Connecting state and local government leaders
The department is looking for cybersecurity services to help it protect its employees from having personally identifiable information exposed.
The New York City Fire Department is looking for consultants to help it prevent doxing of its 16,000 firefighters, emergency medical technicians and administrative support personnel across the five boroughs.
Doxing—or the weaponizing of an individual’s personal information to punish, harass or encourage threats—is a growing problem, potentially affecting anyone on the wrong end of a grudge, including police, poll workers and school officials.
In a request for information first reported by the New York Post, FDNY says it is looking for a consultant to provide expertise and software solutions, including managed detection and response services as well as real-time threat mitigation and recovery capabilities. A vendor with experience working with large organizations would also be required to provide protective strategies addressing the misuse of personally identifiable information and assistance protecting PII.
FDNY spokesman Frank Dwyer told the Post the RFI was not triggered by a doxing incident, but rather “part of the FDNY’s ongoing cybersecurity preparedness measures to protect the department’s data.”
The FDNY also wants the consultant to provide employee education and training focusing on preventive and mitigation measures that address the targeting of and misuse of PII.
The First Responder’s Toolbox, a resource from the director of National Intelligence, warns that PII posted on social media, websites or personal electronic devices, can be used to target an individual online and possibly in person. The toolbox’s chapter on online personal security describes how police and firefighters can protect themselves by limiting their digital footprints. Recommendations include basic cyber hygiene, such as avoiding posting affiliations with responder organizations on social media, using encryption and strong passwords and shredding unnecessary documents. It also advises responders to be aware that illicit actors can post videos of responder activities for nefarious purposes.
Responses to NYFD’s RFI are due July 7.