Securing smart city transport: two studies

February 12, 2016

Securing Smart Cities, a not-for-profit global initiative that aims to solve the existing and future cybersecurity problems of smart cities, has contributed to two studies of The European Union Agency for Network and Information Security (ENISA) on the cybersecurity of public transport in a smart city.

We previously posted about the Securing Smart Cities initiative just last December. Smart City is a long-standing concept which is becoming a reality. However, the path to realization may become hugely problematic, and may potentially lead to large-scale disasters unless approached the right way. What is ‘right’ here?

It should come as no surprise that the main concern for Kaspersky Lab and our partners within SSC initiative is related to the cybersecurity of the “smart” infrastructure.

In fact, this infrastructure in general and so-called “intelligent public transport” (IPT) in particular relies heavily on network communications and IT. Because of this, “smart” transportation systems become “a natural target” for cyberthreats that will have an impact “not only on the operations of the transport service, but also on the whole economy and potentially on the health and safety of citizens”.

It is therefore vital that cybersecurity is an important part of all smart transport projects from their very conception.

Despite gains, connectivity may fall victim to a cyberattack unless counter-measures are established by default along the whole perimeter. To ensure this perimeter’s security – and the proper level of resilience – risks should be properly assessed and all possible “entry points” and targets acknowledged.

transport

But there are no established policies of ensuring cybersecurity on transport in EU for now – the awareness level is low and it is difficult for operators to dedicate budget to this specific objective.

Both ENISA studies are there to help. The first one “proposes a pragmatic approach that will highlight the critical assets of Intelligent Public Transport systems”, giving an overview of the existing security measures (good practices) that could be deployed to protect these critical assets and ensure security of the IPT system, based on a survey and interviews of experts from the sector, municipalities, operators, manufacturers, and policy makers.

It is important to mention that “Good practices” are not limited to technical measures: they also integrate policies, standards, operational, and organizational measures for the involved parties, so that they could more easily understand which critical assets to protect and how.

The study identifies critical assets of intelligent transport systems from a business and societal point of view and highlights good security practices against cyberthreats.

The second study states its objective is “to model the architecture of the transport sector” in smart cities and “to describe good cyber security practices of IPT operators.”

The good practices are put into a relationship with different city maturity levels, so that representatives of operators and municipalities can quickly assess whether or not they lag behind other cities with the same maturity level in terms of cyber security and, if so, to take appropriate actions.

We thought these studies might be interesting to all IT-related businesses. Feel free to familiarize yourselves with them via these links: