Smart cyber security for smart cities

Transcription

1 Competence Series Smart cyber security for smart cities 1 IT Security made in Europe

2 Cities are becoming smarter Population growth, urbanisation trends and climate change are driving a process of continuous urban development in cities worldwide. This is not only having an impact on how and where people live and work but also on matters such as energy, water, mobility, the environment, finance and public administration. The collection, analysis and intelligent use of data is what turns cities into smart cities: cameras and sensors register and measure movements, temperature changes, air pollution, traffic, power distribution and much more. The data collected by internet and web-based services is evaluated at a central point and then forwarded to the appropriate stakeholders. Cities are becoming more cost-efficient, more environmentally sustainable, and the quality of life and safety of residents are being improved. The benefits are impressive. However, the systems which send, receive, store and analyse the data are vulnerable should, for example, their data streams be manipulated. The IT security challenges for smart cities Smart cities are no longer smart when, for example, their sensors communicate with each other across inadequately secured or unencrypted wireless networks. Networked healthcare services, emergency control centres, smart grids, industrial control centres, intelligent transport systems, the Internet of Things and traffic control systems are some of the key areas for IT security. Cyber attacks are increasingly becoming a reality. It is therefore extremely important that the entire IT infrastructure of a smart city regularly undergoes proactive IT security monitoring. Smart cities and IT security must work hand in glove. A balance has to be struck between the intelligent use of data on the one hand, and ensuring the security of sensitive or security-relevant data on the other. This is a challenging task, which public bodies and institutions often cannot tackle on their own. 2

3 Incidents have already been in many parts of the world 2011/Germany. The server of the German Customs Investigation Bureau and Federal Police was infected by a trojan. Consequently, GPS data, telephone numbers and registration numbers of suspects were accessed. 2012/USA. As a result of a computer glitch, the court in Placer County, California, summoned 1,200 people to appear for jury duty at the same trial. Traffic chaos ensued. 2013/USA. Thousands of passengers were kept sitting for several hours in 19 trains operated by Bay Area Rapid Transit (BART) near San Francisco. The cause was a software error that crashed the entire system. 2013/Turkey. The airports in Istanbul were the victims of an attack. A malware infection shut down the passport control system. 2013/Latvia. Attackers used SQL injection to attack an employment agency and gain access to 3,077 user accounts containing private information and plain text passwords. 2014/Singapore. Following the arrest of several Anonymous members, a number of Singapore government servers were attacked and the personal information of government employees was published. 2014/Finland. Unknown attackers compromised government servers and stole a considerable number of documents over a period of years. 2015/USA. The US government and a number of defence industry companies were spied on in a large-scale attack. Several billion bytes of data were stolen. 3

4 Rethinking the approach to IT security IT security managers know that measures designed to fend off attacks from the outset are always incomplete. The wide variety of attack options, the rapid development of attack methods, misconfigured security tools, or missing adjustment to changing conditions, are some of the reasons why a high level of IT security is not achieved. Conventional IT security solutions are unable to provide adequate protection for complex IT infrastructures and systems. Take signature-based antivirus solutions, for example: they only provide protection when the viruses or malware are known, when a definition has been issued by the anti-virus software vendor and when the security software is properly configured and perfectly adjusted to current conditions. If one of those preconditions is not met, the anti-virus software will not work and will therefore not provide any protection. Purely defensive measures in this context are always incomplete. A rethink of the approach to IT security is needed. Smart cities have countless potential gateways for attackers. There needs to be a refocusing of attention away from notional risks and towards the detection of real dangers. The large number of automated and autonomous systems must be checked in a timely, effective and efficient manner for attacks and anomalies; vulnerabilities and abnormalities must be analysed, acted upon and patched. How managed security services can help Managed security services means IT risk detection by experts from an external service with encompassing expertise for complex security measures. The services are provided in security operation centres (SOC) 24/7 if required. Outsourcing this specialist work reduces long-term investment risks significantly: separate IT security tools can often be replaced by an end-to-end software solution from a single provider and investment in highly specialised staff and their ongoing training is greatly reduced. 4

5 Managed security services made in Europe: maximum data security standards in a partnership with external experts RadarServices is the European market leader in proactive and continuous IT security monitoring and risk detection. The company offers an IT early warning system that is constantly updated and adapted to the needs of the customer. It therefore meets the challenges posed by IT security in smart cities in a highly efficient and effective manner. This outsourcing of IT security and risk analysis does not require any security-sensitive data to be released. Automated detection and analysis is carried out on a highly secured hardware appliance which contains all the modules along with the advanced correlation engine. All necessary tools run within the customer organisation s network, which ensures the security of data because data never leaves the customer. Even when security specialists from RadarServices carry out manual analyses, data is never sent outside the customer s network. All processes are designed to meet the strictest data security standards, using a concept that is unique among security providers anywhere in the world. Multilevel IT risk detection system Comprehensive IT security monitoring and IT risk management enables the timely detection of attacks and vulnerabilities affecting each component of a smart city. To achieve this, the first necessary step is automated risk identification. This is followed by comprehensive correlation of all events as the second step, and then by a third step involving a detailed expert review. Finally, the results are presented in a clearly structured management cockpit and customized reports. 5

6 Security Information & Event Management (SIEM) Host-based Intrusion Detection (HIDS) Advanced Cyber Intrusion Detection (ACID) Vulnerability Assessment (VAS) Software Compliance (SOCO) Advanced Threat Detection (AETD) Advanced Correlation Engine Risk & Security Intelligence Team Risk & Security Cockpit / Alerting 6

7 Smart risk detection tools Various types of attack can only be detected with the assistance of an extensive set of tools. RadarServices works with a complete toolkit. It is made up of: Security Information and Event Management or SIEM the evaluation of log data from various sources as well as risk and threat data, with the aim of obtaining solid security information enabling rapid response to security incidents and pertinent compliance reports Advanced Cyber Intrusion Detection or ACID the detection of dangerous malware, anomalies and other risks in the network traffic by means of signature- and behaviour-based detection engines Host-based Intrusion Detection or HIDS the collection, analysis and correlation of server and client logs and the immediate alerting and response as soon as attacks, misuse or errors are detected. The file integrity of local systems must be checked, and rootkits such as hidden attacks, trojans and viruses must be identified on the basis of system changes Vulnerability Assessment or VAS a 360-degree overview of potential security vulnerabilities in operating systems and application software, and the monitoring of all data flows on the network anomalies Advanced Threat Detection or AETD the detection of advanced malware previously undiscovered by conventional security measures, including advanced persistent threat (APT) systems Software Compliance or SoCo automatic monitoring of compliance regulations and the immediate reporting of breaches to minimise compliance risks 7

8 Intelligent correlation and cross-correlation New types of attacks can usually no longer be detected using signature-based methods. Such attacks are not detected on the basis of specific patterns but from behavioural anomalies in the IT systems. Detecting them requires advanced correlation engines that correlate security events within a risk identification module and also cross-correlate the information from all modules. A unique and deep insight into security-relevant events can be obtained by correlating and cross-correlating logs with vulnerabilities, SIEM findings and large quantities of additional data. However, rules, policies, self-taught algorithms and statistical models must be updated regularly. RadarServices configures and maintains all modules continually. The rules for risk identification and correlation are updated continuously. Experts in risk analysis who speak your local language All of the automatically gathered security information has to be analysed by experienced experts with constantly updated skills. They analyse, consolidate and prioritise the results and continually develop the automated mechanisms based on the very latest information and findings. The experienced, highly specialised Risk & Security Intelligence Team at RadarServices works exclusively on risk analysis on behalf of customers and benefits from its ability to make comparisons between different sectors. Every day, thousands of incidents are processed and correlated. An important part of the work of the Risk & Security Intelligence Team involves the provision of support to the customers in-house IT teams. High quality risk and security information is provided in the requested level of detail. Each risk detected is continuously integrated. Each risk statement is accompanied by a guide on how to eliminate or when this is not possible to minimise the risk. This approach supports IT risk management processes within a customer s organization and will also contribute to its continuous and constantly updated risk assessment. Throughout the risk identification process, the expert team at RadarServices remains in constant touch with the customer s internal IT organisation via a communications and feedback system. Should a serious emergency occur, the experts will offer their fire fighting expertise upon request. Smart information processing 8

9 Smart information processing The multilevel approach delivers verified IT risk and security information which is immediately applicable for remediation process. False positives and false negatives have been eliminated. All of the information on the current state of IT security, risks identified and instructions for dealing with them are conveyed in the Risk & Security Cockpit. Reports and statistics are provided in the desired level of detail. In urgent cases, alerts are triggered. These may be received in the cockpit, via or even as a push notification on the mobile phones of a previously specified group of recipients. Moreover, the built-in Business Process Risk view highlights all business areas seriously at risk as a result of IT security problems. The implications are clear and easy to understand at the push of a button. False positives and false negatives have been eliminated. Newly discovered risks are continually integrated. The result is a modern, effective and at the same time efficient IT risk identification management system that is able to cope with the challenge of securing the complex IT infrastructures of smart cities. 9

10 RadarServices is the European market leader for pro-active IT security monitoring and IT risk detection as a managed service. The services uniquely combine automated detection of security relevant flaws and risks with the analysis and assessment done by experts. Data never leaves the clients premises. There is no need for training, configuration or maintenance and no requirement for additional capital expenditures or headcount. RadarServices Hasnerstrasse Vienna Austria T: +43 (1) F: +43 (1) E: sales@radarservices.com RadarServices Germany Taunustor Frankfurt a. M. T: +49 (69) E: sales_germany@radarservices.com RadarServices Middle East A110-1, DSO HQ Building Dubai, UAE T: +971 (4) E: sales_me@radarservices.com 2015 RadarServices Smart IT-Security GmbH. FN371019s, Commercial Court Vienna, Austria. All rights and changes reserved. RadarServices is a registered trademark of RadarServices Smart IT-Security GmbH. All other product or company names are trademarks or registered trademarks of the respective owners. Detecting Risk, Protecting Value 10