Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 17 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Trouble ahead for smart cities, predicts Tripwire’s Rekha Shenoy

by The Gurus
December 20, 2016
in Opinions & Analysis

Abstract digital cityscape, skyscrapers and chaotic wire frame constructions in cloudy sky, 3d illustration

Share on FacebookShare on Twitter

It was an event long predicted but when it finally happened security watchers were still taken aback.
On 23 December 2015, three Ukrainian power companies suffered an unexpected, near simultaneous power outage that left at least 225,000 people without electricity just before Christmas, a bitterly cold time of the year.
The incident affecting 30 sub-stations was bad enough but it quickly emerged that this was no technical glitch and had been caused by a carefully-planned cyberattack.  Someone had gained remote access to the station’s industrial control system (ICS), seeding key systems with malware and even slowing emergency response by disrupting the ability to use backup power.
If a red line was crossed on that day, whose job is it to worry about the implications? In the case of the electricity grid, responsibility falls to power companies, regulators, and governments, but also to security vendors whose job it is to develop better protection technologies.
Tripwire is a company that finds itself right in the middle of this emerging industrial security market. The company has a history in configuration management, expanding through acquisitions such as that of nCircle in 2013 before being bought a year later by cabling giant Belden, which had also bought itself into industrial control.
A key mover at the company is Rekha Shenoy, who heads up marketing at Tripwire, which she joined ten years ago, while also looking after Belden’s industrial cybersecurity business.
“At the time, it was a small company looking for the next big thing. It’s funny how in some respects ten years later we are a larger company looking for the next big thing,” she says, a reference to Tripwire’s growing presence in industrial cybersecurity.
Belden, meanwhile, has been on an even longer journey. “It’s first customer was Thomas Edison,” she muses, a world away from its new customer base among power companies buying industrial networking and control – or perhaps not.
In hindsight, the pairing looks like a collision foretold. “Tripwire started seeing a lot of inbound interest from utilities. They had blackouts and brownouts they weren’t convinced were just power outages – there was malicious intent,” she says without naming names. Belden’s acquisition put it in the heart of that sector.
“I would go out there and talk to these customers and really bad things were happening. They were finding out about a breach when the Department of Homeland Security knocked on their door.”
Suddenly, the sector was getting ransom letters. Industrial control – the gamut of SCADA systems in power companies but also water management – was under attack.
“These aren’t theoretical risks, they are actually happening.”
These sectors couldn’t just abandon remote interfaces, that have spread across a vast complex of facilities and systems, but needed some way to secure them from attacks not foreseen when they were first designed and installed.
“Electrical engineers measure their success by the ability to keep everything up and running. But the IT security guy shows up and measures success by confidentiality. They’re in opposition to each other.”
New systems, including the best Internet of Things devices, can have security “baked in” from the start but applying this to legacy equipment represents a massive challenge, says Shenoy.
“That’s where we, Belden and Tripwire find ourselves. We’re helping our customers with what’s already there.”
A common misconception is that SCADA is a special case when in fact it must deal with the same LAN and PC security issues affecting any network.
“On the back end of this is probably a SCADA workstation. To an IT security team, this is a Windows machine but they didn’t buy it from Dell or HP, they bought it from GE, or Schneider Electric, or Schweitzer.”

Smart cities

The effect of attacks on a city power or water system would be bad enough but, as embedded and IoT technology spreads, it’s now just as likely the target could be the cities themselves.
A recent Tripwire survey estimated the market for smart city technology to have reached $37 billion (£30 billion), just as pessimism about securing it among professionals in the sector has surged. Seventy-eight percent of the 200 surveyed by the company said they believed that a cyberattack against the systems that underpin smart city systems was imminent. An almost identical percentage believed this would be capable of causing physical damage, with transportation a choice target.
Separating fact from fiction can be hard in a cybersecurity full of lurid predictions but it’s not an idle worry. Smart systems are being integrated into almost all new transport infrastructure with the possibility of automated buses and trains not far off in some countries. The potential for trouble at almost every level is clear.
“Cities get smarter every day. If you look at China, they are smart from the ground up. This new technology is coming in in bits and pieces.”
But according to Shenoy, smart city cybersecurity is still seen as an optional insurance policy.
“More and more people are waking up to the risk but they’re not funding it yet. Countries spend money on cyberdefence but what they’re using it for is intelligence.”
This leads to an odd world where billions can be invested in cyber defence but very unevenly.
“We spend money to protect our physical borders – land, sea, air and space – so what about cyber?”
She predicts that the definition of critical infrastructure will start to change rapidly. An example of this will be the re-categorisation of cybersecurity to embrace ideas about safety as well as resilience. Shenoy calls these “safety dollars” which, with lives potentially at stake, is another way to look at cybersecurity investment in utilities and smart cities alike.
With a long road ahead, it won’t be easy. Pressure from a still disengaged public will eventually speed change.
“They are all going to go kicking and screaming.”

FacebookTweetLinkedIn
Tags: industrial controliot securityMalwareSCADAsmart cities
ShareTweetShare
Previous Post

Why To Think Like an Attacker, You Need to See Like an Attacker

Next Post

Hackers could take control of a plane using in-flight entertainment system

Recent News

Armis: Top Performer in Asset Visibility and Real-Time Detection in MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS)

Armis Launches new ‘Critical Infrastructure Protection Program’

May 17, 2022
jigsaw

Thanos and Jigsaw ransomware linked to 55 year old doctor

May 17, 2022
Google logo

Italian police thwart Eurovision cyberattack

May 17, 2022
nuclear power stack

UK announces nuclear cybersecurity strategy

May 16, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information