ASSOCIATE Magazine FBINAA Q4-2024

SECURING THE FUTURE OF LAW ENFORCEMENT: BALANCING ADVANCED TECH WITH ROBUST CYBERSECURITY

FBINAA.ORG | Q4 2024

SEAN GEORGIA, PROSERVICES ACCOUNT MANAGER, PANASONIC CONNECT MAJOR (RET.), PENNSYLVANIA STATE POLICE, NA SESSION 265

Effective law enforcement relies on human ingenuity supported by advanced technology. The latest rugged, mobile solutions help to streamline operations, allowing troopers, officers, deputies, and administrative staff to focus more on mission critical duties and less on routine paperwork. From digital evidence management systems to predictive analytics, digital tools enhance operational efficiency and real-time decision-making, leading to more efficient policing. However, with increased technology adoption comes the need for agency leadership to enhance cybersecurity resilience and risk mitigation practices. C ybersecurity threats are escalating at an alarming rate. Ac cording to the Center for Internet Security, malware attacks surged by 148 percent between 2022 and 2023. Data breaches have also skyrocketed, with a 72 percent increase since 2021. For law enforcement agencies, the stakes are high due to the sensitive nature of the data they manage. Every breach not only has the potential to compromise critical information but also poses significant risks to investigative integrity and public trust. Computing devices (or any mobile endpoint), which are integral to effective law enforcement operations, are also vulnerable to these attacks. Operational technology has been a necessary evolution for law enforcement. Agency leadership is responsible in ensuring the evolution has been THE RISING TIDE OF SECURITY BREACHES

deployed wisely, with the correct governance, and with the right technology partners. The potential damage from breaches targeting these devices can be severe. Potential impacts include the exposure of protected criminal justice information, sensitive victim considerations, and the loss of operational intelligence necessary to secure our communities. To avoid or prevent falling prey to the rising number of cyberattacks, law enforcement agencies need to invest in both trusted, reliable, and rugged mobile devices alongside robust security measures for their entire technology suite. This is not just about compliance; it is about safeguarding the integrity of law enforcement operations and maintaining public trust. Implementing comprehensive cybersecurity strategies that secure hardware, software, and firmware is essential for protecting against the ever-evolving threat landscape. COMPLIANCE WITH EVOLVING INDUSTRY REQUIREMENTS To respond to rising cybersecurity threats, the criminal justice community needs to comply with industry standards and best practices when implementing innovative technology. This is non-negotiable. Alignment ensures that these technologies integrate with existing and evolving security protocols, facilitating a secure and efficient continuation of agency mission critical operations. It is important that public sector agencies keep these requirements in mind when looking at hardware, accessories, software, servers and networks. Working with vendors that are current with shifting standards and can articulate a secure digital landscape should always be considered by decision makers when making operational technology procurement decisions. Cybersecurity for operational technology is not a one-time flick of a switch – it is a constant balance of technology and compliance to deliver the best outcomes which goes beyond the initial deployment of a solution. The Federal Bureau of Investigation (FBI)’s Criminal Justice Information Services (CJIS) Division manages numerous critical systems and information for use by both criminal justice and non-criminal justice agencies nationwide. Adhering to the CJIS Security Policy (CJISSECPOL) is not just a regulatory requirement but a fundamental aspect of risk management. The scope of the CJISSECPOL stresses these requirements are only a baseline standard by stating, “The CJIS Security Policy provides the minimum-security requirements associated with the creation, viewing, modification, transmission, dissemination, storage, or

continued on page 30

13