Smart cities will help both the private and public sector excel in many areas, but as helpful they are, they also come with many security risks. PERRY HUTTON, Regional Vice President – Africa at Fortinet, outlines five security areas CIOs need to watch out for.
Car navigation systems that can predict where and when traffic jams might occur, by siphoning data from sensors in roads and other vehicles. Cameras that can spot litter in public places and call in the cleaning crew. Self-adjusting street lamps.
These are just a few of the scenarios that could become commonplace as smart cities take hold over the next few years. Driven by rising urbanisation and fuelled by technologies such as the Internet of Things (IoT) and data analytics, smart cities are on the cusp of explosive growth. Glasgow, Barcelona, Nice, New York City, London and Singapore have already embarked on the trek. The smart city technology market could be worth US$27.5 billion annually by 2023, according to Navigant Research.
Smart city initiatives are driven by public sector initiatives. However, they will have a big impact on businesses. CIOs will have to learn how to tap on the new connected city infrastructure for their business. Smart city technologies like IoT and data analytics are expected to drive innovative business ideas in the future.
But the new wave of smart city services and technologies are also expected to create new security vulnerabilities. Here are five areas CIOs should watch out for.
1. A further fragmentation of IT
The last few years saw a rapid proliferation of cloud services and mobile device adoption in the workplace. The trend has transformed business productivity. But it has also wrecked the tight-fisted control that CIOs used to be able to exert on their IT systems.
CIOs now have to grapple with the idea of employees using unsanctioned cloud services via unsecured phones to hook up to corporate servers and accessing sensitive business data. The expected explosion of IoT devices − researchers estimate that by 2020, the number of active wireless connected devices will exceed 40 billion worldwide − will result in a further fragmentation of IT in businesses.
Instead of fighting the losing battle of trying to lock down devices and services, CIOs should look at protecting the data. Look for IoT devices that offer device-to-device encryption. Consider implementing − as well as bolstering − comprehensive encryption schemes to protect data in networks, cloud services and endpoint devices.
2. Device vulnerabilities
In the past year, security researchers have exposed holes in Wi-Fi-enabled Barbie dolls, Jeep Cherokee cars, fitness trackers and other new-fangled connected devices. Fortinet’s FortiGuard Labs already see IoT based attacks on the radar and happening in real time around the world. This shows the risks that are coming as toys, wearables, cars and power grids get attached to sensors that are linked to a common network and the Web.
IoT will bring forth a larger surface attack. Hackers will eye IoT devices as a launching pad for ‘land-and-expand’ attacks. One scenario: hackers take advantage of vulnerabilities in connected consumer devices to get a foothold within the corporate networks and hardware to which they connect.
So how do CIOs protect against the risks of connected devices and their own IoT implementations? Short of physically separating such devices from all other network systems, they can consider deploying network-based protection schemes. Internal segmentation firewalls, or ISFWs, for instance, can mitigate the proliferation of threats inside the business network. They also need to employ an IoT network security solution which is capable of mitigating exploits against this growing and vulnerable attack surface. IoT vendors need to harden their products and develop proper product security (PSIRT) teams.
3. IoT gateways can be exploited
In a typical IoT deployment, the majority of connected devices will be always connected and always on. Unlike mobile phones and laptops, such devices are likely to go through only a one-time authentication process across multiple sessions. This will make them attractive to hackers looking to infiltrate into company networks, as it allows easy control and sniffing of traffic. Shoring up the security of the gateways that connect IoT devices is therefore a must. CIOs should map out where these gateways are and where they are linked to − they can reside internally or externally, and even be connected to IoT device manufacturers. There must also be a sound plan for updating security patches on these gateways, as well as the IoT devices.
4. Big data, more risks
If there is a constant in smart city deployments, it is that more data will be generated, processed and stored. Connected devices will generate huge data repositories. Businesses that adopt big data systems will see an even larger data deluge. Unfortunately, such data will also become attractive targets for corporate hackers. To protect huge amounts of data with large inflows and outflows, the bandwidth capabilities of security appliances will come to the fore. And when dealing with data analytics, it often isn’t just a single data set, but multiple repositories of data that may be combined and analyzed together by different groups of people. For instance, a pharmaceutical company’s research efforts may be open to employees, contractors and interns. This means individual access and auditing rights.
5. A new can of worms
New worms designed to attach to IoT devices will emerge − and they could wreak more havoc given the extended reach of the new converged networks. Conficker is an example of a worm that spread on PC’s in 2008 and is still persistent and prevalent in 2016. Likewise, worms and viruses that can propagate from device to device can be expected to emerge – particularly with mobile and the Android operating system. Embedded worms will spread by leveraging and exploiting vulnerabilities in the growing IoT and mobile attack surface. The largest botnet FortiGuard labs has witnessed is in the range of 15 million PC’s. Thanks to the internet of things, this can easily reach in excess of 50 million if the spread of IoT worms is not properly mitigated. Patch management, and network based security inspection – particularly intrusion prevention systems or IPS – that can block IoT worms is a must.
Earth 2050: memory chips for kids, telepathy for adults
An astonishing set of predictions for the next 30 years includes a major challenge to the privacy of our thoughts.
Buy 2050, most kids may be fitted with the latest memory boosting implants, and adults will have replaced mobile devices with direct connectivity through brain implants, powered by thought.
These are some of the more dramatic forecasts in Earth 2050, an award-winning, interactive multimedia project that accumulates predictions about social and technological developments for the upcoming 30 years. The aim is to identify global challenges for humanity and possible ways of solving these challenges. The website was launched in 2017 to mark Kaspersky Lab’s 20th birthday. It comprises a rich variety of predictions and future scenarios, covering a wide range of topics.
Recently a number of new contributions have been added to the site. Among them Lord Martin Rees, the UK’s Astronomer Royal, Professor at Cambridge University and former President of the Royal Society; investor and entrepreneur Steven Hoffman, Peter Tatchell, human rights campaigner, along withDmitry Galov, security researcher and Alexey Malanov, malware analyst at Kaspersky Lab.
The new visions for 2050 consider, among other things:
- The replacement of mobile devices with direct connectivity through brain implants, powered by thought – able to upload skills and knowledge in return – and the impact of this on individual consciousness and privacy of thought.
- The ability to transform all life at the genetic level through gene editing.
- The potential impact of mistakes made by advanced machine-learning systems/AI.
- The demise of current political systems and the rise of ‘citizen governments’, where ordinary people are co-opted to approve legislation.
- The end of the techno-industrial age as the world runs out of fossil fuels, leading to economic and environmental devastation.
- The end of industrial-scale meat production, as most people become vegan and meat is cultured from biopsies taken from living, outdoor reared livestock.
The hypothetical prediction for 2050 from Dmitry Galov, security researcher at Kaspersky Lab is as follows: “By 2050, our knowledge of how the brain works, and our ability to enhance or repair it is so advanced that being able to remember everything and learn new things at an outrageous speed has become commonplace. Most kids are fitted with the latest memory boosting implants to support their learning and this makes education easier than it has ever been.
“Brain damage as a result of head injury is easily repaired; memory loss is no longer a medical condition, and people suffering from mental illnesses, such as depression, are quickly cured. The technologies that underpin this have existed in some form since the late 2010s. Memory implants are in fact a natural progression from the connected deep brain stimulation implants of 2018.
“But every technology has another side – a dark side. In 2050, the medical, social and economic impact of memory boosting implants are significant, but they are also vulnerable to exploitation and cyber-abuse. New threats that have appeared in the last decade include the mass manipulation of groups through implanted or erased memories of political events or conflicts, and even the creation of ‘human botnets’.
“These botnets connect people’s brains into a network of agents controlled and operated by cybercriminals, without the knowledge of the victims themselves. Repurposed cyberthreats from previous decades are targeting the memories of world leaders for cyber-espionage, as well as those of celebrities, ordinary people and businesses with the aim of memory theft, deletion of or ‘locking’ of memories (for example, in return for a ransom).
“This landscape is only possible because, in the late 2010s when the technologies began to evolve, the potential future security vulnerabilities were not considered a priority, and the various players: healthcare, security, policy makers and more, didn’t come together to understand and address future risks.”
For more information and the full suite of inspirational and thought-provoking predictions, visit Earth 2050.
SAFTA awards get first streaming video nominees
The 2019 nominations for The South African Film and Television Awards (SAFTAs) were announced late last week, and for the first time in the 13-year history of the awards, a TV series produced for a video-on-demand service was in contention. The result was a surprise boost to streaming service Showmax.
The comedy series Tali’s Wedding Diary, which premiered in December 2017, represented a major step for the then two-year old streaming service. It was the debut Showmax Original, the first time Showmax ventured into producing its own content. The gamble paid off, with the show becoming the most watched of any series on its first day on Showmax, and now Tali’s Wedding Diary has been further recognised with seven SAFTA nominations, making it this year’s most nominated comedy.
“When we first floated the idea of Tali’s Wedding Diary, we joked about winning awards,” says Candice Fangueiro, Showmax’s head of content. “At that point, just getting our first Showmax Original off the ground was already a major challenge and it was more than we could hope for to actually hit it out of the park. I was stunned when I heard the news about the nominations – it’s amazing to be considered in the same company as these other shows and thanks to this we’re already seeing a fresh spike in Tali views.”
Tali’s Wedding Diary was also a first for co-creator and star Julia Anastasopoulos, who until then was best known as YouTube star SuzelleDIY. “I am so thrilled about the SAFTA nominations for Tali’s Wedding Diary,” says Julia, who is up for Best Actress – TV Comedy and Best Achievement in Scriptwriting – TV Comedy, along with her husband Ari Kruger and Daniel Zimbler.
“It was such a big and daunting step to create a full TV comedy series and intro a brand-new character. I really didn’t know how it would be received and am so happy to have received such positive feedback for the show and the Tali Babes character, along with the nominations. It feels so good to be recognised for something we poured our hearts into. None of it would have been possible, of course, without the incredible hard work and vision of my husband Ari and the incredible team, cast and crew that were part of the show. And a huge thank you to Showmax of course for making it all possible. Congratulations and best of luck to the entire team and to all the other nominees.”
Tali’s Wedding Diary is a mockumentary that follows Tali, a self-obsessed Joburg princess who’s moved to Cape Town and is planning her wedding to property-agent fiancé Darren (Anton Taylor). The series was inspired by Julia’s own wedding to Ari, her SuzelleDIY and Tali’s Wedding Diary co-creator, who is also up for Best Achievement In Directing – TV Comedy.
In addition to Julia and Ari’s nominations, Tali’s Wedding Diary is up for Best TV Comedy, Art Direction (Keren Setton), Cinematography (James Adey), and Editing (Richard Starkey). Winners will be announced on 2 March 2019 at Sun City Superbowl.
Following the success of Tali’s Wedding Diary, the second Showmax Original, The Girl From St Agnes, was released earlier this month. A third Showmax Original, Trippin With Skhumba, is slated for release at the end of February.
“With three Showmax Originals now under our belt and more on the way, we’d like to think this is the start of many more SAFTA nominations for shows from a streaming service,” concludes Candice.
South African content currently on Showmax has 110 nominations and includes the most nominated movie (Five Fingers With Marseilles), telenovela (The River), drama (Lockdown) and soap (Isibaya), with more SAFTA nominees scheduled for the coming months.