Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Public Safety Mobile Application Security

Summary

The establishment of a nationwide public safety broadband network will equip public safety practitioners with access to more data and resources than ever before. Some of these new resources will take the form of mobile applications running on Long Term Evolution (LTE) devices. These applications will have unique security requirements, which will set them apart from commercial mobile applications. In order to leverage the fast-paced and innovative mobile application developer ecosystem, the Public Safety Communications Research (PSCR) program is conducting research into identifying and enumerating these security requirements. These requirements can be provided to both application developers for consideration during application design and public safety officials when selecting applications for deployment.

Description

Responsible Network Usage pscr

Describing responsible network usage

The nationwide public safety broadband network will provide first responders with modern access to data. This new access to multimedia (audio/video), situational awareness data, and operations functionality will enhance first responder’s effectiveness and efficiency. While mobile applications can offer critical capabilities, verification of the security posture of the applications is a necessity. Analysis from the IT security industry shows that attacks on mobile devices will increase dramatically over the next decade and that mobile applications will be a primary attack vector. Furthermore, without prior knowledge of public safety domain specific requirements, application developers may unintentionally introduce malicious behavior into the public safety network.

AN INNOVATIVE APPROACH

PSCR’s strategy concerning public safety mobile application security utilizes the following three-pronged approach:

  • Directly engaging with public safety practitioners – PSCR has engaged first responders in multiple workshops to elicit domain specific security requirements for public safety applications. These continuing efforts focus around the topics of battery life, network throughput, identity management, location services, data protection, mobile application vetting, and identifying public safety specific mobile application data types.
  • Leverage NIST’s background in static and dynamic software analysis – NIST’s Information Technology Lab (ITL) has extensive knowledge in the methods and effectiveness of evaluating software for quality. This knowledge includes both techniques for determining quality as well as identifying industry players who specialize in evaluating software. PSCR is collaborating with the NIST ITL to determine how to apply software analysis to the public safety domain.
  • Evaluating established federal and enterprise techniques for mobile application security – There are multiple efforts within the federal government to codify a stance on mobile application security. PSCR is evaluating these efforts to determine their applicability to public safety.

VALUE TO PUBLIC SAFETY

PSCR is providing the public safety community with methods to ensure mobile applications operate in a secure manner. By engaging public safety officials, federal partners, and mobile application developers, the public safety community stands to maximize these benefits.

Identifying Public Safety Datatypes
Identifying public safety datatypes

Analyzing data type’s effects on security pscr
Analyzing data type’s effects on security

Created August 17, 2016, Updated July 13, 2017