An increasing range of public safety technologies have their own internal computer operating systems and require connection to the internet to fully operate. For example, an agency might purchase a UAV (unmanned aerial vehicle, sometimes referred to as a drone) to support aspects of its operations (see recommended reading for one example). To be fully functional, the device often requires some level of internet connectivity to support its operation and to access live or archived video footage.
Increasingly, police agencies in North America are turning to UAV’s as a useful tool for a wide variety of policing purposes. Agencies will often cite the humanitarian benefits of improving their ability to find lost children or at risk-adults, improving traffic flow during major events like athletic games, or monitoring vehicle and pedestrian movements during rush-hour. Less likely to be cited, but equally as important, UAV’s can augment other airborne efforts such as aerial surveillance prior to police operations, improving crime scene documentation, and even pre-response assessment of in-progress crime events. Police use of UAV’s requires highly regulated FAA approval and licensing of “pilots”.
Less considered, but even more critical, is the high vulnerability of sensitive police information available by hacking into police data systems through the use of such technologies. The US government, for example, has warned US agencies that UAV manufacturers from some nations are strongly suspected of shipping such devices with on-board software that can be used to tap into any other data systems. In other words, by connecting a compromised device to the internet using an agency's network, other data systems operating on that network might be compromised.
When this warning was raised at a meeting sponsored by the COPS Office in early 2019, one agency representative said, “We’re not worried about that, we only use our drones for benign events like traffic flow, etc.” The response to this assessment from DHS was, “Your biggest threat isn’t tapping into the streaming data from your cameras; the drones will be used to hack into your entire network!”
Agencies need to be conscious of this potential risk when purchasing new technologies, especially devices manufactured in nations that may have tense relations with that agency’s government. It might be necessary to have their devices “scrubbed” of any software/hardware that could be used to hack into their networks by trusted IT professionals and consider disconnecting any linking technologies to prevent intrusions. Agencies should have clear policies to protect them from technology-based data theft and should ensure they have access to the support of IT professionals who can help them negotiate and mitigate any risks.