IoT and Smart Cities have become terms we are all too familiar with, but looking at the rate at which they grows, we cannot ignore the growth of the attack areas, writes PAUL WILLIAMS, Country Manager SADC, Fortinet.
Smart cities are being planned the world over. Technology development always goes through two phases for any new discipline: First – tools are developed, and infrastructure is built and enabled. And second – the technology is scaled up. In the case of smart cities, we are in the first phase, where many of the kinks and challenges are still being ironed out.
Here are some examples of services a smart city might provide:
· Coordinated energy control of air conditioners at homes during hot summer days to manage and preserve city power resources
· Directed local discounts in retail and restaurants to avoid city congestion
· An automatic fee for driving a vehicle during highly congested periods
· A smart directed parking app that automatically discounts congestion charges for parking in specific parking lots
· Real-time sensor data to warn citizens affected by allergens and irritants
· Real-time sensor data of standing water for mosquito breeding, etc.
· Vehicle-to-vehicle communication, autonomous driving technology, and infrastructure with embedded sensors to warn of things like imminent traffic jams, construction, best routes for navigation during emergencies, etc. based on real-time traffic patterns.
To enable such services, smart cities will need to deploy plenty of IoT devices and services for metering, sensing, and controlling.
The Attack Surface of Smart Cities
The increase in the size of a smart city’s IoT device footprint corresponds to an increase in the size of its attack surface.
As was seen recently in a series of IoT-based denial of service attacks, IoT devices can be compromised and hijacked into a Shadownet (an IoT-based botnet that can’t be seen or tracked using normal browsers or tools) and controlled by a command and control (C&C) center run by hackers. Alternatively, these devices and services may be attacked in order to deny services to legitimate users.
Here are some examples of what hackers and attackers can do:
· Take control of parking, traffic lights, signage, street lighting, and automated bus stops, etc. For example, changing highway signs to read “terrorist threat in area” or “danger, toxic spill ahead” could seriously disrupt traffic and cause panic among drivers.
· Direct all cars and buses to a specific area to create congestion and gridlock.
· Disable local transportation, thereby disrupting businesses and services, such as banking, because employees can’t get to work.
· Open causeways to spill sewage and untreated waste water into parks, rivers, and communities.
· Cut off access to drinking water.
· Send fake SMS directing to people to a specific location, such as a targeted business or government agency
· Remotely switching off air conditioners or furnaces during extreme temperature days
· Randomly turning on fire and burglar alarms throughout the city
Increasing the Security in Smart Cities from the Inside
While it’s not possible to secure every possible security breach in a totally connected environment, it doesn’t mean we need to go back to the Stone Age. Instead, it’s possible to take some key initial steps to strengthen the smart city’s security posture and architecture:
· Use strong encryption
· Design systems that have strong protection against tampering.
· Provide strong access control, authentication, and authorization
· Maintain detailed logging of activities
· Segment services for individual sub-systems, and then aggregate and pool data that you want to make publicly accessible
· Create centralized management, analysis, and control systems through segmented and secured administration channels to troubleshoot problems
· Set baseline standards that trigger alarms or require manual override when thresholds are crossed or anomalous behavior is detected, such as rerouting traffic or disabling water treatment.
Segmentation is the Key
With a complex smart city network, segmentation is the key. For example, the Smart Transportation network needs to be logically segmented from other smart networks, such as user services, websites, or energy networks, etc. This aids in isolating an attacks, and allows for the advanced detection of data and threats as attacks and malware move from one network zone to the other. This also divides the smart city network into security zones, which aids in compliance, monitoring internal traffic and devices, and preventing unauthorized access to restricted data and resources.
Such segmentation will ensure that the majority of the IoT components deployed across the smart city only communicate with those devices and systems they should, and only talk in the protocols they have been assigned. This will also ensure that the interior network doesn’t get hacked and can’t participate in a DDoS attack.
In a similar way, other smart networks in the city can be segmented and isolated from each other, thereby avoiding the spread of malware and reducing the impact of any hacks and attacks. Further, smart cities must make include the ability of IoT equipment to support and control such traffic an essential purchasing requirement.
Increasing the Security in Smart Cities from the Outside: DDoS Attacks
While network segmentation will ensure that the internal network is protected and its integrity and availability are preserved, we need to increase the availability of the smart city’s Internet facing properties. DDoS attacks can be easily used to overwhelm this infrastructure. Depending on the size of the pipe, and expected worst-case scenarios, city IT teams must develop and implement and effective DDoS attack mitigation strategy. This may be comprised of either an over provisioned appliance solution, or a hybrid solution consisting of appliances combined with a cloud based scrubbing center.
An over provisioned appliance solution enables you to manage DDoS attacks that are larger than your normal bandwidth usage. For example, if your normal user traffic is 1 Gbps, develop a plan for a 20 Gbps DDoS attack that includes deploying an appliance to mitigate such attacks, and provision for such potential bandwidth requirements from your service provider. If the actual attack is expected to be larger than your service provider bandwidth, however, you may need a hybrid solution that includes a cloud-based scrubber that works closely with your DDoS appliance solution.
From Smart to Smarter
As time passes, smart cities will become even smarter as they learn from researchers, from each other, and from incidents that are bound to happen.
Deezer to host Hotstix’s Mandela tribute playlist
Deezer is celebrating Nelson Mandela on the centenary of his birthday by hosting a tribute playlist created by music legend Sipho “Hotstix” Mabuse.
Mabuse, a legendary figure in African music, first rose to prominence in the 1970s with his band Harari and later developed a name for himself as a solo artist. One of his best known songs was the global hit BurnOut in the 1980s.
The playlist takes the listener on a captivating musical journey through the life of Nelson Mandela. It was compiled by Mabuse, who consulted with Mandela’s family and friends to ensure that the music would be relevant and accurate. The playlist also features commentary by Mabuse, which was recorded in his Soweto home.
“I have tried to tell the story of the music that Madiba loved,” says Mabuse. “The Playlist excludes the time in prison obviously, as Madiba would not have had exposure to music in that time. We have focused on the music we know he loved before and after that period. This recording was really an emotional journey for me, but an incredible opportunity to document these memories.”
The playlist features the music the young Mandela loved, such as The Manhattan Brothers, Solomon Linda, Brenda Fassie and Miriam Makeba. It includes struggle songs from Chicco, Johnny Clegg, Hugh Masekela and Yvonne Chaka Chaka. The playlist also includes Mandela by Zahara, one of the younger artists who caught Madiba’s ear.
Mabuse also offers stories of his own songs, such as Shikisha, a song greatly beloved by the former President.
“I was delighted to share my thoughts and hope the listeners enjoyed the musical journey,” says Mabuse. “Madiba did enjoy music immensely and we all have a purpose wherever we are in the world to celebrate culture and to learn from different cultures and music forms and styles.”
This playlist was inspired by the Nelson Mandela 100 campaign, calling on corporates and individuals to act as sources of inspiration and engage in conversation and action.
Sports streaming takes off
Live streaming of sports is coming of age as a mainstream method of viewing big games, as the latest FIFA World Cup figures from the UK show. Africa isn’t yet at the same level when it comes to the adoption of sports streaming, but usage is clearly moving in the right direction.
England’s World Cup quarter-final against Sweden was watched by just under 20 million viewers in the UK via BBC One. While this traditional broadcast audience was huge, it was streaming that broke records: the game was the BBC’s most popular online-viewed live programme ever, with 3.8 million views. In Africa, the absolute numbers are lower but the trend towards streaming major sports events on the continent is also well under way.
According to DStv, live streaming of sports dominates the usage figures for its live and recorded TV streaming app, DStv Now. The number of people using the app in June was five times higher than a year ago, with concurrent views peaking during major football and rugby games.
Since the start of the World Cup, average weekday usage of DStv Now is up 60%. The absolute peak in concurrent usage for one event was reached on 26 June, during the Nigeria vs Argentina game. The app’s biggest ever test was on 16 June with both Springbok Rugby and World Cup Football under way at the same time, resulting in concurrent in-app views seven times higher than the peaks seen in June last year.
The World Cup has also been a major reason for new users to download and try out the app. First-time app user volumes have tripled on Android and doubled on iOS since the start of the tournament.
“While we expected live sports streaming to take off, it’s also been pleasing to see that the app is really popular for watching shows on Catch Up,” says MultiChoice South Africa Chief Operating Officer Mark Rayner. “Interestingly, some of the most popular Catch Up shows are local, with Isibaya, Binnelanders, The Queen and The River all getting a significant number of views.”
With respect to app usage, the web and Android apps are the most popular way to watch DStv Now, with Android outpacing iOS by a factor of 2:1.
“We’re continuing to develop DStv Now, with 4k streaming in testing and smart TV and Apple TV apps on their way shortly,” says Rayner. “The other key priority for us is working with the telcos to deliver mobile data propositions that make watching online painless and worry-free for our customers.”
The DStv Now app is free to all 10 million DStv customers in Africa. The app streams DStv live channels as well as supplying an extended Catch Up library. Two separate streams can be watched on different devices simultaneously, and content can also be downloaded to smartphones and tablets. The content available on the app varies according to the DStv package subscribed to.