Application Security

8/28/2017
02:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NIST, DHS Join Forces to Create Cybersecure Communities Around the Globe

The groups jointly sponsor the 2018 Global City Teams Challenge (GCTC).

Gaithersburg, MD - The National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) will jointly sponsor the 2018 Global City Teams Challenge(GCTC), which will focus on designed-in cybersecurity for “smart city” systems that are more secure, reliable, resilient and protective of privacy.

Launched in 2014, the GCTC helps communities partner with innovators who use networked technologies to solve problems, which range from mass transit improvement to energy management to disaster response. The more than 100 existing GCTC collaborations worldwide have allowed cities to use wireless sensors to test water mains for leaks or to dim the streetlights when a sidewalk is empty of pedestrians. These innovations involve linking computer systems with physical devices, forming an Internet of Things (IoT), an approach that sits at the heart of the effort to create smart cities. Smart city initiatives represent a combined market potential of $1.5 trillion according to some estimates.

But as communities make use of these complex device networks, how can they secure themselves against the risk of cyberattack? Addressing this question is the goal of the new phase of the GCTC, dubbed the “Smart and Secure Cities and Communities Challenge” (SC3) by NIST and DHS’s Science and Technology Directorate (S&T), whose Cyber Security Division (CSD) is leading the agency’s GCTC participation.

"The GCTC has been extremely successful in creating partnerships between cities and companies," said Chris Greer, director of NIST’s Smart Grid and Cyber-Physical Systems Program. "But we need cybersecurity and trustworthiness in the projects themselves. So, we’re taking on the new challenge of helping the teams converge on secure solutions."

The partnership will take advantage of the strengths each agency brings to the table, said Douglas Maughan, director of the DHS S&T CSD.

"NIST has good ties to the smart city ecosystem, including local communities and technology companies," he said. "DHS S&T CSD has excellent connections to the cybersecurity industry and to cybersecurity researchers. The SC3 is designed to connect these groups so that our smart city solutions will be reliable and resilient, and will also protect our privacy."

Participation in SC3 has been confirmed from companies including AT&T, Verizon and Motorola Solutions.

Like all partnerships formed via the GCTC, companies and cities will work together on a voluntary basis as volunteers, and there will be no formal requirements. However, the SC3 will encourage teams to treat cybersecurity as a first-order consideration in designing and implementing smart city applications.

"We also will be encouraging innovators from the cybersecurity industry and research communities—which have had limited connections to the smart city ecosystem in the past—to help teams understand how cybersecurity can be incorporated," Maughan said. "Strategically, communities should take time to understand the possible threats and then adjust their particular systems iteratively to deal with them."

The new phase of the Challenge will be announced at the 2017 GCTC Expo, which will bring together more than 100 existing teams from around the world to exhibit their smart city projects and the benefits to their communities. The free event will be held August 28-29, at the Walter E. Washington Convention Center in Washington, D.C. The preliminary agenda and registration details are available online. The Expo will include a partner workshop on August 29, hosted by DHS S&T to discuss SC3 details.

International participants will include cities in Finland, France, Ireland, Italy, Japan, Korea, Nigeria, Portugal, Taiwan and the United Kingdom. Five pavilions—on transportation, public safety, utilities, city data platform and public WiFi/broadband—will present real-world examples gleaned from cities around the world.

A major long-term goal of the GCTC is to promote the emergence of a robust marketplace of replicable, standards-based IoT solutions available to communities worldwide to meet their smart city needs. New public-private partnerships, formed through the GCTC process, provide one means to meet that goal.  For example, Amazon Web Services will offer GCTC teams the opportunity to post their solutions on its Amazon Web Services Marketplace, where community managers can search for IoT-based services online.

"Our overall goal with the Challenge is very much the same as before—to help more communities and companies partner for mutual benefit," Greer said. "We hope NIST and DHS’s new partnership will help the teams make the world not only more livable and workable, but safer from the cyber threat that affects us all."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Be a unicorn, not a donkey...
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.