When someone calls 9-1-1 with an emergency, it’s much more than just an ordinary phone call. The 9-1-1 call center is a mission-critical system with a sophisticated infrastructure and a vital need for state-of-the-art security. PlantCML, an EADS North America company, is North America’s leading provider of crisis communications and emergency response solutions and services. The company offers innovative telecommunications functionality for mission-critical applications through flexible, scalable 9-1-1 solutions. PlantCML’s managed services help 9-1-1 emergency call centers secure their systems with patch updates, virus protection and disaster recovery so that mission-critical call centers are protected and secure at all times. Headquartered in Temecula, California, with four regional offices and more than 620 employees, PlantCML serves both the public safety and private security sectors, with customers spanning federal agencies and a wide range of transportation and utilities organizations. In fact, for more than 35 years, PlantCML has been recognized as an industry leader for providing emergency response solutions and services for organizations that serve and protect their communities.
Securing tomorrow’s next-generation 9-1-1 call centers
PlantCML has served over 4,000 Public Safety Answering Points (PSAPs), which are managed by agencies within local towns or municipalities that handle 9-1-1 emergency calls. Because the 9-1-1 emergency services industry is changing rapidly, PlantCML focuses on delivering scalable solutions with a natural migration path for merging with next-generation technologies and applications. The greatest challenge, according to PlantCML’s Technical Solutions Engineer, Jeremy Smith, is not in securing today’s 9-1-1 call centers, but in securing tomorrow’s. “There’s a big evolution occurring in the 9-1-1 industry, from traditional 9-1-1 to Next-Generation 9-1-1,” said Jeremy. “It’s dramatic, and everyone’s scrambling to make sure they are secure in this new way of doing things.”
Traditionally 9-1-1 is a TDM or telephony-based system with a physical PBX. The industry is moving towards a purely IP model with Voice over IP (VoIP). Next-generation emergency call centers are already starting to incorporate the new features that IP-based technology provides, like messaging, video, and cell phone pictures. PlantCML has created a series of products to take advantage of these features, and with it, a new level of heightened security has become absolutely essential. In addition to new security needs for each client’s 9-1-1 environment, security is also required as part of PlantCML’s managed services in establishing a secure VPN connection between PlantCML’s network operations center (NOC) and the client’s call center.
9-1-1 systems are prime targets for hackers, says Smith. “But in most cases, 9-1-1 centers have never been connected to the Internet or other networks, and hackers targeting the systems needed actual physical access to the target. So in the past, the overhead associated with 9-1-1 hacking has been high and a good deterrent. However, next-generation 9-1-1 interconnects call centers with IP, giving attackers a much lower barrier to entry. So now the risk of hacking will go up, because the overhead associated with that hacking is so much less.”
"In a next-generation 9-1-1 world, the risk of hacking and other threats will increase exponentially. We’re telling customers to move to the next-generation 9-1-1 to get all these new features, and to also make sure they have the appropriate security in place. An important part of that is McAfee Firewall Enterprise Edition."Jeremy Smith
Technical Solutions Engineer, PlantCML
Using best-of-breed to save lives
PlantCML turned to McAfee’s Network Security Business Unit (formerly Secure Computing) to prepare for the next generation of 9-1-1 emergency response. “Although still a ways into the future, if I’m a 9-1-1 call center, and I start to receive emails (something not common today), now I have to deal with spam,” notes Smith. “We can deal with that with McAfee Firewall Enterprise Edition (formerly Sidewinder) and its integrated TrustedSource™ global reputation intelligence that blocks spam. Today, spam is not a common threat vector to these centers, but that’s going to change, and we are positioning TrustedSource technology to be ready for the future.”
Besides spam, other VoIP-related threats, such as viruses and other types of malware, will become a major issue. “Much of what we’re doing with the firewall is preparatory,” says Smith. “We want to give them an appliance that will really prepare them for what’s coming, rather than what’s here right now in the old 9-1-1 paradigm. This is a strategic investment for our customers, not only to help them deal with current security problems, but also to prepare them for the next generation of emergency calls. We may not be dealing a lot today with inbound and outbound Internet threats, but in the next generation of 9-1-1, we will.”
Prior to using McAfee Firewall Enterprise Edition, PlantCML had been using Cisco PIX. Switching to McAfee was an easy choice. “McAfee had a much better product for protecting against application layer attacks which dominate the Internet today,” notes Smith. “Also, we found that McAfee really understood our unique business model, and is able to give us the ‘care and feeding’ that we need. Our rep understands our atypical business structure, and we receive the close support we require. When we have an odd question or request, he makes it work for us. He even sent a sales engineer out with me once all the way to the state of Maine to work on a deal. And finally, simply put: the firewall itself is just a better firewall.”
When you run a mission-critical organization such as a 9-1-1 center, and you’re moving to an IP environment, Smith says, “You need the best you can get.” For PlantCML and most of the nation’s 9-1-1 emergency call centers, the best is McAfee Firewall Enterprise Edition. Attacks are now happening primarily at the application layer, and no other firewall has EAL4+ certification for application layer firewalls. Furthermore, this is the only firewall that has never been compromised. “When we go into a municipal call center, we tell them that we’re not going to sell them just an ordinary firewall. We’re going to sell them something they’ll appreciate—something with legitimate credibility,” finishes Smith.
Streamlined security and reporting
PlantCML has been using McAfee Network Security Business Unit products for over three years, both internally and at client sites. PlantCML’s Managed Services NOC employs two McAfee enterprise-level models, and for nearly every site under managed service, PlantCML provisions a smaller firewall to the client site. A VPN connection is established between the NOC and the client site to facilitate the managed service in a secure fashion. In addition, every customer gets a McAfee UTM Firewall (formerly Sidewinder). The firewall function is delegated primarily to the McAfee Firewall Enterprise Edition, while the McAfee UTM Firewall is used as a modem router for a dialup connection. “Every system has a phone connection. If someone dials in with a POP line, they go through McAfee UTM Firewall,” says Smith.
Although Smith does appreciate the user-friendly administrative console where rules can be viewed or configured completely in one screen, ease of use is only marginally important. The most important factor is the quality of the security features of the firewall itself, which marries anti-virus, IPS, true VoIP security and more in just one powerful firewall appliance. “Additionally, when it comes to monitoring and reporting, the Firewall Enterprise Edition makes it easy for us to streamline management and provide actionable reports for us and our customers,” says Smith.
PlantCML’s new Patriot solution is pure Voice over IP (VoIP). Representing PlantCML’s next-generation platform, the Patriot line provides 9-1-1 centers with all of the advanced features available with IP-based technology that are not possible with standard telephone service. But because it is based on Internet telephony, there are new risks that must be dealt with. “We’re selling the Firewall Enterprise Edition with every single Patriot system,” says Smith. “We use it today for the managed services piece, but what we’re provisioning that firewall for is to help customers prepare when they plug into that next-generation 9-1-1 network — because when they do, they’ll be able to leverage all those new IP features with the confidence that comes from complete VoIP and application security.”
“In a next-generation 9-1-1 world, the risk of hacking and other threats will increase exponentially. We’re telling customers to move to the next-generation 9-1-1 to get all these new features, and also to make sure they have the appropriate security in place. An important part of that is the McAfee Firewall Enterprise Edition,” concludes Smith.