Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
smart cities<br />
smart city, it needs to collect and analyse<br />
personal data from the users, so that it can<br />
tell what works and what does not. To be<br />
as effective as possible, they need to collect<br />
data from users about their movements,<br />
peak traffic times, transportation mode<br />
preferences, streetlight data, traffic camera<br />
data, payment options and more.<br />
All this information then needs to be<br />
stored somewhere, whether this is a Cloud<br />
server or under the control of a municipal<br />
IT department. Doing this is a necessity,<br />
but the centralisation of information and<br />
control of an entire municipal<br />
transportation system is putting a lot of<br />
eggs in a single basket. As we've seen,<br />
though, putting so much precious data in<br />
one location is an invitation for trouble.<br />
2017 saw a rise in cyber-attacks that<br />
purposely target private data, whether<br />
to use as ransom or to release online and<br />
cause chaos. Uber and Forever 21 were<br />
just two of the many companies to suffer<br />
massive data breaches in 2017 and, in<br />
recognition of the very real risks to people's<br />
personal information, 2018 sees the<br />
introduction of the GDPR [in May], a new<br />
regulation that will force companies to<br />
take more responsibility for the protection<br />
of customer data [see page 24].<br />
If enterprises want to continue the<br />
upkeep of smart cities, then the basket that<br />
holds all this information must be designed<br />
for maximum security, controlled access<br />
and limited information portability.<br />
According to Von Welch, director of the<br />
Center for Applied Cyber Security Research<br />
at Indiana University: "We have a lot of<br />
companies making new devices for the<br />
urban Internet of Things that have not<br />
made computers or written software<br />
before." This is a critical warning to<br />
intelligent urban traffic planners. Get the<br />
IT security team involved early. There is<br />
great technology available to help protect<br />
and defend large centralised networks.<br />
Robust security requires many specialised<br />
appliances, so an intelligent connectivity<br />
solution should also be part of the initial<br />
plan.<br />
Alastair Hartrup, global CEO, Network<br />
Critical.<br />
Without properly planned network<br />
protection and rapid attack remediation, the<br />
commerce, movement and safety of entire<br />
cities could be vulnerable to a malicious<br />
breach. Traffic signals could be manipulated;<br />
electronic road signs could be hacked to<br />
provide misinformation; emergency<br />
responders could be blocked from trouble<br />
spots; funds could be stolen; or bank<br />
accounts compromised.<br />
We've seen this already: in 2014, security<br />
researchers at the University of Michigan<br />
were able to hack traffic lights of nearly 100<br />
intersections that they found to have no<br />
security controls at all. This hack was just an<br />
experiment to point out the flaws; imagine if<br />
it was performed by someone with malicious<br />
intent.<br />
This is all scary stuff, but not impossible to<br />
manage. If proper network visibility, threat<br />
landscape reduction, data loss protection,<br />
data backup and employee training are<br />
planned and implemented early on, then<br />
Utopia may, in fact, be possible, without<br />
opening the door to a municipal apocalypse.<br />
www.computingsecurity.co.uk @CSMagAndAwards March/April 2018 computing security<br />
19