The nationwide public safety broadband network will provide first responders with modern access to data. This new access to multimedia (audio/video), situational awareness data, and operations functionality will enhance first responder’s effectiveness and efficiency. While mobile applications can offer critical capabilities, verification of the security posture of the applications is a necessity. Analysis from the IT security industry shows that attacks on mobile devices will increase dramatically over the next decade and that mobile applications will be a primary attack vector. Furthermore, without prior knowledge of public safety domain specific requirements, application developers may unintentionally introduce malicious behavior into the public safety network.
AN INNOVATIVE APPROACH
PSCR’s strategy concerning public safety mobile application security utilizes the following three-pronged approach:
- Directly engaging with public safety practitioners – PSCR has engaged first responders in multiple workshops to elicit domain specific security requirements for public safety applications. These continuing efforts focus around the topics of battery life, network throughput, identity management, location services, data protection, mobile application vetting, and identifying public safety specific mobile application data types.
- Leverage NIST’s background in static and dynamic software analysis – NIST’s Information Technology Lab (ITL) has extensive knowledge in the methods and effectiveness of evaluating software for quality. This knowledge includes both techniques for determining quality as well as identifying industry players who specialize in evaluating software. PSCR is collaborating with the NIST ITL to determine how to apply software analysis to the public safety domain.
- Evaluating established federal and enterprise techniques for mobile application security – There are multiple efforts within the federal government to codify a stance on mobile application security. PSCR is evaluating these efforts to determine their applicability to public safety.
VALUE TO PUBLIC SAFETY
PSCR is providing the public safety community with methods to ensure mobile applications operate in a secure manner. By engaging public safety officials, federal partners, and mobile application developers, the public safety community stands to maximize these benefits.