Technology is intruding into everything - some of it valuable and useful, others not so - but our cities function much dependant on computer operated systems Water, traffic lights, lighting in general, power generation, etc. etc. That immediately makes them more than vulnerable to a cyber attack. It seems though, that authorities, certainly in American cities, are doing little to protect their infrastructure and citizens from the calamity of a cyber attack on systems.
"Last year, Cesar Cerrudo, an Argentine security researcher, began pointing out critical vulnerabilities in America’s so-called smart cities, where wireless sensors control a growing portion of city infrastructure from traffic lights to water and waste management systems.
One year later, Mr. Cerrudo discovered that little had been done to patch those basic vulnerabilities, even as cities around the world poured billions of dollars into bringing more of their basic infrastructure online. Without renewed focus on security, he and other researchers warn, those cities are just creating larger and larger targets for nation states and cyberterrorists.
“What I found is that there are a lot of security problems — the situation is really bad — but I didn’t want to just point out problems without offering solutions,” Mr. Cerrudo said.
In response, on Tuesday, he and others from IOActive Labs; Kaspersky Lab, the Russian cybersecurity company; and a growing list of security experts will announce a new Securing Smart Cities initiative. Their goal is to bring private security researchers and public administrators together to set up basic cybersecurity checklists for smart cities, including properly installed encryption, passwords and systems that can be easily patched for security holes.
They are also seeking to set up better security requirements and approval procedures for the vendors who install, monitor and oversee crucial systems. They want to track access to smart city systems; run regular tests to look for loopholes; and set up emergency response teams that can funnel reports of vulnerabilities from security researchers, coordinate patches and share that information with other cities. They also want to create manual overrides for all smart city systems, in the event they are compromised.
Surprisingly, as it stands, there is no such comprehensive system for vetting security and responding to cyberattacks at the city level."
"Last year, Cesar Cerrudo, an Argentine security researcher, began pointing out critical vulnerabilities in America’s so-called smart cities, where wireless sensors control a growing portion of city infrastructure from traffic lights to water and waste management systems.
One year later, Mr. Cerrudo discovered that little had been done to patch those basic vulnerabilities, even as cities around the world poured billions of dollars into bringing more of their basic infrastructure online. Without renewed focus on security, he and other researchers warn, those cities are just creating larger and larger targets for nation states and cyberterrorists.
“What I found is that there are a lot of security problems — the situation is really bad — but I didn’t want to just point out problems without offering solutions,” Mr. Cerrudo said.
In response, on Tuesday, he and others from IOActive Labs; Kaspersky Lab, the Russian cybersecurity company; and a growing list of security experts will announce a new Securing Smart Cities initiative. Their goal is to bring private security researchers and public administrators together to set up basic cybersecurity checklists for smart cities, including properly installed encryption, passwords and systems that can be easily patched for security holes.
They are also seeking to set up better security requirements and approval procedures for the vendors who install, monitor and oversee crucial systems. They want to track access to smart city systems; run regular tests to look for loopholes; and set up emergency response teams that can funnel reports of vulnerabilities from security researchers, coordinate patches and share that information with other cities. They also want to create manual overrides for all smart city systems, in the event they are compromised.
Surprisingly, as it stands, there is no such comprehensive system for vetting security and responding to cyberattacks at the city level."
Comments