Smart cities are vulnerable to hacking according to field tests by researchers from Kaspersky Lab on the streets of Moscow. Here to comment on this news is Richard Kirk, SVP at AlienVault.
Richard Kirk, SVP, AlienVault:
“The Internet of Things (IoT) is the most topical thing in IT right now – and rightly so, when one considers the possibility of a world where we can control literally everything from a smartphone.. But, like with all major advances, there is a flipside to the astonishing advancements made possible by IoT. Namely, where does security sit within the big picture of IoT? Are developers and manufacturers giving it the attention it deserves? I somehow doubt it.
Let’s take connected cars for example; there are many plausible uses for having full remote control over vehicles, and science fiction is rapidly becoming reality. Some of the applications include fleet management and control, location of stolen vehicles, pre-programming journey routes as well as emergency assistance in the case of accident.
However, there are several reasons why we need to take this seriously, mostly because connected cars are like an iPhone on wheels, and consequently susceptible to all of the same issues we face on a daily basis with computers. Cars are big hunks of metal and when not in control, can do a lot of damage since the systems, perhaps running in the cloud, controlling and coordinating the vehicles are all prone to intrusion and failure. If the US government can’t keep its personnel records secure, what hope is there for a car manufacturer?
More often than not, businesses are driven by profit and only invest in safety innovation when required to do so, either by governments, peer pressure or customer demand. Perhaps what is needed is the equivalent to the PCI and OWASP compliance guidelines, but aimed at the vehicle industry. We know that compliance only works when it has teeth, and is backed by regulation, hefty fines or some other form of penalty that causes companies to view it as more than just a cost of doing business.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.