Cesar Cerrudo, chief technology officer at IOActive Labs, says "smart city" technologies that can control everything from traffic lights to water management systems are vulnerable to cyberattacks.
Last year, Cerrudo demonstrated that traffic control sensors installed in cities such as Washington, D.C., New York, and San Francisco could be attacked because their traffic systems were not encrypted. Just last week, Cerrudo found traffic sensors in San Francisco were still unencrypted.
Cerrudo says he also is finding numerous problems in other smart city products. Issues range from weak or no encryption and software bugs to vulnerabilities to distributed denial-of-service attacks.
He notes attacks on smart city products are not just hypothetical. Several reports over the last year have revealed hacker groups targeting smart city technologies, often in the energy sector.
Cerrudo says municipal leaders need to address the security of smart city technologies the way a corporate network might. He recommends adopting basic security measures such as encryption, passwords, and patching mechanisms. He also recommends cities create computer emergency response teams to address security incidents, coordinate responses, and share threat information.
Other suggestions include having cities restrict access to their data and monitor those who have access, and conduct regular penetration tests to learn where they may be exposed.
From The New York Times
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found