Law Enforcement & Public Safety

The Viking Cop has served in a law enforcement capacity with multiple organizations within the U.S. Executive Branch. He can be found on Twitter @TheVikingCop. The views reflected are his own and do not represent the opinion of any government entities. Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.

National Security Situation: Cyber vulnerabilities in regional-level Law Enforcement and Public Safety (LE/PS) communication networks which could be exploited by violent extremists in support of a physical attack.

Date Originally Written: April 15, 2017.

Date Originally Published: May 22, 2017.

Author and / or Article Point of View: Author is a graduate of both University and Federal LE/PS training. Author has two years of sworn and unsworn law enforcement experience. Author had been a licensed amateur radio operator and builder for eleven years.

Background: Currently LE/PS agencies in the U.S. operate on communication networks designed on the Association of Public-Safety Communications Officials, Project 25 (P25) standard established in 1995[1]. European and East Asian Countries operate on a similar network standard known as the Terrestrial Trunked Radio.

The push on a federal level for widespread implementation of the P25 standard across all U.S. emergency services was prompted by failures of communication during critical incidents such as the September 11th attacks, Columbine Massacre, and the Oklahoma City bombing[2]. Prior to the P25 implementation, different LE/PS organizations had been operating on different bands, frequencies, and equipment that prevented them from directly communicating to each other.

During P25 implementation many agencies, in an effort to offset cost and take advantage of the interoperability concept, established Regional Communication Centers (RCC) such as the Consolidated Communication Bureau in Maine, the Grand Junction Regional Communications Center in Colorado, and South Sound 911 in Washington. These RCCs have consolidated dispatching for all LE/PS activities thus providing the ability of smaller jurisdictions to better work together handling daily calls for service.

Significance: During a critical incident the rapid, clear, and secure flow of communications between responding personnel is essential. The ability of responding LE/PS organizations is greatly enhanced by the P25 standard where unified networks can be quickly established due to operating on the same band and the flow of information can avoid bottle necks.

Issues begin to arise as violent extremist groups, such as the Islamic State of Iraq and Syria (ISIS), have been attempting to recruit more technically minded members that will be able to increase the group’s ability to plan and conduct cyber operations as a direct attack or in support of a physical attack[3]. Electronic security researchers have also found various security flaws in the P25 standard’s method of framing transmission data that prove it is vulnerable to practical attacks such as high-energy denial of service attacks and low-energy selective jamming attacks[4][5].

This article focuses on a style of attack known as Selective Jamming, in which an attacker would be able to use one or more low-power, inexpensive, and portable transceivers to specifically target encrypted communications in a manner that would not affect transmissions that are made in the clear (unencrypted). Such an attack would be difficult to detect because of other flaws in the P25 standard and the attacks would last no more than a few hundredths of a second each [4].

If a series of Selective Jamming transceivers were activated shortly before a physical attack responding units, especially tactical units, would have minutes to make a decision on how to run communications.

Option #1: Push all radio traffic into the clear to overcome a possible selective jamming attack. This option would require all responding units to disable the encryption function on their radios or switch over to an unencrypted channel to continue to effectively communicate during the response phase.

Risk: The purpose of encrypted communications in LE/PS is to prevent a perpetrator from listening to the tactical decisions and deployment of responders. If a perpetrator has developed and implemented the capability to selectively jam communications they will likely have the ability and equipment to monitor radio traffic once it is in the clear. This option would give the perpetrator of an attack a major advantage on knowing the response to the attack. The hesitancy to operate in the clear by undercover teams was noted as a major safety risk in the after action report of the 2015 San Bernardino Shooting[6].

Gain: LE/PS agencies responding to an incident would be able to continue to use their regular equipment and protocols without having to deploy an alternative system. This would give responders the most speed in attempting to stop the attack with the known loss of operational security. There would also be zero equipment costs above normal operation as P25 series radios are all capable of operating in the clear.

Option #2: Develop and stage a secondary communications system for responding agencies or tactical teams to implement once a selective jamming attack is suspected to be occurring.

Risk: Major cost and planning would have to be implemented to have a secondary system that is jamming-resistant that could be deployed rapidly by responding agencies. This cost factor could prompt agencies to only equip tactical teams with a separate system such as push-to-talk cellphones or radio systems with different communications standards than P25. Any LE/PS unit that does not have access to the secondary system will experience a near-communications blackout outside communications made in the clear.

Gain: Responding units or tactical teams, once a possible selective jamming attack was recognized, would be able to maintain operational security by switching to a secure method of communications. This would disrupt the advantage that the perpetrator was attempting to gain by disrupting and/or monitoring radio traffic.

Other Comments: Both options would require significant additional training for LE/PS personnel to recognize the signs of a Selective Jamming attack and respond as appropriate.

Recommendation: None.

Endnotes:

[1] Horden, N. (2015). P25 History. Retrieved from Project 25 Technology Interest Group: http://www.project25.org/index.php/technology/p25-history

[2] National Task Force on Interoperability. (2005). Why Can’t We Talk. Washington D.C.: National Institute of Justice.

[3] Nussbaum, B. (2015). Thinking About ISIS And Its Cyber Capabilities: Somewhere Between Blue Skies and Falling One. Retrieved from The Center for Internet and Society: http://cyberlaw.stanford.edu/blog/2015/11/thinking-about-isis-and-its-cyber-capabilities-somewhere-between-blue-skies-and-falling

[4] Clark, S., Metzger, P., Wasserman, Z., Xu, K., & Blaze, M. (2010). Security Weaknesses in the APCO Project 25 Two-Way Radio System. University of Pennsylvania Department of Computer & Information Science.

[5] Glass, S., Muthukkumarasamy, V., Portmann, M., & Robert, M. (2011). Insecurity in Public-Safety Communications:. Brisbane: NICTA.

[6] Braziel, R., Straub, F., Watson, G., & Hoops, R. (2016). Bringing Calm to Chaos: A Critical Incident Review of the San Bernardino Public Safety Response to the December 2, 2015, Terrorist Shooting Incident at the Inland Regional Center. Washington: Office of Community Oriented Policing Services.

National Security Situation: The evolution of Law Enforcement and Public Safety (LE/PS) Training within the U.S.

Date Originally Written: April 7, 2017.

Date Originally Published: April 24, 2017.

Author and / or Article Point of View: Author is a graduate of both University and Federal LE/PS training. Author has two years of sworn and unsworn law enforcement experience. Author believes a reform of LE/PS training led by institutes of higher learning such as colleges and universities is necessary to meet evolving LE/PS challenges.

Background: Over the past twenty years the U.S. has seen a major shift in public opinion and media coverage of LE/PS operations. As a result of this shift, there have been ad hoc changes in LE/PS training on various topics to address a lack of specialized training. But because LE/PS basic training and advanced training is conducted and designed at a local level, the added training can vary from city to city and state to state. A look at the basic training of LE/PS is important in the context of how LE/PS organizations are preparing to respond to contemporary changes in U.S. culture and the massive scale of resources and time it takes to train a LE/PS Officer[1].

Current LE/PS basic training varies from state to state with varying hours, types of training, and style of training conducted[2]. This mix of training hours, types, and styles produces a varying level of LE/PS Officer upon graduation. A LE/PS Officer in one state could lack hundreds of hours of training compared to their peer the next state over when beginning their initial field training.

Significance: The Bureau of Justice Statistics observed in 2008 that there were sixty-one thousand new LE/PS Officers hired in the United States[3]. Due to the nature of attrition, retirement, and LE/PS budgets, this hiring is only expected to increase over the coming years as a younger generation replaces the “Widening Hole in the Bucket” that is staffing levels in departments nationwide[4].

Option #1: Establish a system of National Law Enforcement Colleges within university systems throughout the U.S. that not only train and certify LE/PS Officers but that do this as part of a wider degree-granting program. Option #1 is similar to in-depth and standardized training of LE/PS personnel that countries such as Germany and Sweden have developed.

Risk: With a rising average number of LE/PS recruits in the U.S. each year, sixty-one thousand hired in 2008[4], a series of colleges would have to have enough capacity to handle one hundred to two hundred thousand trainees across the country at varying years of study if a multiple year degree program is established. Option #1 could also be viewed as a “Federalization” of LE/PS since the undertaking would inevitably involve the Federal Government for funding and certification. It has also been noted, albeit with limited research, that university-educated LE/PS Officers experience higher levels of frustration and lower levels of overall job satisfaction[5].

Gain: Option #1 would increase the minimum education of LE/PS Officers allowing them to be educated in various social science fields that the university systems already employ subject matter experts in. Option #1 could also offset certain costs of training LE/PS Officers as the program could be run as a self-pay system as any other university program or limited scholarship program such as the U.S. Military Reserve Officer Training Corps program.

Option #2: Developing and implementing a national standard for basic law enforcement training to be met by currently existing training academies.

Risk: This would increase the cost of LE/PS training to states that have below minimum standards. If an extended length of training is chosen it would cause a bottleneck in training new LE/PS Officers that agencies are in need of immediately to boost low staffing numbers. A national set of minimum standards could lead to simply a change in what is taught during basic training instead of an actual increase in training provided as academies may be inclined to abandon non-mandated training to shorten program time.

Gain: Concerns with the lack of certain types of training, such as social services and crisis intervention, would be resolved as mandatory training hours could be set for these topics. LE/PS Officers operating on an inter-agency level (City to County or across State Lines) would have been trained initially to the same set of standards and would be able to better cooperate.

Other Comments: While the lack of certain academic topics in LE/PS training does exist as a current problem, it must also be understood that in a human-services profession such as LE/PS, that informal training through actual field experience is still the most significant way that adults learn in challenging situations[6]. No amount of academic or basic training will replace the need for actual field experience by the trainee to become competent as a LE/PS Officer.

Recommendation: None.

Endnotes:

[1] Stanislas, P. (2014). Introduction: police education and training in context. In P. Stanislas (Ed.), International perspectives on police education and training (pp. 1-20). London: Routledge.

[2] Reaves, B. (2016). Bureau of Justice Statistics (BJS) – State and Local Law Enforcement Training Academies, 2013. Bjs.gov. Retrieved 7 March 2017, from http://www.bjs.gov/index.cfm?ty=pbdetail&iid=5684

[3] Reaves, B. (2012). Bureau of Justice Statistics (BJS) – Hiring and Retention of State and Local Law Enforcement Officers, 2008 – Statistical Tables. Bjs.gov. Retrieved 7 March 2017, from http://www.bjs.gov/index.cfm?ty=pbdetail&iid=4514

[4] Wilson, J., Dalton, E., Scheer, C., & Grammich, C. (2017). Police Recruitment and Retention for the New Millennium (1st ed.). Santa Monica: RAND Corporation. Retrieved from http://www.rand.org/content/dam/rand/pubs/monographs/2010/RAND_MG959.pdf

[5] Stanislas, P. (2014). The challenges and dilemmas facing university-based police education in Britain. In P. Stanislas (Ed.), International perspectives on police education and training (pp. 57-71). London: Routledge.

[6] Giovengo, R. (2016). Training law enforcement officers (1st ed.). CRC Press.

Divergent Options

www.DivergentOptions.org — National Security Analysis, Options Without Advocacy, and Podcasts

Category: Law Enforcement & Public Safety

Cyber Vulnerabilities in U.S. Law Enforcement & Public Safety Communication Networks

Options to Evolve U.S. Law Enforcement and Public Safety Training

Share this:

Share this: