Supporting Cyber Preparedness

At TUSA Consulting Services, our mission is to help public safety agencies navigate the complexities of emergency communications — including the growing cyber threat landscape. Because TUSA remains vendor-agnostic, our recommendations are always in your best interest, rooted in technical objectivity and practical experience.

Cybersecurity is no longer a luxury — it is an operational imperative. Agencies must be as prepared for digital attacks as they are for natural disasters or criminal threats. By fostering a culture of cyber awareness and investing in resilient infrastructure, 9-1-1 services can continue to serve the public safely and effectively in a rapidly evolving risk environment.

5 Best Practices to Protect 9-1-1 Centers Against Cybersecurity Threats

To help public safety agencies strengthen their cyber resilience, TUSA Consulting Services recommends the following five best practices:

  1. Strengthen Network Defenses
  • Implement firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
  • Use Virtual Private Networks (VPNs) for secure remote access.
  • Monitor network traffic for anomalies in real-time.
  1. Conduct Regular Security Audits and Penetration Testing
  • Perform internal and third-party audits to identify and close security gaps.
  • Simulate cyber-attacks through controlled penetration tests to assess preparedness.
  1. Keep Software and Firmware Up to Date
  • Establish a schedule for regular updates and patching operating systems, CAD/RMS software, radio consoles, and NG9-1-1 systems.
  • Include vendor-managed platforms in your update lifecycle planning.
  1. Train Dispatchers and Support Staff
  • Provide ongoing cybersecurity training that covers phishing, ransomware, social engineering, and safe data handling.
  • Include tabletop exercises that simulate cyber incidents in your continuity of operations (COOP) planning.
  1. Plan and Practice Incident Response
  • Create a cyber incident response plan that includes communication protocols, system recovery steps, and contact information for IT and leadership.
  • Practice the plan through regular drills and update it as technologies and threats evolve.

TUSA is a veteran-owned independent consultant providing professional services to Public Safety. TUSA does not sell, provide, or represent any equipment or managed services that could deter our professional opinion towards anything other than a vendor agnostic solution to support the customer identified needs.