Ken Westin, senior security analyst with Tripwire today commented on news that the City of Los Angeles will deploy PC-managed street light controls .
Ken Westin, senior security analyst at Tripwire (www.tripwire.com):
“Although they plan to use encryption and secure networks, there are additional considerations that should be taken into account, such as how the firmware in these lights will be updated. Although the system may be ‘secure’ now, as the lights and network become more distributed they become a target for hackers who will identify vulnerabilities in the system and the lights themselves.
It is not clear if Los Angeles has allocated budget for continuous security monitoring of this system. The city will need to ensure that they are continuously monitoring for vulnerabilities in the system, as well as detection capabilities to identify potential compromises. This cannot be a system that they ‘set and forget’ as there a number of moving parts in this system, and given the high profile of the system it makes it an appealing target for thieves.
The choice of using a cellular network, although convenient as they do not need to lay cable, introduces additional vulnerabilities to the system. A cell jammer can block communication to the devices and if networks are otherwise unavailable can make these devices inoperable.”
Duo Security RSAC 2015 – Register to win a free Quadcopter
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.