Japan is a world-leader when it comes to the real-world deployment of smart technologies. Through sophisticated networks of sensors, entire cities can be redesigned to meet the needs of the people living there. Networks of this sort are more commonly referred to as Internet-of-Things connected; settlements where this practice is widespread are known as Smart Cities. If the current direction of travel is maintained, then this will be the rule rather than the exception, not only in Japan, but everywhere in the world.
Keeping a city of this sort secure would mean installing CCTV cameras throughout, connecting them up, and powering them (using modern switch-mode power supplies). Of course, there are civil liberties concerns to address before this becomes practicable, not least of which is the possibility that this network might actually be compromised.
Of course, with all of this connectivity comes a not-insignificant security problem. What if hackers were to gain access to the network, and access the data stored there? Interconnected devices aren’t always protected to the same degree. Once a vulnerable device is exposed, then an attacker might move laterally through an entire system, gobbling up data as they go. This practice was demonstrated a few years ago when an American casino was attacked via the internet-connected fish tank in its lobby.
When it’s an entire city that’s connected in this way, rather than just a single business, the amount of data on offer is greater by an order of magnitude. And so too, therefore are the risks.
So how is this challenge to be met? There are several methods, which will need to be deployed in tandem to be truly effective.
Just as an ocean liner might be divided into several large compartments to prevent the entire thing from being flooded by a single impact, so might a network of IoT devices be compartmentalised. End-points can be isolated, limiting the opportunity for viruses to spread.
Biometrics might come in alongside passwords and location data to ensure that devices are made truly resilient against attack. While a password might be stolen or guessed, a fingerprint is less vulnerable. Multi-factor authentication has rapidly become the norm for individuals; for cities, it might well be mandatory.
In a network the size of a city, of course, it would be impracticable for every device to rely on manual updates. Automated updates will ensure that leaks are contained swiftly. Building in this function would allow each device to keep track of its own health, and to obtain updates from trusted sources.
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…