Law enforcement agencies at the federal, state, and local level, including county sheriffs offices, city police departments, and investigators for District Attorney offices, face various types of cyber-enabled threats.
- Cybercriminals, both foreign and domestic, are using ransomware, Distributed Denial of Service (DDoS) attacks, and other cyber-enabled methods to target 911 dispatch and emergency response systems, jail and records management platforms, Computer-Aided Dispatch (CAD) systems, as well as communication and coordination tools.
- Using Ubiquitous Technical Surveillance (UTS), threat actors are collecting large amounts of data from public systems to track and target individuals, interfere with investigations, and disrupt law enforcement agencies' ability to respond to emergencies and other threats.
When successful, these threat actors can steal sensitive data, delay emergency response, and undermine confidence in law enforcement agencies' ability to maintain public safety.
Top Security Concerns and Solutions for Law Enforcement
Threat actors are using digital tools to carry out attacks that disrupt emergency services and compromise sensitive law enforcement data, blending together techniques across the cyber, physical, and information operations domains in what are known as "multidimensional" threats.
The Center for Internet Security® (CIS®) provides trusted, community-developed cybersecurity resources to help U.S. State, Local, Tribal, and Territorial (SLTT) law enforcement agencies maintain access to mission-critical systems, protect sensitive data, and strengthen their cybersecurity posture
Cyber-Enabled Criminal Surveillance and Targeting
Drug cartels, human smugglers, and organized crime groups increasingly use cyber tools — such as hacking, social media monitoring, and geolocation tracking — to surveil law enforcement officers. This compromises operational security, endangers officer safety, and undermines investigations. Cyber attacks directed at individual officers (e.g., doxxing, phishing) amplify these risks.
How CIS Can Help
- Deliver Warning and Analysis on Multidimensional Threats with ThreatWA™
- Implement Robust Data Protection Measures with CIS Control 3: Data Protection
- Foster Faster Advanced Warning of Verified Cyber Threats with MS-ISAC® Membership
- Manage Your Online Presence in Eight Steps Using Our Guide
- Monitor for Malicious Traffic with Albert Network Monitoring and Management
- Defend against Known and Unknown Endpoint Threats with CIS MDR™
- Block Web Requests to Known Malicious Domains with MDBR+
- Reduce False Positives in Reviewing Potential Threats with MSS
Community Safety Threats from Hybrid Tactics
Foreign and domestic threat actors, along with criminal organizations, are leveraging combined cyber and physical methods to destabilize communities. These tactics range from spreading disinformation to disrupting critical infrastructure, creating an unsafe public safety environment and eroding trust in law enforcement.
How CIS Can Help
- Prepare Organizations to Defend against Multidimensional Threats with ThreatWA™
- Improve the Resilience of Your Critical Infrastructure Systems with CIS Resources
- Fortify the Cyber Defenses of Your Community by Becoming a Secure Cyber City™
- Leverage U.S. SLTT Community to Find Vetted, Cost-Effective Solutions in CIS CyberMarket®
- Collaborate with Other U.S. SLTT Law Enforcement Agencies by Joining the MS-ISAC®
Operational Disruption of Emergency Response
Cyber attacks on law enforcement systems — such as records management, dispatch, and communications — can cripple emergency response capabilities. If these systems are compromised, officers may be unable to access critical data or coordinate effectively, directly impacting their ability to protect the public during crises.
How CIS Can Help
- Deliver Warning and Analysis on Multidimensional Threats with ThreatWA™
- Implement Robust Data Protection Measures with CIS Control 3: Data Protection
- Foster Faster Advanced Warning of Verified Cyber Threats with MS-ISAC® Membership
- Harden Your Technology Systems using the CIS Benchmarks®
- Streamline Your Audits with Centralized Visibility in CIS SecureSuite® Platform
- Monitor for Malicious Traffic with Albert Network Monitoring and Management
- Defend against Known and Unknown Endpoint Threats with CIS MDR™
Common Threats
Inmate Transfers and Court Processes Disrupted
In September 2025, a Louisiana sheriff’s office suffered a ransomware attack that disrupted inmate transfers, court appearances, and bail processing, forcing the office to resort to manual processes.
Police Investigation Files Leaked and Public Trust Shaken
In mid-2024, a cyber attack on a city police department led to the leak of sensitive investigation files and personnel records, jeopardizing cases and raising concerns about victim and officer safety.
Local Emergency Declared and National Guard Activated
In late 2025, a city in Minnesota issued a local declaration of emergency and activated the National Guard after a cyber attack disrupted online payment platforms and other city services.
911 Dispatch Offline and Emergency Response Delayed
In early 2024, a ransomware attack on a regional 911 system forced dispatchers to revert to pen and paper for over a week, delaying emergency response times and putting lives at risk.
Regional Loss of Access to Emergency Notifications System
In 2025, some U.S. regions lost access to a nationwide emergency notifications system following a cyber attack and breach, prompting some cities to rely solely on social media to reach the public.
Emergency Communications Disrupted and Lives Put at Risk
In 2024, cyber attacks against public safety infrastructure rose dramatically, delaying first responders, weakening communication between field units, and increasing public safety risks in critical incidents.
