Many public safety, utility and transportation radio systems are migrating to Internet Protocol (IP) technology to help incompatible devices communicate. IP has become the universal computer language spoken by virtually every network-capable device in the world, making it the foundation for many modern communications systems, including public safety. However, if proper precautions are not taken, the technology can be extremely vulnerable to attack from hackers and viruses, so local officials must take steps to protect their data and systems from disruption.

Essentially, IP-based radio systems use Internet technology to communicate on any type of IP network, including microwave, fiber, T1 and others. IP technology also allows data, voice and video to be transmitted over a single network. Furthermore, well-designed IP networks are inherently fault-tolerant and will heal themselves in the event of a network failure.

However, the “craft” of computer theft has evolved into a science. Its practitioners study software for vulnerabilities and develop automated tools to find and exploit the weaknesses. Their tools include worms, viruses, Trojan horses, spyware and more. Once inside a network, hackers can steal or manipulate data, crash the system, degrade its performance or turn computers into hacking accomplices. The financial effects range from the costs needed to recover the network to the money and time spent litigating cases when data is stolen. If a critical communications system is compromised, the losses are incalculable.

Though hackers are ubiquitous, local governments can protect IP radio systems using multiple lines of defense to stop external invaders and detect internal security breaches. The first line of defense is a firewall, which is a single point of network entry comparable to a drawbridge, that fully reviews and analyzes every data packet that travels through the system, allowing only trusted packets in or out of the network.

The second line of defense is a hardened network that prevents unauthorized access to network devices, filters abnormal data traffic and encrypts data to prevent eavesdropping. The third line of defense is hardened servers and workstations. Traditionally, computer operating systems are configured for ease-of-use, not security, but they can be hardened by eliminating unused services, adding access control limits and installing the latest anti-virus software.

Finally, an intrusion detection system can closely monitor all network traffic for any hint of suspicious activity. Events of interest are logged and monitored from a central management system that can issue an alarm or block traffic depending on the threat type and level.

To maintain a strong defense, network software must be updated with the latest security patches. An organization's defensive strategy has to include security updates and services that will identify applicable patches and tests to ensure they do not affect system performance.

A tempting target, unprotected IP communication systems must be safeguarded against attack. Customized security plans are essential to fulfilling the promise of IP-based communications for local government operations.

The author is manager of Data, Dispatch and Security Products for Lowell, Mass.-based Tyco Electronics' M/A-COM.