Europe’s data security agency has published guidance on how to protect intelligent public transport (IPT) systems and smart power grids against cyber attacks.
Prof. Udo Helmbrecht, executive director of the European Union Agency for Network and Information Security (ENISA), commented: “Smart infrastructure and smart devices are no longer a thing of the future, they are currently being rolled out across the EU. ENISA sees the security of such infrastructure as being a key success factor. Ensuring adequate protection of citizens will remove barriers to implementation and help promote economic growth through innovation.”
IPT networks in smart cities rely on Internet of Things (IoT) and cyber-physical systems to retrieve, process and exchange data. And while these emerging technologies can improve services and quality of life, they are also potentially vulnerable to cyber threats.
The data security agency cited examples of cases where a transport system was disrupted for several days due to radio interference with telecommunication systems; failures of ICT central servers led to global outages of a metro system; and smart tickets were hacked for fraud.
To help secure critical assets and data exchange for intelligent public transport, ENISA made a series of recommendations for the European Commission and its member states, IPT operators and manufacturers of IPT systems, including:
- The European Commission and national governments should promote public/private collaboration on IPT cyber security;
- IPT operators should integrate cyber security in their corporate governance and develop a clear definition of their security requirements;
- and Manufacturers and solution providers should create products/solutions that match the cyber security requirements of IPT end-users.
In a separate report on communication network interdependencies in smart grids, ENISA said that although smart grids offer significant benefits they provide “an increased attack surface for criminals”.
For instance, smart meters can be hacked to cut power bills — something that happened in Spain in 2014. Or a Distributed Denial of Service (DDoS) attack or malware infection could cause a loss of communications and control of the network, resulting in an energy production halt and affecting systems across borders.
In recommendations addressed to smart grid operators, vendors, manufacturers and security tool providers, the agency said that they should:
- Collaborate to ensure intercommunication protocol compatibility between devices from different manufacturers and vendors;
- Develop a set of minimum security requirements to be applied in all communication interdependencies in smart grids;
- and Implement security measures on all devices and protocols that are part of, or make use of, the smart grid communication network.
Tags: General, Smart Energy