Smart cities' IOT initiatives may pose business threats

Sibahle Malinga
By Sibahle Malinga, ITWeb senior news journalist.
Johannesburg, 25 Apr 2016
CIOs should bolster encryption schemes to protect data in networks, says Fortinet's Paul Williams.
CIOs should bolster encryption schemes to protect data in networks, says Fortinet's Paul Williams.

As smart cities take hold over the next few years, there are a few technologies that could become common place such as car navigation systems that can predict where and when traffic jams might occur, cameras that can spot litter in public places, and self-adjusting street lamps.

So says Paul Williams, major account manager for Fortinet. Williams explains smart cities are on the cusp of explosive growth driven by rising urbanisation and fuelled by technologies such as the Internet of Things (IOT) and data analytics.

He explains smart city initiatives are driven by public sector initiatives and these will have implications for businesses.

"Smart city technologies like IOT and data analytics are expected to drive innovative business ideas in the future.

"CIOs will have to learn how to tap on the new connected city infrastructure for their business," he elaborates.

The last few years saw the expected explosion of IOT devices such as the proliferation of cloud services and mobile device adoption in the workplace, observes Williams.

This trend, he says, has transformed business productivity, but it has also wrecked the tight-fisted control that CIOs used to be able to exert on their IT systems.

"CIOs now have to grapple with the idea of employees using unsanctioned cloud services via unsecured phones to hook up to corporate servers and accessing sensitive business data.

CIOs should look at IOT devices that offer device-to-device encryption, and bolster comprehensive encryption schemes to protect data in networks, cloud services and endpoint devices, he recommends.

Riaan Badenhorst, managing director at Kaspersky Lab Africa, says the emergence of various connected devices within smart cities means a new level of threats for CIOs to worry about.

"CIOs should be aware that any device can pose a threat to the corporate network, this means that all devices used should be protected with a string of Internet security protection."

He adds staff should be educated around the realities of outside threats of these devices - regular information sessions on these realities should be undertaken.

Williams says the new wave of smart city services and technologies are expected to create new security vulnerabilities. He suggests three areas CIOs should watch out for.

Big data

If there is a constant in smart city deployments, it is that more data will be generated, processed and stored, says Williams.

"Connected devices will generate huge data repositories and businesses that adopt big data systems will see an even larger data deluge.

"Unfortunately, such data will also become attractive targets for corporate hackers. To protect huge amounts of data with large inflows and outflows, the bandwidth capabilities of security appliances will come to the fore," he notes.

Badenhorst adds if data is not accurately secured, or the devices being used to analyse the data are not protected, the potential for the data to be hacked is high.

"This can pose larger risks and losses to the business, depending on the nature or value of the data.

"A smart city development plan must consider IT security of all aspects, including that of big data, very early on in the planning phase," he points out.

Williams recommends the logging and reporting of the all the security systems in the network, this is calculated in GB per day of logs (storage) and then data retention of this information from seven days of storage to five years of reporting.

IOT gateways

Unlike mobile phones and laptops, the majority of IOT connected devices are likely to go through only a one-time authentication process across multiple sessions, says Williams.

"This will make them attractive to hackers looking to infiltrate into company networks, as it allows easy control and sniffing of traffic.

"CIOs should map out where these gateways are and where they are linked to ? they can reside internally or externally and even be connected to IOT device manufacturers.

He adds there must also be a sound plan for updating security patches on these gateways, as well as the IOT devices.

According to a Kaspersky report titled: Securing Smart Cities, when organisations' professionals implement IOT gateways, systems should be deployed in a secure manner.

"Technology must have a selection phase and also pass a security test prior to implementation.

All communication should be properly protected against unauthorised eaves dropping, interception and modification from outsiders," recommends the report.

New worms

Williams says there are new worms such as Conficker, which spread on PCs, designed to attach to IOT devices that could wreak havoc on businesses.

"Such worms and viruses are persistent and can propagate from device to device particularly with mobile and the Android operating system. They can easily infect up to 50 million PCs if the spread of IOT worms is not properly mitigated", he warns.

Among the solutions, he suggests that patch management, and network-based security inspection - particularly intrusion prevention systems or IPS - that can block IOT worms, should be implemented.