Cloud

5/26/2015
03:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Securing Smart Cities: Leading Security Experts Join Forces to Make Modern Cities Safer

Securing Smart Cities, a new not-for-profit global initiative, is being launched today. Backed by leading IT security researchers, companies and organizations, including IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance, the Securing Smart Cities initiative aims to solve the cybersecurity challenges smart cities face through collaboration and information sharing. The group will serve as a communications node for companies, governments, media outlets, not-for-profit initiatives, and individuals across the world involved in the creation, improvement, and promotion of smart and safe technologies for modern cities.

The concept of a smart city is very topical, and many organizations are working on intelligent solutions to make urban areas energy efficient, comfortable, environmentally friendly, and physically safe. Unfortunately, far fewer are considering the cybersecurity of these smart cities. The more IT organizations involved in creating a smart city, the greater the potential risk. If security is not addressed early on, the cost and complexity of a smart city could make it difficult to address problems. In the end, the city would be left vulnerable.

The Securing Smart Cities initiative seeks to prevent this outcome using a range of activities, such as:

  • Educating smart city planners and providers on the importance and cost benefits of security best practices
  • Collaborating with partners to share ideas and methodologies
  • Endorsing the significance and benefits of introducing security early into the development lifecycle of a project or plan
  • Fostering partnerships between cities, providers, and the security community
  • Creating standards, guidelines, and resources to help improve cybersecurity across all areas related to smart cities

Participants in Securing Smart Cities believe that the initiative will help efficiently and responsibly share knowledge about the cybersecurity of modern cities. It will connect vendors of infrastructure automation equipment with security researchers ready to validate the secure functioning of these products. It will also bring city authorities together with the security community to collaboratively solve new cybersecurity problems.

“The cybersecurity of a modern, smart city is not something you can solve on your own. The concept involves so many different technologies communicating with each other in so many ways, that the only way to predict and eliminate all possible security issues is through collaboration between experts around the world. This is what Securing Smart Cities is for,” said Cesar Cerrudo, CTO for IOActive and Board Member of Securing Smart Cities.

“Smart cities present a tremendous opportunity for growth, sustainability, and social improvement. However, the projects can’t just be smart, they also need to be safe. Enabling embedded technologies and leveraging the Internet of Things in city infrastructure brings forth risk that must be considered and monitored to maintain safety for citizens. We want to work with city planners and builders to raise awareness about cyberthreats and share information on how to mitigate those threats before they can impact the public,” said Chris Rouland, Founder and CEO of Bastille and Board Member of Securing Smart Cities.

“Securing Smart Cities aims to solve cyber-problems at every stage of a smart city’s development: from planning through to the actual implementation of smart technologies. We encourage city authorities, equipment and software vendors, as well as security researchers to join the discussion,” said Patrick Nielsen, Principal Security Researcher at Kaspersky Lab and Board Member of the Securing Smart Cities initiative.

For more information, and to see the most recent updates on Secure Smart Cities activities, please visit: http://securingsmartcities.org.

About IOActive

IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide. Learn more at www.kaspersky.com.

About Bastille

Based in Atlanta and launched in 2014, Bastille is pioneering Internet of Things (IoT) security with next-generation security sensors and wireless emission detection, allowing corporations to accurately quantify risk and mitigate 21st century airborne threats. Through its proprietary technology, Bastille helps enterprise organizations protect cyber and human assets while providing unprecedented visibility of IoT devices that could pose a threat to network infrastructure. Currently in pilot testing, Bastille expects general availability in 2015. For more information, visit www.bastille.io and follow @BastilleNet on Twitter.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. For more information, visit https://cloudsecurityalliance.org

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report "Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbannan100
50%
50%
kbannan100,
User Rank: Apprentice
5/27/2015 | 1:57:59 PM
Good news!
This is good news! I wonder how many other vendors will get involved. I think the more vendors who get involved, the better things will be. 

--KB
Karen J. Bannan, commenting on behalf of IDG and FireEye.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.