Thursday, March 28, 2024

Security for Smart Cities

Japan is a world-leader when it comes to the real-world deployment of smart technologies. Through sophisticated networks of sensors, entire cities can be redesigned to meet the needs of the people living there. Networks of this sort are more commonly referred to as Internet-of-Things connected; settlements where this practice is widespread are known as Smart Cities. If the current direction of travel is maintained, then this will be the rule rather than the exception, not only in Japan, but everywhere in the world.

Keeping a city of this sort secure would mean installing CCTV cameras throughout, connecting them up, and powering them (using modern switch-mode power supplies). Of course, there are civil liberties concerns to address before this becomes practicable, not least of which is the possibility that this network might actually be compromised.

Security Costs

Of course, with all of this connectivity comes a not-insignificant security problem. What if hackers were to gain access to the network, and access the data stored there? Interconnected devices aren’t always protected to the same degree. Once a vulnerable device is exposed, then an attacker might move laterally through an entire system, gobbling up data as they go. This practice was demonstrated a few years ago when an American casino was attacked via the internet-connected fish tank in its lobby.

When it’s an entire city that’s connected in this way, rather than just a single business, the amount of data on offer is greater by an order of magnitude. And so too, therefore are the risks.

Meeting the Challenge

So how is this challenge to be met? There are several methods, which will need to be deployed in tandem to be truly effective.

Compartmentalisation

Just as an ocean liner might be divided into several large compartments to prevent the entire thing from being flooded by a single impact, so might a network of IoT devices be compartmentalised. End-points can be isolated, limiting the opportunity for viruses to spread.

Multi-factor Authentication

Biometrics might come in alongside passwords and location data to ensure that devices are made truly resilient against attack. While a password might be stolen or guessed, a fingerprint is less vulnerable. Multi-factor authentication has rapidly become the norm for individuals; for cities, it might well be mandatory.

Frequent Updates

In a network the size of a city, of course, it would be impracticable for every device to rely on manual updates. Automated updates will ensure that leaks are contained swiftly. Building in this function would allow each device to keep track of its own health, and to obtain updates from trusted sources.

Website

Latest articles

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles