OMG, yes smart cities can be hacked!

I ended my last post saying that “new technologies create new opportunities for cyber attackers and new challenges for cities as they must prevent attacks and guarantee the perennity of public services”.
I did a bit of google research and could find some example of cities or public services being cyber hacked in some way:

Though it looks like these are minor attacks and that we are far from witnessing a city being completely paralysed by hackers, still it seems that cyber risk is a major concern modern cities. As they deploy new technologies and offer more services to their citizens, cities become smarter but also provide more open doors to potential attacks. Behind the services that we enjoy such as the Bicing service in Barcelona, smart street lighting, smart transportation, smart parking, garbage collection or security cameras there different technologies that may provide new opportunities for cyber attackers. This is is a new challenge for technology providers and for cities as it requires different approach to how technologies are introduced and tested, how people and administration are trained, how budget are allocated and how cities are planning their growth and evolution as well as how do they incorporate the cyber risk in their own thinking.

Prevention seems to be on the to do list of everyone and I guess that my beloved Barcelona is safe as I write. I wish you a nice summer break.

Advertisements

Barcelona ranked amongst top smart cities in the world, let´s celebrate and go bicing!

Yes, Barcelona is Ranked  as one of the top smart cities in the world , who would have bet a penny 30 years ago? Maybe not me, however I am proud of what has been done to achieve this number 1 position.

How does a city become “smart”? Simply by working on a project that merges urban planning, ecology, and information technology to ensure the benefits of technology reach every neighborhood and improve the lives of citizens.

Barcelona’s program is ambitious as it includes a series of strategic initiatives such as:

  • Smart Lighting
  • Smart Energy
  • Smart Water
  • Smart Transportation
  • Zero Emissions Mobility
  • Open Government

I am not going to detail all these initiatives as you can find all the information here. However I am still going to describe one pillar of the Smart Transportation plan :  the Bicing service.

I have been a big fan of the bicing service since it was launched in 2007, my statistics show more that I have used it 186 times since the beginning of this year, and spent 45 hours on a city bike.

8 years later. the city claims 95,581 registered users. An average of 50,000 bike trips are made every day, with each bike being used on average between 6 and 8 times. The 100 millionth journey was made on 4th May 2015… A real success!

From my point of view the Bicing service is the typical example to use if one needs to explain what does the Smart City concept means.  The city of Barcelona has successfully implemented a service that is a sustainable and economical form of transport, designed for citizens to travel short distances without consuming any energy. On top of that is it easy to use, maybe no so affordable though: You pay an annual fee, get a Bicing card, scan it at any of the 400 stations, check out a bike, then check it back in at the station closest to your destination. Most stations are located by other public transport stops or public parking. Last April the new Bicing app became available for users to check out real-time availability at stations, making it easier to plan a route if one station has unavailable bikes or parking spaces.

This is a wonderful world indeed. don’t you think? Well, what if…the bicing fleet management app or the centralized control systems would not operate the way it should or would be non-functioning? New technologies create new opportunities for cyber attackers and new challenges for cities as they must prevent attacks and guarantee the perennity of public services…. We`ll look into this in a next post.

Cash management: make it simple, make it sexy too!

Yesterday I went to my pharmacy. I had the big surprise to see that the owner had invested money in a cash management system…Yes the big unsexy box you can see as an illustration to this post.

At first I thought “well, I don´t understand why they need such a big machine to take my money and give me my change” but then I saw the light! If you are a pharmacist, counting coins and notes is certainly not your priority in life. Additionally the core of your business is all about health and hygiene, so with an automated cash management system employees can avoid touching potentially contaminated notes or coins.0n tof that they do not have to calculate or count the change they have to give back, the machine does all of that…. How clever! Now talking about hygiene, I am wondering why I have not seen more of these machines, especially in bakeries, grocery or fresh food stores in my area.

Even though cash payments in retail are in decline I must admit that still use cash for everyday purposes:

  • I would not use credit card to buy the newspaper, cash is more convenient,
  • For less than 15 Euros purchases I don`t use credit card neither,

so anything that can help cash payments easier, faster and secure is fine with me and self-service cash systems is welcome.

Following my visit to the pharmacy, I investigated a bit the internet and checked out a few home pages from some manufacturers ( NCRWincor Nixdorf, CashGuard).

If you click on the highlighted links you will be rerouted to the cash management solutions pages of these corporations. I hope you will agree with me that these great companies offer great products and solutions however please join me in asking them to give their hardware a sexiest look!

Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank hacked, where I am going to put my money?

Once again security concerns are in the news:  Hackers targeting users of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander have been spotted : they sent 19,000 malicious emails in three days from spam servers worldwide, inviting users to download an archive containing a malicious .exe file.

As of today enterprises and corporations increase dramatically their spendings to secure their network. At the same time, the threat surface available to cyberattackers is continuously expanding as enterprises increasingly rely on web, mobile and cloud applications to drive their businesses. It is a chicken and egg situation.

So it’s not surprising that web and cloud based application attacks remain one of the most frequent patterns in confirmed breaches and account for up to 35% of breaches in some industries, according to the 2015 Verizon Data Breach Investigations Report (DBIR).

According to Help Net Security, Executives at major North American companies believe conventional network security solutions aren’t enough to protect their cloud computing environments, especially when it comes to visibility into impending cyber attacks.  For 66% of them security concerns is a barrier impeding cloud infrastructure deployments ( CloudPassage Survey).

On another hand, what is also quite worrying is the fact that financial services organization say they have policies in place to proactively remediate most of their vulnerability… yet big names like Barclays, RBS, HSBC, Lloyds Bank and Santander are in the news…. Again.

Oh what a bright future for security and cyber security companies!