Attivo Networks Blogs

Smart City Transport Needs Smart Cyber Security Strategies: IoT

By: Carolyn Crandall, CMO

Our world has never been more connected than in this day and age. Everything from wearable devices to smart light bulbs in smart homes can be connected to the cloud.

According to Juniper Research, the number of IoT (Internet of Things) connected devices will number 38.5 billion in 2020, up from 13.4 billion in 2015: a rise of over 285%. In Juniper’s report, The Internet of Things: Consumer, Industrial & Public Services 2015-2020, data shows that while IoT smart homes dominate the news, it is the industrial and public services sector – such as retail, public transport, smart buildings and smart grid applications – that will form the majority of the device base. This is why we felt it was important for our Attivo ThreatMatrix Deception Platform to be the first deception-based threat detection platform for the Internet of Things. We achieved that last May.

Lately, there have been great strides made in using the IoT to modernize the public transport sector. oneTransport, an initiative focused on using IoT technology and data analytics to improve transport networks around the UK, recently deployed its project at the British Grand Prix MotoGP™ to test out its efficacy. While Audi recently announced that it will release their first vehicles equipped with the ability to receive information from traffic lights – providing the first step in creating smarter and safer cities. While these milestones have been deemed as great triumphs, we are now more vulnerable than ever to cyber attacks that will not just drain our bank accounts and pilfer our personal data, but potentially bring smart cities to a standstill, or worse. According to a survey by Tripwire, more than three-quarters of respondents stated believed an attack would occur in 2016, while only three percent believed there wouldn’t be an attack.

One manipulated traffic light, for example, could mean death rather than just an inconvenience. To demonstrate the possible vulnerabilities of smart city transport, Kaspersky Labs attempted to hack Moscow’s transport system – and succeeded. According to the research team, the data was easily accessible, allowing them to do a number of things including manipulating traffic speed, traffic lights and more. Denis Legezo, a security researcher at Kaspersky Lab, said: “Our research has shown that it is easy to compromise the data. It is essential to address these threats now because in the future this could affect a bigger part of a city’s infrastructure.” While these incidents are far and few between, these systems will increasingly be targeted as they become more common.

Our IoT solution addresses gaps in IoT security with real-time threat detection and attack forensics that accelerate incident response, and support all the major IoT protocols including XMPP, COAP, MQTT, and DICOM based PACS servers. These protocols are used by IoT vendors to support a wide array of applications, establishing more cohesive machine-to-machine communication and monitoring around critical data and machine status. Our customers can configure the Attivo ThreatMatrix Deception Platform to look identical to the IoT supervisory or gateway control devices on their network (where IoT devices connect onto the network) making the Attivo BOTsink® engagement servers and decoys appear as authentic production IoT servers and services; deceiving attackers into engaging. By interacting with decoys and not with production devices, the attackers reveal themselves and in a quarantined environment can be studied for detailed attack analysis and forensics. The Attivo analysis engine will analyze the attack techniques, the lateral movement of the attack, which systems are infected, and provide the signatures and attack detail required to stop the attack. The attack analysis can then be used to improve incident response by automatically or manually blocking and quarantining the attack through integration with third party prevention systems.

Attivo IoT detection has proven itself already across healthcare for medical device patient safety, energy for preventing tampering with fuel sensors, and in maintaining the integrity of major league ballparks to ensure that there is no game day disruptions for scoreboards, gates, and other critical infrastructure… to name a few. Deception has been repeatedly been recognized as the most efficient way to detect threats and with the complexity and lack of standards around IoT devices, Attivo provides an accurate and viable solution for early and effective detection of threat actors trying to interfere with their operations.

As every part of the transportation infrastructure and the cities, it moves through become more connected, the need for comprehensive cyber security solutions become essential. It is no longer just personal data that is at stake, but the integrity of our country’s greater transport infrastructure and for overall community safety. It will be impossible to effectively wrap prevention and anti-virus solutions around IoT devices, so let’s get ahead of the game and use one of the oldest tricks of the trade… deceive the attacker into revealing themselves… game over for the attacker… green light ahead for wide-scale transportation IoT deployments.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

1 × 5 =

Ready to find out what’s lurking in your network?

Scroll to Top