PERSPECTIVE: Cyberattacks on Public Safety: Why EMS, Police, and Fire Services Must Treat Cybersecurity as a Life-or-Death Mission

October’s Cybersecurity Awareness Month arrives as hackers target the lifelines of public safety – dispatch systems, medical devices, and emergency response networks.

ByNitin Natarajan for Homeland Security Today.US | hstoday.us | Photo by Canva

It’s been over 30 years since I started my career in emergency medical services (EMS). In those 30 years, technology has gone from a supporting element in patient care to a core capability in all aspects of pre-hospital operations. All public safety organizations including emergency services, law enforcement, fire departments, EMS, and disaster response agencies have seen revolutionary advances in technology. Increasingly, however, these agencies find themselves facing a different kind of threat: cyberattacks.   

As technology continues to become deeply embedded in nearly every facet of public safety operations, from dispatch systems to body-worn cameras to communications networks to medical devices, the attack surface for malicious actors continues to grow. Cybersecurity is no longer a peripheral concern; it is a core mission issue. When public safety systems are disrupted, lives can be lost, communities can be thrown into chaos, and trust in government institutions can erode.  

Underpinning this issue are the changes that we are seeing in the global threat landscape, both in our adversaries as well as in our victim population.  

The Global Cybersecurity Threat Landscape  

The days of worrying about hackers sitting in their basement conducting harmless attacks are over. The cybersecurity threat landscape is vast, complex, and constantly evolving. It’s not just about nation-state actors such as China, Russia, Iran, and North Korea, but about cybercriminals and cyberterrorist organizations around the globe. For public safety organizations, this environment presents unique challenges. Attackers are no longer limited to lone hackers seeking notoriety; instead, they often consist of highly organized criminal groups, state-sponsored entities, or politically motivated activists. These groups are well funded, well equipped, and intend to do harm. Key threat actors include:  

  • Nation-States – State-sponsored cyber operations are targeting critical infrastructure, including public safety organizations, to gain political or military advantage. For example, hostile governments may attempt to disable communication networks during emergencies, sowing confusion and hampering response efforts. We have seen these types of attacks in the past and there are no indications that these types of attacks will subside in the near future. 
  • Cybercriminals – Financially motivated actors are launching ransomware attacks against municipalities and police departments, locking critical systems until a ransom is paid. We’re seeing these types of attacks against public and private sector organizations in both urban and rural America.  
  • Hacktivists – Ideologically motivated hackers are targeting public safety agencies to protest government policies or perceived injustices. Disruptions have at times coincided with social unrest or major events. 
  • Insiders – Employees or contractors with access to sensitive systems, with legitimate credentials, may intentionally or unintentionally compromise cybersecurity. These types of Insider threats are particularly difficult to detect. 

Given the scope and breadth of technology integrated into public safety systems, these large attack surfaces are vulnerable to a number of threat vectors. We’ve seen ransomware attacks against public safety and healthcare organizations, phishing and social engineering attacks, distributed denial of services (DDoS) attacks and data breaches looking to exfiltrate personal and sensitive information. Additionally, given the large dependence on third party vendors, risks to supply chain attacks are ever-present.   

The interconnected nature of modern public safety infrastructure makes these threats especially dangerous. For instance, a cyberattack on a city’s transportation system could delay ambulances, while a breach of a hospital’s systems could endanger patient care during emergencies.  

Prior Attacks  

While the changes in the adversary landscape are concerning, it’s even more concerning that we’re seeing significant changes in the victim landscape. These actors aren’t only targeting large businesses or government agencies, but small and medium sized businesses and small towns in rural America. Organizations and communities that cannot invest heavily in cybersecurity but have information or money that these actors are seeking. We’ve also seen attacks against healthcare organizations, something that has traditionally been considered off-limits, even in conventional warfare.   

Over the last several years, there have been a number of cyber attacks across the nation that have directly or indirectly impacted public safety organizations. In 2018, a major city suffered an attack that crippled municipal services and impacted law enforcement operations. In addition to losing access to historical records, law enforcement officers had to revert back to paper reports for a period of time. A similar attack occurred in another major east coast city in 2019. We have seen public safety answering points (PSAPs) attacked by a variety of methods including ransomware and DDoS attacks and in one case, prank calls initiated through malware disrupted emergency lines. During public health emergencies and natural disasters, we’ve seen attacks against public health agencies by individuals seeking confidential information on emergency operations as well as attacks against healthcare organizations with the intent of disrupting operations.   

These examples illustrate a troubling pattern: adversaries are increasingly recognizing the leverage that comes from disrupting public safety operations. The high stakes make emergency response systems prime targets for both opportunistic criminals and strategic adversaries.  

Actions That Public Safety Leaders Can Take  

While the threat landscape may sound daunting, there are actions we can take to build our resilience against cyber threats. While we will never be able to prevent all cyber attacks, embracing cybersecurity as a mission-critical responsibility will allow us to build our resilience against this threat vector. Building our systems to minimize downtime and allow for more rapid recovery will allow these essential services to continue with limited interruptions in our communities. Actions include:  

  • Conducting Risk Assessments – Public safety organizations should begin with a comprehensive risk assessment to identify vulnerabilities across systems, processes, and personnel. This includes examining dispatch centers, mobile devices used in the field, IoT sensors, and connections with external vendors. Third-party reviews are essential to fully understanding your attack surface and the delineation of cybersecurity responsibilities between your organization and vendors.
  • Investing in Cyber Hygiene Practices – Basic practices such as regular patching, strong password policies, and multi-factor authentication remain foundational. Leaders must ensure that frontline personnel understand and adhere to these protocols.
  • Building Resilience – Since cyberattacks are inevitable, agencies need to incorporate cybersecurity into their existing continuity of operations (COOP) plans. This may include more frequent backups of essential systems, offline and redundant communication capabilities, and paper-based protocols as fallback options. Routine training on these fallback options are also necessary. 
  • Implementing Incident Response Plans – Preparedness requires more than technology. Leaders should develop clear incident response plans that define roles, escalation procedures, and communication channels. Cyber incidents (both internal to your organization and external attacks in your community which may impact operations) should be integrated into existing emergency plans. These plans should be routinely exercised (both discussion based and operational exercises) and updated to reflect changes to your operations. 
  • Collaborating Across Jurisdictions – Cyber threats do not respect jurisdictional boundaries. Local, state, tribal, territorial, federal, and private sector partners must collaborate, share threat intelligence, and coordinate response activities. Inclusion of academic institutions, National Guard assets, and other organizations focused on cybersecurity can also provide additional support in both preparedness and response to a cyber incident. 
  • Securing your Supply Chain – Public safety leaders must evaluate third-party vendors to fully understand their cybersecurity posture. Contracts should include cybersecurity requirements, and agencies should monitor for compliance and vulnerabilities in critical software. 
  • Adopting Emerging Technologies Carefully – While tools like artificial intelligence, drones, and IoT sensors promise to revolutionize public safety, they also expand the attack surface. Leaders should integrate cybersecurity reviews into procurement and deployment decisions. We should be looking for the tools and capabilities that are the best security value as opposed to just the lowest bid.
  • Securing Adequate Resources – Recognizing that budgets are tight across the public safety spectrum, focusing on short and long term funding is essential to building resilience. Leveraging different funding sources, to include grants, and seeking economies of scale within your jurisdiction can allow for the development and more importantly maintenance of strong cybersecurity ecosystem. 

By embracing these measures, public safety leaders can significantly reduce risk and improve resilience against inevitable cyber threats.  

Conclusion  

Cybersecurity in public safety is no longer a theoretical concern; it is a pressing operational reality. The global threat landscape includes sophisticated adversaries capable of disrupting emergency response operations when communities are most vulnerable. We also know that some cyber actors are investing significant time and resources in prepositioning themselves on the networks of critical infrastructure owners and operators. These “living off the land” techniques allow these actors to stay hidden and dormant on your networks for days, months, or even years until activated by bad actors at a time of their choosing including when communities are facing crises.  

History demonstrates that cyberattacks on public safety and emergency response operations can cause significant harm, delay critical services and undermining trust. 

Public safety leaders cannot afford complacency.   

As the digital and physical worlds continue to merge, the stakes for cybersecurity in public safety will only rise. Protecting communities in the 21st century means not only responding to fires, crimes, and disasters but also defending against invisible cyber threats that can jeopardize the safety and security of entire populations. The path forward requires leadership, vigilance, and a commitment to making cybersecurity a core pillar of public safety. We all have a role to play in cybersecurity and we need everybody to play their role. 

About the Author

Nitin Natarajan is the owner of NN Global, LLC, an advisory firm that focuses on issues such as critical infrastructure resilience, cybersecurity, healthcare, and emergency management. He advises public and private sector entities on actions that they can take to strengthen their resilience against cyber and physical threats.

Prior to this role, he was appointed to serve as the Deputy Director for the US Cybersecurity and Infrastructure Security Agency (CISA) in February 2021 and served in that role until January 2025. At CISA he led and managed programmatic and business operations for a 3,400+ employee/$3B federal agency. He represented the agency in key domestic and international policy forums and led efforts to shape US defensive cybersecurity and critical infrastructure resilience policies and programs. He’s been called upon frequently to keynote conferences around the world on cybersecurity, critical infrastructure resilience, and healthcare topics.

Prior to CISA he served as an executive with consulting firms in the US, providing subject matter expertise on a variety of topics, including cybersecurity, homeland and national security, critical infrastructure protection, environmental emergency management, continuity of operations, and health security matters.

Natarajan also held a number of federal government roles to include Deputy Assistant Administrator at the U.S. Environmental Protection Agency, the Director of Critical Infrastructure Policy at the White House/National Security Council, and as a Director at the U.S. Health and Human Services overseeing various healthcare and public health programs.

Prior to serving in the federal government, Natarajan served in positions at the state/local government level and served as a hospital administrator in New York.

At the beginning of his career, Natarajan spent 13 years as a first responder in New York, which included service as a flight paramedic. He was the Commander of a federal medical response team, based in New York, and has extensive experience deploying to natural and man-made disasters throughout the nation.

He holds an undergraduate degree from the State University of New York and a graduate degree from the United States Naval Postgraduate School.