Cloud
5/26/2015
03:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Securing Smart Cities: Leading Security Experts Join Forces to Make Modern Cities Safer

Securing Smart Cities, a new not-for-profit global initiative, is being launched today. Backed by leading IT security researchers, companies and organizations, including IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance, the Securing Smart Cities initiative aims to solve the cybersecurity challenges smart cities face through collaboration and information sharing. The group will serve as a communications node for companies, governments, media outlets, not-for-profit initiatives, and individuals across the world involved in the creation, improvement, and promotion of smart and safe technologies for modern cities.

The concept of a smart city is very topical, and many organizations are working on intelligent solutions to make urban areas energy efficient, comfortable, environmentally friendly, and physically safe. Unfortunately, far fewer are considering the cybersecurity of these smart cities. The more IT organizations involved in creating a smart city, the greater the potential risk. If security is not addressed early on, the cost and complexity of a smart city could make it difficult to address problems. In the end, the city would be left vulnerable.

The Securing Smart Cities initiative seeks to prevent this outcome using a range of activities, such as:

  • Educating smart city planners and providers on the importance and cost benefits of security best practices
  • Collaborating with partners to share ideas and methodologies
  • Endorsing the significance and benefits of introducing security early into the development lifecycle of a project or plan
  • Fostering partnerships between cities, providers, and the security community
  • Creating standards, guidelines, and resources to help improve cybersecurity across all areas related to smart cities

Participants in Securing Smart Cities believe that the initiative will help efficiently and responsibly share knowledge about the cybersecurity of modern cities. It will connect vendors of infrastructure automation equipment with security researchers ready to validate the secure functioning of these products. It will also bring city authorities together with the security community to collaboratively solve new cybersecurity problems.

“The cybersecurity of a modern, smart city is not something you can solve on your own. The concept involves so many different technologies communicating with each other in so many ways, that the only way to predict and eliminate all possible security issues is through collaboration between experts around the world. This is what Securing Smart Cities is for,” said Cesar Cerrudo, CTO for IOActive and Board Member of Securing Smart Cities.

“Smart cities present a tremendous opportunity for growth, sustainability, and social improvement. However, the projects can’t just be smart, they also need to be safe. Enabling embedded technologies and leveraging the Internet of Things in city infrastructure brings forth risk that must be considered and monitored to maintain safety for citizens. We want to work with city planners and builders to raise awareness about cyberthreats and share information on how to mitigate those threats before they can impact the public,” said Chris Rouland, Founder and CEO of Bastille and Board Member of Securing Smart Cities.

“Securing Smart Cities aims to solve cyber-problems at every stage of a smart city’s development: from planning through to the actual implementation of smart technologies. We encourage city authorities, equipment and software vendors, as well as security researchers to join the discussion,” said Patrick Nielsen, Principal Security Researcher at Kaspersky Lab and Board Member of the Securing Smart Cities initiative.

For more information, and to see the most recent updates on Secure Smart Cities activities, please visit: http://securingsmartcities.org.

About IOActive

IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide. Learn more at www.kaspersky.com.

About Bastille

Based in Atlanta and launched in 2014, Bastille is pioneering Internet of Things (IoT) security with next-generation security sensors and wireless emission detection, allowing corporations to accurately quantify risk and mitigate 21st century airborne threats. Through its proprietary technology, Bastille helps enterprise organizations protect cyber and human assets while providing unprecedented visibility of IoT devices that could pose a threat to network infrastructure. Currently in pilot testing, Bastille expects general availability in 2015. For more information, visit www.bastille.io and follow @BastilleNet on Twitter.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. For more information, visit https://cloudsecurityalliance.org

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report "Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbannan100
50%
50%
kbannan100,
User Rank: Apprentice
5/27/2015 | 1:57:59 PM
Good news!
This is good news! I wonder how many other vendors will get involved. I think the more vendors who get involved, the better things will be. 

--KB
Karen J. Bannan, commenting on behalf of IDG and FireEye.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.