Smart city control networks being architected more securely than SCADA

Advocates of heavily instrumented 'smart city' infrastructure are acutely aware of the legacy left by insecure SCADA control systems and are instrumenting modern industrial-control networks with a higher degree of security, according to smart-cities architect Silver Spring Networks.

Having seen a “tremendous reception and demand” for its experience in building smart-city networks – which incorporate a wealth of sensors and light controllers as well as energy-efficient equipment such as a “tidal wave” of LED smart lighting – global commercial lead for smart cities CJ Boguszewski told CSO Australia that the need for security had been a key focus for architects of such systems.

Full 256-bit encryption and system-on-chip security, as well as software controls like the ability to limit the number of commands from any one user, are among the controls that ensure individual hackers can't wreak havoc with the systems.

“People don't realise that when these things are connected up, they are a security risk – particularly with respect to public safety,” he said.

Ongoing hacking of SCADA (supervisory control and data acquisition) software has made industrial networks a key focus for many security practitioners, with researchers regularly identifying new vulnerabilities, vendors patching new security holes, and new malware emerging regularly to target SCADA and industrial control systems.

Similar concerns have accompanied the emerging Internet of Things (IoT) paradigm, which is being built around connected devices of all kinds but has raised security and privacy concerns in many corners.

“You can imagine that when your smart-lighting network is connected up some 14 year old may decide to try to light them up to be seen from space,” Boguszewski said, noting that such attempts were expected to increase as IoT spread.

“That's why we've been able to take the security we have in place, and ensure that it fully fits within our security approach and envelope. We have the ability to ensure that any damage from those types of attacks is limited.”

In the short term, compliance with open standards from the likes of the TALQ Consortium is expected to help prevent potential security risks being buried in proprietary code. Standards compliance will also become more important as IoT architectures emerge, ensuring consistency and manageability are not lost as the number of devices explodes.

With city architects increasingly looking to position new smart-lighting networks as conduits for controlling far a much wider variety of equipment than just street lights – parking meters and traffic sensors, for example – Boguszewski was impressed by the progressive vision shared at the recent Australian Smart Lighting Summit in Melbourne, where he was among the presenters.

“I've seen some fantastic lighting designers presenting about their thinking on how they see treating urban space,” he said.

“In a world where you have the opportunity to use less energy and get more control, you might as well put the control systems in place to allow you to get new features and functions. Councils install this technology and have the opportunity to stand up other applications that form part of the smart city, at a fraction of the cost.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Smart CitySCADA

More about CSOEnex TestLabSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts