San Francisco's new CISO comes from Kaiser Permanente, Deloitte
January 18, 2018
The recent hire fills a gap in the city's IT security leadership that been left without a full-time replacement since May.
A new analysis from Trend Micro identifies the best ways for cities to protect their systems, data and critical services.
Jason Shueh is a tech editor at StateScoop with a specialty for civic tech and smart city news. His articles and writing have covered numerous subj...
IT security firm Trend Micro details the new threats that cities will face and provides a 10-step cybersecurity checklist in a report released Tuesday.
The checklist advocates for techniques like designing manual overrides for crucial systems and creating enough fail-safes so one connected system can’t jeopardize others.
The researchers also dissected smart city hazards into five top areas to watch: energy, transportation, connectivity, the environment and systems used for governance. Hackers might assault power grids or disrupt emergency medical services. Hacked traffic signals might cause fatal accidents. Waste water smart valves may be forced to overflow — and the list goes on.
Proposing ways to reduce such calamities, Trend Micro Vice President of Cloud Research Mark Nunnikhoven said the company devised the checklist as a kind of playbook.
“The increased connectivity provides more value to the citizens of the city but it also increases the potential return for any attacker,” Nunnikhoven said. “If one system is compromised, attackers can potentially compromise other systems in turn.”
To get ahead of issues, he stressed that cities must accept likely attacks from beginning to end of any project — from the design-and-build phases through the rest of the life cycle of the technology.
“Security works best when it’s applied to all aspects of a system and built in from the start. Using a layered defense makes sure that there are no particular weak points or single points of failure,” Nunnikhoven said.
Based on priority, Nunnikhoven ordered the 10 steps as follows. More details on each can be found in the full report.
Nunnikhoven notes that priorities one through three relate to design and build time concerns, four through six are undertaken when nearing launch and seven through 10 deal with the operations and ongoing lifecycle of smart city infrastructure.