IoT and Smart Cities have become terms we are all too familiar with, but looking at the rate at which they grows, we cannot ignore the growth of the attack areas, writes PAUL WILLIAMS, Country Manager SADC, Fortinet.
Smart cities are being planned the world over. Technology development always goes through two phases for any new discipline: First – tools are developed, and infrastructure is built and enabled. And second – the technology is scaled up. In the case of smart cities, we are in the first phase, where many of the kinks and challenges are still being ironed out.
Here are some examples of services a smart city might provide:
· Coordinated energy control of air conditioners at homes during hot summer days to manage and preserve city power resources
· Directed local discounts in retail and restaurants to avoid city congestion
· An automatic fee for driving a vehicle during highly congested periods
· A smart directed parking app that automatically discounts congestion charges for parking in specific parking lots
· Real-time sensor data to warn citizens affected by allergens and irritants
· Real-time sensor data of standing water for mosquito breeding, etc.
· Vehicle-to-vehicle communication, autonomous driving technology, and infrastructure with embedded sensors to warn of things like imminent traffic jams, construction, best routes for navigation during emergencies, etc. based on real-time traffic patterns.
To enable such services, smart cities will need to deploy plenty of IoT devices and services for metering, sensing, and controlling.
The Attack Surface of Smart Cities
The increase in the size of a smart city’s IoT device footprint corresponds to an increase in the size of its attack surface.
As was seen recently in a series of IoT-based denial of service attacks, IoT devices can be compromised and hijacked into a Shadownet (an IoT-based botnet that can’t be seen or tracked using normal browsers or tools) and controlled by a command and control (C&C) center run by hackers. Alternatively, these devices and services may be attacked in order to deny services to legitimate users.
Here are some examples of what hackers and attackers can do:
· Take control of parking, traffic lights, signage, street lighting, and automated bus stops, etc. For example, changing highway signs to read “terrorist threat in area” or “danger, toxic spill ahead” could seriously disrupt traffic and cause panic among drivers.
· Direct all cars and buses to a specific area to create congestion and gridlock.
· Disable local transportation, thereby disrupting businesses and services, such as banking, because employees can’t get to work.
· Open causeways to spill sewage and untreated waste water into parks, rivers, and communities.
· Cut off access to drinking water.
· Send fake SMS directing to people to a specific location, such as a targeted business or government agency
· Remotely switching off air conditioners or furnaces during extreme temperature days
· Randomly turning on fire and burglar alarms throughout the city
Increasing the Security in Smart Cities from the Inside
While it’s not possible to secure every possible security breach in a totally connected environment, it doesn’t mean we need to go back to the Stone Age. Instead, it’s possible to take some key initial steps to strengthen the smart city’s security posture and architecture:
· Use strong encryption
· Design systems that have strong protection against tampering.
· Provide strong access control, authentication, and authorization
· Maintain detailed logging of activities
· Segment services for individual sub-systems, and then aggregate and pool data that you want to make publicly accessible
· Create centralized management, analysis, and control systems through segmented and secured administration channels to troubleshoot problems
· Set baseline standards that trigger alarms or require manual override when thresholds are crossed or anomalous behavior is detected, such as rerouting traffic or disabling water treatment.
Segmentation is the Key
With a complex smart city network, segmentation is the key. For example, the Smart Transportation network needs to be logically segmented from other smart networks, such as user services, websites, or energy networks, etc. This aids in isolating an attacks, and allows for the advanced detection of data and threats as attacks and malware move from one network zone to the other. This also divides the smart city network into security zones, which aids in compliance, monitoring internal traffic and devices, and preventing unauthorized access to restricted data and resources.
Such segmentation will ensure that the majority of the IoT components deployed across the smart city only communicate with those devices and systems they should, and only talk in the protocols they have been assigned. This will also ensure that the interior network doesn’t get hacked and can’t participate in a DDoS attack.
In a similar way, other smart networks in the city can be segmented and isolated from each other, thereby avoiding the spread of malware and reducing the impact of any hacks and attacks. Further, smart cities must make include the ability of IoT equipment to support and control such traffic an essential purchasing requirement.
Increasing the Security in Smart Cities from the Outside: DDoS Attacks
While network segmentation will ensure that the internal network is protected and its integrity and availability are preserved, we need to increase the availability of the smart city’s Internet facing properties. DDoS attacks can be easily used to overwhelm this infrastructure. Depending on the size of the pipe, and expected worst-case scenarios, city IT teams must develop and implement and effective DDoS attack mitigation strategy. This may be comprised of either an over provisioned appliance solution, or a hybrid solution consisting of appliances combined with a cloud based scrubbing center.
An over provisioned appliance solution enables you to manage DDoS attacks that are larger than your normal bandwidth usage. For example, if your normal user traffic is 1 Gbps, develop a plan for a 20 Gbps DDoS attack that includes deploying an appliance to mitigate such attacks, and provision for such potential bandwidth requirements from your service provider. If the actual attack is expected to be larger than your service provider bandwidth, however, you may need a hybrid solution that includes a cloud-based scrubber that works closely with your DDoS appliance solution.
From Smart to Smarter
As time passes, smart cities will become even smarter as they learn from researchers, from each other, and from incidents that are bound to happen.
Queues and cash-only frustrate SA’s commuters
A new study by Visa reveals the success factors for improving travel and creating smarter cities
The use of cash-only payments was
Visa, in collaboration with Stanford University, came up with these findings in one of the largest global studies examining the growing demand for public and private transportation, and the important role digital commerce plays in driving sustainable growth.
According to the UN[i], by 2050, 68
Building on Visa’s experience working with transit operators, automotive companies and technology start-ups, Visa commissioned a global study, “The Future of Transportation: Mobility in the Age of the Megacity” to better understand the challenges commuters face today and in the future. The key findings were combined with a view of existing and near horizon innovations provided by experts at Stanford University, to better understand the technology gaps in addressing their pain points.
The South African Perspective
Payments lie at the heart of every form of
Aside from cash-only payments, another commuter frustration when paying for public transport has been long queues – 67% of Johannesburg commuters and 64% of Cape Town commuters. Over the last few years, a number of mobile-driven taxi-hailing apps have been launched in the South African market to counteract these concerns and commuters are open to the possibilities presented by mobile apps. The Visa study echoed this by showing that 77% of Johannesburg commuters and 76% of Cape Town commuters would be willing to try a consolidated app to make payments for public transport.
Mike Lemberger, SVP, Product Solutions Europe, Visa says: “The future success of our cities is intertwined with – and reliant on – the future of transportation and mobility. Visa and our partners have an important role to play, both in streamlining the payment experience for millions of commuters around the globe, and supporting public transportation authorities in their quest to build sustainable and convenient transportation solutions that improve the lives of the people who use it.”
Herman Donner, PhD and Postdoctoral Researcher from Stanford University co-authored the report and summarised: “When looking across the technology landscape, there already exist many products that could easily address people’s daily frustrations with travel. However, none of these solutions should be developed in isolation. A major challenge therefore lies in first identifying relevant technologies that provide suitable products for the market then managing implementation in conjunction with a broad set of stakeholder including mobility providers, technology companies, infrastructure owners and public transport agencies. From our research, we think that many of these small, incremental changes have the potential to make a significant difference in people’s daily travel, whether it’s to help find parking, get the best price to refuel their car or plan their journey on public transportation.”
Click here for the detailed global findings.
Women take to tech, but more needed
By HAIDI NOSSAIR, Marketing Director META, Dell Technologies
$12 trillion – that is the value in additional global GDP that remains locked behind the gender gap. This is according to the latest Women Matter report from McKinsey, which also reveals startling disparities in the workplace. Even though women make up more than half of the human population, only 37% contribute to GDP on average – and in some countries that proportion is significantly lower.
The reasons for this can be put in three areas. Fewer women – 650 million fewer than men – participate in the global labour force. Women are also more likely to be in part-time employment and thus work fewer hours. Finally, female employees are more common in lower-productivity sectors than in higher-productivity areas. Are women not being offered the opportunity or are they holding themselves back?
Among STEM careers this ratio is particularly dismal: only 24% of engineering professionals are women, and as few as 19% of careers in ICT are filled by women.
What is the cause of this? Studies have found that women pursuing STEM careers are higher in countries with more oppressive policies towards women, because those careers hold the promise for financial freedom and more social autonomy. In contrast, countries with progressive attitudes towards women tend to produce fewer female STEM graduates. Then how can we encourage women from early ages to take the path of STEM education? And how can organizations ensure women have equal opportunity at the hiring stages.
Certainly addressing gender inequality is crucial and must not stop.. Where women are increasingly more part of the workforce, there are often still barriers preventing them from assuming higher management roles. Female entrepreneurs often struggle more to gain investment capital. Corporate cultures are rarely aligned with the pressures of balancing work and family obligations. Decision makers may simply lack exposure to the potential of female candidates. Female pioneers have also argued that women are too risk-averse when compared to men.
Whether these assertions are true is a matter for debate – and that’s exactly why every professional man and woman should be talking about them and identify action to change the status-quo. This is not just about female rights, but about social upliftment: companies with a mixture of male and female leaders perform better across the board and companies in the top-quartile for gender diversity are 21% more likely to outperform on profitability.
The digital economy we live in today represent a golden opportunity for increased women contribution to the workforce as technology breaks the boundaries of location and time for the workplace and where labor intensive jobs may today be performed by data scientists.
For two days in March, top professionals will gather to talk and exchange ideas around creating more roles for women, larger appreciation for female professionals, as well as counter the attitudes among women holding them back from greater career success and autonomy.
If you want to be part of this conversation, join the Women in Tech Africa summit today at the Century City Conference Centre in Cape Town – learn more at https://www.women-in-tech-africa-summit.com/ and use the code DELL20 for a 20% discount.