{"id":10058,"date":"2017-10-24T08:00:37","date_gmt":"2017-10-24T16:00:37","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/10\/24\/news-3831\/"},"modified":"2017-10-24T08:00:37","modified_gmt":"2017-10-24T16:00:37","slug":"news-3831","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/10\/24\/news-3831\/","title":{"rendered":"Accelerating Security for Intelligent Transportation Systems: A New Trend Micro Report"},"content":{"rendered":"

Credit to Author: William “Bill” Malik (CISA VP Infrastructure Strategies)| Date: Tue, 24 Oct 2017 14:53:53 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Connected cars and autonomous vehicles are getting all the headlines these days, especially when it comes to cybersecurity concerns. But that\u2019s only half of the story. An under-reported but hugely important piece of the puzzle relates to the Intelligent Transportation Systems (ITS) needed to create truly smart cities. Governments around the world, including the US, are already investing in these systems \u2013 and cyber attacks on them are already beginning to make the news.<\/p>\n

Make no mistake, the stakes are as high as they come, with cyber attacks having the potential to cause serious traffic accidents, economically damaging traffic jams, and major financial losses for businesses and governments. That\u2019s why Trend Micro is launching a new in-depth report,\u00a0Cyberattacks Against Intelligent Transportation Systems,\u00a0<\/em><\/strong><\/a>which assesses future threats to ITS.<\/p>\n

By sharing our knowledge, we hope ITS stakeholders can better plan ahead to fortify these systems from attack and keep us all that bit safer on the roads.<\/p>\n

What\u2019s an ITS?<\/strong><\/p>\n

It might not surprise you to learn that a typical ITS involves a highly complex ecosystem of advanced and emerging technologies. To focus our efforts, we narrowed it down to six main categories:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Vehicles:<\/strong> connected and autonomous<\/li>\n
  • Roadway reporting:<\/strong> cameras and sensors like bus lane cameras that send real-time data back to control centers, with the goal of making high-volume traffic movement more efficient<\/li>\n
  • Traffic flow controls:<\/strong> monitor traffic and roadway conditions in real-time to improve traffic flows, such as railway crossings \u00a0or emergency services vehicles<\/span><\/li>\n
  • Payment apps\/systems:<\/strong> kiosk payment machines, e-ticket apps, and RFID transponder toll systems designed to regulate traffic density and generate revenue for businesses and municipalities<\/span><\/li>\n
  • Management apps\/systems:<\/strong> control all aspects of the ITS from the nerve center<\/li>\n
  • Communications apps\/systems:<\/strong> facilitate exchange of information between ITS components<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The cyber threat to these systems is very real. Nation states, cybercriminals, hacktivists, cyber-terrorists, malicious insiders, and even unscrupulous operators all have their motives; whether it\u2019s making money, causing chaos and disruption, or stealing sensitive IP. We should also add natural disasters in here too \u2013 adverse weather can often do just as much damage as a committed hacker.<\/p>\n

Ransomware attacks, covert data theft, DDoS, and broader information warfare are all very real risks. Roadside message boards have been hacked to display joking or subversive messages; surveillance cameras have been infected with ransomware; emergency sirens have been set off en masse<\/em>; even internet-connected drive-through car washers have been hijacked to physically attack vehicles and their occupants.<\/p>\n

Driving change<\/strong><\/p>\n

The bad news continues: ITS can be attacked physically, wirelessly or over the network. Vehicular Ad hoc Networks (VANETs) \u2013 which are comprised of smart vehicles and Roadside Units (RSU) \u2013 are particularly at risk for their use of unreliable wireless communications technology. The impact of attacks could be serious, especially when vehicles depend on VANET data for making critical driving decisions.<\/p>\n

To provide more concrete insight into ITS cyber threats, we assigned cyber attack vectors across the six ITS applications and systems highlighted earlier, applying the industry-standard DREAD threat model to calculate risk.<\/p>\n

Over half (54%) of all threats we modelled were rated High Risk and 40% Medium Risk, with network attacks accounting for the majority (71%) of High Risk attacks.<\/em><\/strong><\/p>\n

That should ring alarm bells among all ITS stakeholders. So, what happens next? Although it\u2019s challenging to protect the entire ecosystem against cyber-attacks, there are broad best practice measures outlined in the report, which will go a long way to making these systems more resilient. These include:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Network segmentation<\/li>\n
  • Firewalls\/UTM gateways<\/li>\n
  • Anti-malware<\/li>\n
  • Anti-phishing solutions<\/li>\n
  • Breach detection systems<\/li>\n
  • IPS\/IDS<\/li>\n
  • Encryption<\/li>\n
  • Patch management<\/li>\n
  • Vulnerability scanning<\/li>\n
  • Shodan scanning<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

For a more detailed look at the ITS threat landscape and concrete advice for security professionals and policy decision-makers, take a look at the full report: Cyberattacks Against Intelligent Transportation Systems<\/a>.<\/em><\/strong> If we start thinking about cybersecurity today, we can ensure the roads of tomorrow are a safer place for all of us.<\/p>\n

Please add your thoughts in the comments below or follow me on Twitter;\u00a0@<\/strong>WilliamMalikTM.<\/a><\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: William “Bill” Malik (CISA VP Infrastructure Strategies)| Date: Tue, 24 Oct 2017 14:53:53 +0000<\/strong><\/p>\n

\"\"Connected cars and autonomous vehicles are getting all the headlines these days, especially when it comes to cybersecurity concerns. But that\u2019s only half of the story. An under-reported but hugely important piece of the puzzle relates to the Intelligent Transportation Systems (ITS) needed to create truly smart cities. Governments around the world, including the US,…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10420,10414,714],"class_list":["post-10058","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-critical-infrastructure","tag-internet-of-everything","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10058"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10058\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10058"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}