Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/26/2015
03:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Securing Smart Cities: Leading Security Experts Join Forces to Make Modern Cities Safer

Securing Smart Cities, a new not-for-profit global initiative, is being launched today. Backed by leading IT security researchers, companies and organizations, including IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance, the Securing Smart Cities initiative aims to solve the cybersecurity challenges smart cities face through collaboration and information sharing. The group will serve as a communications node for companies, governments, media outlets, not-for-profit initiatives, and individuals across the world involved in the creation, improvement, and promotion of smart and safe technologies for modern cities.

The concept of a smart city is very topical, and many organizations are working on intelligent solutions to make urban areas energy efficient, comfortable, environmentally friendly, and physically safe. Unfortunately, far fewer are considering the cybersecurity of these smart cities. The more IT organizations involved in creating a smart city, the greater the potential risk. If security is not addressed early on, the cost and complexity of a smart city could make it difficult to address problems. In the end, the city would be left vulnerable.

The Securing Smart Cities initiative seeks to prevent this outcome using a range of activities, such as:

  • Educating smart city planners and providers on the importance and cost benefits of security best practices
  • Collaborating with partners to share ideas and methodologies
  • Endorsing the significance and benefits of introducing security early into the development lifecycle of a project or plan
  • Fostering partnerships between cities, providers, and the security community
  • Creating standards, guidelines, and resources to help improve cybersecurity across all areas related to smart cities

Participants in Securing Smart Cities believe that the initiative will help efficiently and responsibly share knowledge about the cybersecurity of modern cities. It will connect vendors of infrastructure automation equipment with security researchers ready to validate the secure functioning of these products. It will also bring city authorities together with the security community to collaboratively solve new cybersecurity problems.

“The cybersecurity of a modern, smart city is not something you can solve on your own. The concept involves so many different technologies communicating with each other in so many ways, that the only way to predict and eliminate all possible security issues is through collaboration between experts around the world. This is what Securing Smart Cities is for,” said Cesar Cerrudo, CTO for IOActive and Board Member of Securing Smart Cities.

“Smart cities present a tremendous opportunity for growth, sustainability, and social improvement. However, the projects can’t just be smart, they also need to be safe. Enabling embedded technologies and leveraging the Internet of Things in city infrastructure brings forth risk that must be considered and monitored to maintain safety for citizens. We want to work with city planners and builders to raise awareness about cyberthreats and share information on how to mitigate those threats before they can impact the public,” said Chris Rouland, Founder and CEO of Bastille and Board Member of Securing Smart Cities.

“Securing Smart Cities aims to solve cyber-problems at every stage of a smart city’s development: from planning through to the actual implementation of smart technologies. We encourage city authorities, equipment and software vendors, as well as security researchers to join the discussion,” said Patrick Nielsen, Principal Security Researcher at Kaspersky Lab and Board Member of the Securing Smart Cities initiative.

For more information, and to see the most recent updates on Secure Smart Cities activities, please visit: http://securingsmartcities.org.

About IOActive

IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide. Learn more at www.kaspersky.com.

About Bastille

Based in Atlanta and launched in 2014, Bastille is pioneering Internet of Things (IoT) security with next-generation security sensors and wireless emission detection, allowing corporations to accurately quantify risk and mitigate 21st century airborne threats. Through its proprietary technology, Bastille helps enterprise organizations protect cyber and human assets while providing unprecedented visibility of IoT devices that could pose a threat to network infrastructure. Currently in pilot testing, Bastille expects general availability in 2015. For more information, visit www.bastille.io and follow @BastilleNet on Twitter.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. For more information, visit https://cloudsecurityalliance.org

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report "Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
5/27/2015 | 1:57:59 PM
Good news!
This is good news! I wonder how many other vendors will get involved. I think the more vendors who get involved, the better things will be. 

--KB
Karen J. Bannan, commenting on behalf of IDG and FireEye.
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.