[BrieFing]
Resilience essential for smart-city sensors
Read Me
What: “The Black Report” from Nuix, a survey of 70 penetration testers at the DEF CON conference.
Why: Many of the hackers’ responses could help government IT managers secure their systems.
Here are some of the relevant insights:
1. Direct server attacks were the most popular method for breaking into systems, slightly ahead of phishing attacks.
2. Eighty-four percent of attackers used social engineering to gather information about their targets.
3. Half said they changed their attack methodologies with every target, and 38 percent said they mixed things up at least every six months.
4. Only 5 percent said they changed tactics because old methods were no longer effective while 56 percent did so mainly to learn new techniques.
5. Similarly, 66 percent cited the challenge of penetrating a system as their main motivation. Only 12 percent said money or ideology was the main driver.
6. Endpoint security was cited as the most effective defense, while 10 percent said firewalls were the best and 22 percent claimed that no countermeasure could keep them out of a system indefinitely.
7. Nearly two-thirds said their biggest frustration is that most organizations don’t fix vulnerabilities after they’ve been identified.
The full survey is available at is.gd/GCN_hackers.
8 GCN MARCH/APRIL 2017 • GCN.COM
BY MATT LEONARD
In the race to get “smart,” many city officials are considering installing data- collecting devices across their neigh- borhoods. According to one expert, however, it’s not as easy as putting a box on a pole and waiting for the data to flow in.
Charlie Catlett, a senior computer scientist at the Energy Department’s Argonne National Laboratory who has been working with Chicago officials on their Array of Things project, said there are some important questions to consider, such as: What data will the sensors collect? How will the data be made available? And how will the city protect the privacy of its residents?
There are also mechanical issues. When a city installs hundreds of sen- sors, officials must be prepared to main- tain and repair them, Catlett said at the Socrata Connect conference in March.
Chicago’s Array of Things will have 500 nodes fitted with onboard com- puting power and machine-learning capabilities. Those nodes will provide a variety of data via open application programming interfaces.
Researchers at Argonne National Lab developed the Waggle wireless sensor system nodes used in the array, and
Catlett said the hardware had to last
a long time. That meant incorporat-
ing a supervisor board with sensors to provide updates on the device’s internal environment. The Waggle node houses three computers that work to keep one another healthy because when 500 devices are mounted atop light poles, repairing them is a challenge.
“Relative to the cost of this box, the labor for a crew of three electricians to go out with their bucket truck and wire things up — that’s an expensive thing to do,” he said. “And you don’t want to waste their time by sending them out to fix things.”
But researchers still wanted the devices to be easy to remove in case they needed to repair or update them. Catlett said his team worked with the Chicago Department of Transporta- tion to build a simple system that takes about 10 minutes to replace.
In addition, the housing’s design plays a role in the public’s perception of the sensors. “One of the reasons why it’s not black and ominous but is more conspicuous and colorful is you wanted people in neighborhoods that had this device to think of it as their device that is watching the city on their behalf and giving them data about their neighbor- hood,” Catlett said. •
GSA wants easier access to geospatial tools
BY NICK WAKEMAN
The geospatial industry has matured to the point that the General Services Administration is exploring whether it should create a special item number for Earth observation products and services that use geospatial and satel- lite imagery.
The category would cover satellite and aerial image collection (includ- ing products and services derived from that imagery), data transmission services, storage and distribution solu- tions, imagery as a service, crowd- sourcing, analytics, change detection, machine learning and emerging technologies. •