Last year’s headline-grabbing security breaches of Internet of Things (IoT) technology was the opening salvo in a new cyberwar where smart cities are firmly in the crosshairs.
Smart city security vulnerabilities were a recent topic of discussion with Paul Williams, SADC Country Manager with cyber security software firm Fortinet.
Williams says that 2016’s high profile IoT cyber-attacks exposed how vulnerable this new technology is to hackers.
“As was seen recently in a series of IoT-based denial of service attacks, IoT devices can be compromised and hijacked into a Shadownet and controlled by a command and control center run by hackers,” he says. “Alternatively, these devices and services may be attacked in order to deny services to legitimate users.”
And considering that global smart city strategies hinge on connecting massive numbers of IoT devices and sensors, this boosts the attack surfaces targeted by smart city hackers.
“The increase in the size of a smart city’s IoT device footprint corresponds to an increase in the size of its attack surface,” he warns.
In light of how quickly IoT technology is being integrated into vital systems of smart cities, considerable damage can be done by malicious hackers.
Some examples of possible smart city attacks could include: disrupting traffic by hijacking traffic lights or misdirecting vehicles; causing sewage system floods or disrupted access to drinking water; or remotely operating alarm systems and temperature control systems.
But rather than hitting the panic button, Williams recommends smart cities begin a systematic approach to tackling their IoT security threats.
“While it’s not possible to secure every possible security breach in a totally connected environment… it’s possible to take some key initial steps to strengthen the smart city’s security posture and architecture,” he says.
Using strong encryption
Among these initial steps would be the usual advice of using strong encryption, designing tamper-resistant systems and implementing strong system access control.
Beyond these steps he says that complex smart city networks need to implement segmentation to boost security. He suggests, for example, that smart transportation networks be logically segmented from other networks like user services or energy networks.
“This aids in isolating an attacks, and allows for the advanced detection of data and threats as attacks and malware move from one network zone to the other,” says Williams. “This also divides the smart city network into security zones, which aids in compliance, monitoring internal traffic and devices, and preventing unauthorized access to restricted data and resources.”
He also recommends that smart cities develop specific mitigation strategies to counter distributed denial of service (DDoS) attacks. These strategies could include overprovisioning the city’s bandwidth to withstand the overwhelming nature of DDoS attacks.
“This may be comprised of either an over provisioned appliance solution, or a hybrid solution consisting of appliances combined with a cloud based scrubbing center,” he says.