Ken Westin, senior security analyst with Tripwire today commented on news that the City of Los Angeles will deploy PC-managed street light controls .
Ken Westin, senior security analyst at Tripwire (www.tripwire.com):
“Although they plan to use encryption and secure networks, there are additional considerations that should be taken into account, such as how the firmware in these lights will be updated. Although the system may be ‘secure’ now, as the lights and network become more distributed they become a target for hackers who will identify vulnerabilities in the system and the lights themselves.
It is not clear if Los Angeles has allocated budget for continuous security monitoring of this system. The city will need to ensure that they are continuously monitoring for vulnerabilities in the system, as well as detection capabilities to identify potential compromises. This cannot be a system that they ‘set and forget’ as there a number of moving parts in this system, and given the high profile of the system it makes it an appealing target for thieves.
The choice of using a cellular network, although convenient as they do not need to lay cable, introduces additional vulnerabilities to the system. A cell jammer can block communication to the devices and if networks are otherwise unavailable can make these devices inoperable.”
Duo Security RSAC 2015 – Register to win a free Quadcopter
BIO : Ken is a Senior Security Analyst at Tripwire Inc, with 15 years of experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Entrepreneur and named in Portland Business Journal’s 2013 “40 Under 40”. He has worked with law enforcement and journalists utilizing various technologies to unveil organized crime rings, recover stolen cars, even a car jacking amongst other crimes.
About Tripwire
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.
