San Leandro, Calif. deploys ‘moving target data protection’ to streetlight network
One of the biggest challenges information technology officials face in managing “smart city” infrastructure, such as networks of connected streetlights, is that they expand a government’s potential to be targeted in a cyberattack. But San Leandro, California, is deploying a new security tool on its network of 4,730 streetlights that the tool’s developer says turns each of those devices into a security asset rather than a liability.
The San Francisco suburb entered a $40,000 contract with CryptoMove last year to audit its security, establish a lab for testing new security technologies that might be applied to city agencies and to secure the city’s streetlight network using proprietary software the company calls “moving target data protection.”
CryptoMove co-founder Mike Burshteyn said that his company’s program fragments and then encrypts sensitive data — in San Leandro’s case, the streetlights’ security keys — and moves the pieces around the city’s computer network.
“Imagine taking a secret and disintegrating it and turning a fan on in the room,” Burshteyn said. “And it’s constantly shifting, so if the attacker manages to grab a piece of the data, by the time they get the next one, it’s been re-encrypted, so it doesn’t add up.”
Authorized users can recombine the data, and an attacker who steals an authorized user’s credentials could still potentially gain access to that data, but Burshteyn said the idea is to eliminate the attack vector that tends to worry city administrators most when dealing with complex “internet of things” systems. In fact, the addition of each new device to a network using moving target data protection makes it more secure because that makes one more place an attacker would need to look to ensure every scrap of data has been found, he said.
“A lot of the innovation around data security has been ‘lets make the algorithm stronger,'” he said. “We flipped it and said ‘let’s just make the data a moving target.'”
CryptoMove initially developed its technology to help the Department of Homeland Security and U.S. Air Force secure drones. San Leandro’s IT director, Tony Batalla, told StateScoop that he realized it was the perfect way to protect his city’s mesh network of LED streetlights, which were first planned back in 2014 as a way to save energy.
“I realized I didn’t know the security implications of having tall these sensors out in the city now,” Batalla said. “If we’re introducing something in the future, we don’t know if someone can backdoor using the streetlights.”
A citywide security audit from CryptoMove validated Batalla’s fears.
“Yes, your streetlights can be hacked into and we did [enter your network],” Batalla recalled the vendor telling him, noting that the company didn’t actually hack the city’s streetlights, but did force its way onto the city’s network.
Batalla said CryptoMove employees were able to penetrate the city’s network and simulate a botnet attack — a network of distributed devices that can be used to perform denial of service attacks or other malicious activity — that caught the attention of Google, which notified him at 2 a.m. that a botnet, while probably not malicious, was active on his network. Gaining knowledge of that security gap alone was worth the price of the contract, he said.
“If every investment had that kind of ROI, I’d be very happy,” Batalla said.
San Leandro also wants to position itself as model for IoT security. Its next step is to launch a lab-type environment for proving out common uses of CryptoMove’s technology that could be applied to other cities. Through a partnership with the Institute for Security and Open Methodologies and the National Institute of Standards and Technology, Burshteyn and Batalla said they hope to develop a case study that can help cities across the country repel attacks against their connected infrastructure.
Batalla said one of the biggest challenges cities face in forming this type of solution is ensuring it’s something a city can maintain itself without too much outside assistance.
“We don’t want to just throw new tech on our critical systems,” he said. “We want to demonstrate how we can secure these highly critical systems in a way that’s safe and that our staff can manage.”
This story was updated on Jan. 23, 2019 to clarify that CryptoMove never hacked into the city’s streetlights, only the city network.