Pages

Friday, June 26, 2015

Keeping Smart Cities Smart – Preempting Emerging Cyber Attacks in U.S. Cities

Yearly Archives: 2015




in U.S. Cities


4
The Institute for Critical Infrastructure Technology, working closely with IOActive and other Fellows, has published its latest legislative briefing titled “Keeping Smart Cities Smart: Preempting Emerging Cyber Attacks in U.S. Cities“.   As more and more U.S. cities adopt ‘smart’ technologies,  America finds its urban centers  increasingly at risk for cyber-attacks which could bring entire cities to a standstill, wreak havoc for citizens and cost billions for governments and the private sector.
In this analysis, ICIT identifies the various types of technologies that are used in smart cities and how each type of technology is vulnerable to an attack (including likely attack scenarios).  The report closes by making recommendations on what vendors and policy makers must do to ensure that the technologies manufactured for use in smart cities are adequately secure.
This brief was sent to members of the House of Representatives Homeland Security Committee and Cybersecurity Caucus, presented to Representatives and Senators including Senators Markey and Alexandar and Congressmans Marchant, Ratcliffe and Langevin, federal agencies and select ISACs and DHS Sector Coordinating Councils.
The following experts contributed to this brief:
Author:
  • Cesar Cerrudo, ICIT Fellow (CTO, IOActive)
Contributions by:
  • James Scott (ICIT Senior Fellow – Institute for Critical Infrastructure Technology)
  • Drew Spaniel (ICIT Visiting Scholar, Carnegie Mellon University)
  • Chris Schumacher (ICIT Fellow – Sr. Technology Consultant, New Light Technologies)

2
This week the Institute for Critical Infrastructure Technology held a Lunch and Learn called “Securing Data for Today’s Federal Agency” which focused on the increasingly daunting task of protecting federal data in an age of information sharing and increased threats both inside and outside an agency.  An all-star cast of current and former federal agency leaders along with ICIT Fellows and industry partners shared cutting edge strategies, technologies and best practices to guide agencies through the uncertainty they face as they work to protect their assets.
Some of the key takeaways from the session included:
1. The importance of encrypting your data using technologies that enable the data owner to revoke access
2. Understanding the difference between secure information sharing and creating cultures of trusted information sharing
3. Accepting that there is no way to prevent data leakage from happening, so the mindset must change to ‘how do I gain better control over data knowing I will eventually lose control?”
4. The importance of integrating the various security products an agency uses into one security system, and taking the knowledge gleaned from that system and delivering it into the hands of end users who can use it to make decisions to protect the network and its assets
5. The emergence of predictive technologies like Behavioral Analytics which are providing agencies the ability to foresee breaches and prevent them from occurring

A special thanks to our Fellow Dan Skinner (Federal Practice Manager, WatchDox by Blackberry) and to Richard Spires (CEO, Resilient Networks; Former CIO, U.S. Department of Homeland Security) for hosting the Luncheon.

No comments:

Post a Comment

Comments always welcome!