This thesis examines information security management in public safety communication centers as they transition to Next Generation 9-1-1 (NG9-1-1) systems. The author conducted a survey of 225 agencies and received 56 responses. The study found that none of the responding agencies had implemented NG9-1-1 yet, so none were required to comply with the relevant NENA security standards (NG-SEC), but 7 agencies reported voluntarily complying. Common barriers to compliance for non-compliant agencies included cost, time constraints, and limited staffing. The author recommends further research with broader samples to better understand compliance rates among agency size and location categories.
1. Next Generation 9-1-1:
Examination of Information Security
Management In Public Safety
Communications Centers
By Natalie J. Yardley
A Thesis Presented in Partial Fulfillment
of the Requirements for the Degree
Master of Science
University of Advancing Technology
March 2012
2. The Defense Presentation:
Purpose
Rationale and Background
Research Questions
Methodology
Sample
Study Findings
Discussion of findings
Recommendations
What I learned
3. Purpose
This study explores the current level of
progress towards achieving compliance
of NG-SEC or noncompliance.
4. Rationale and Background
9-1-1 is a vital societal system.
U.S. 9-1-1 systems are transforming
from closed analog systems to open
Internet-Protocol systems, known as
Next Generation 9-1-1 (NG9-1-1).
NG9-1-1 need exists.
5. Research Questions
What are the Next Generation 9-1-1 security
standards and policies?
What percentage of agencies have Next
Generation 9-1-1 status?
What percentage of agencies are compliant
or noncompliant?
What are the obstacles and/or challenges for
public safety answering points (PSAPs) that are
not compliant with public safety communication
information security standards
6. Methodology
Mixed Method study:
◦ Literature Review (secondary data)
◦ Survey (primary data – to receive field
perspective)
• Descriptive (no tests were performed)
• Exploratory
• Evaluation
7. Sample
• 225 agencies were sent surveys.
• Agencies were stratified into three segments
based on the population of their jurisdiction:
◦ Small (1-99,999)
◦ Medium (100,000-499,999)
◦ Large (500,00 or greater)
• 56 agencies responded to the survey.
8. Study Findings #1
NENA has provided the national
security standards and best practices
for public safety answering points with
the National Emergency Number
Association (NENA) Security for Next-
Generation 9-1-1 Standards(NG-
SEC).
10. Study Findings #3
None of the agencies reported Next
Generation 9-1-1 status (all reported
Wireless Phase II status) and
therefore are not required to be
compliant to NG-SEC.
Regardless of no NG9-1-1 status, 7 of
56 agencies were compliant with NG-
SEC standards (1 large, 4 medium, 2
small).
11. Study Findings #4
Non-compliant obstacles/or
challenges:
◦ Cost
◦ Time
◦ Staff Constraints
12. Discussion of Findings
What are the NG9-1-1 information
security management standards?
◦ National Emergency Number Association
(NENA) Security for Next-Generation 9-1-1
Standards (NG-SEC).
13. Discussion (continued)
What amount of agencies have NG9-
1-1?
◦ The 56 agencies that responded to the
research study were not NG9-1-1 status.
14. Discussion (continued)
What percent of agencies are
compliant or noncompliant?
◦ 7 of 56 agencies were compliant with NG-
SEC standards (1 large, 4 medium, 2
small).
◦ None of the 56 responding agencies were
NG9-1-1.
15. Discussion (continued)
What are the obstacles and/or
challenges for not being compliant
with NG-SEC?
◦ Again, none are required to be compliant
(none NG9-1-1), but agencies responded.
◦ Time, cost, and staff constraints were the
most responses for agencies.
16. Recommendations
A study that surveyed the entire public
agency population and allowed a better
comparison of large, medium, and small
agencies would be beneficial.
Examining more specific areas of
compliance within the NENA Security for
Next-Generation 9-1-1 standards, such
as examining national or regional
physical security, acceptable usage, or
incident response policies.
17. Recommendations
(continued)
Studies comparing compliance
between agency size segments, rural
verses metropolitan entities, or
regional sections within the United
States.
Examine survey styles that work best
with government and/or public safety
entities to allow a higher response
rate.
18. What I learned
Technology is fast. Government is
slow.
This is only the beginning.