Cybersecurity as a public infrastructure service

by

6 October 2016
Erel Rosenberg of DFRC

Cybersecurity should be provided as a public infrastructure service in the brave new world of IOT and smart cities, in order to prevent attacks which may be aimed more at causing damage than financial gain.

This was the view of Erel Rosenberg, chief executive officer of DFRC, who was speaking on IOT security from the perspective of an IOT device manufacturer during the recent TechInnovation 2016 event in Singapore.

In his presentation, Rosenberg emphasised the strong relationship between and cybersecurity. “There is no way to provide cybersecurity without some kind f physical security,” he said. “If you do not provide physical protection, systems will be hacked easily.”

The two main factors that make a target attractive to cyber attackers are attractive content and easy access, he said.  

Citing the example of the ATM machine, he said ATMs are the most attractive target in the IOT world for these two reasons. The content is attractive, and the system is easy to access. “What you find when you open up an ATM is an old computer, probably a Windows XP system with a security update from the 20th century. You just have to hack the system and the content is yours.”

The same two factors come into play with IOT in smart cities. “We are sowing our sensors in the streets,” he said. “The IOT devices are vulnerable. They are located in public spaces with limited or no physical protection; they are easy to reverse engineer; it is easy to replace them with fake devices; and they are easy to modify because they are mass manufactured.”

These IOT devices have little protection against, for example, distributed denial of service (DDoS) attacks. “If you put a transmitter near the device, there is no way to protect the device.”

The main reason these attacks are not happening despite the poor protection is that the content may not be attractive to attackers. “PSI readings may not be very interesting to them, so there is no motivation,” said Rosenberg. But this could soon change because “what you think is not attractive, someone else may find attractive”.

It will also change because IOT is set to play a central role in important initiatives such as smart nations and smart cities, and the content will soon become very attractive for attackers looking to maximise damage rather than to profit from their exploits. For example, hackers could generate false signals at traffic lights to create huge traffic jams and cause massive disruption to the public transport system.

Proposing a solution to this, Rosenberg said municipality leaders should include cybersecurity as a public infrastructure service for smart cities. “In my opinion, cybersecurity is part of the infrastructure. It is not a solution where my company or another company can put in an application and provide support. That will not solve the problem.”

These cybersecurity infrastructure services should be a combination of hardware, software, detection and enforcement. “We need to pay attention to detection. If someone puts in a device that is doing something that it should not be doing, we should be able to detect it.”

Unfortunately, nothing like that exists today except in a high-security scenario, he noted. “We need cybersecurity infrastructure on a city-wide scale; a completely new mechanism to solve these kinds of problems that we are facing.”

“When we put our most valuable things in a hostile environment, we have to find a way to continue protecting them.”