In part one of this two post blog, Miovision’s Dave Bullock, Managing Director, ITS Line of Business, outlined the security risks in a networked traffic control system. This second post outlines the six security pillars built in to Spectrum that make these issues non-issues.
Ever heard of the term “defense in depth”? In the context of security, it means redundant systems, failovers and safety nets. If two or three things go wrong at once—which is really unlikely—the depth of security measures have got you covered.
To control risks (outlined in part one of this two part post), Miovision has adopted the following six pillars of security in Spectrum’s solution design. A few of us around here refer to them more informally as the security six-pack. So let’s drink up.
Connected devices in city infrastructure can receive data with weak or no encryption from vendors that haven’t invested in securing their communications. Miovision protects unsecured data by stopping it at the source. Any data flowing through Miovision devices, servers and software is fully encrypted and transmitted via a Virtual Private Network (VPN), a secure and authenticated connection. Data storage and processing for Spectrum are done on secured servers that are isolated from the open internet.
- Key Management
Cryptographic keys are private, digital door-openers for use between hardware systems and the algorithms that perform software operations. In the case of traffic control, cabinet hardware located near intersections would use keys to securely transmit and receive information from remote systems like Spectrum. This authentication provision ensures that no other system can access data in the cabinet.
Every Spectrum SmartLink unit is provisioned with unique cryptographic keys, which are used to authenticate to Spectrum. The use of unique keys ensures that each unit is identifiable, and that a physical attack on one single unit does not compromise other units.
- User Authentication
Many city networks use default authentication settings, which leads to unauthorized access to the system. Spectrum requires deeper user authentication, so that auditing is easily performed and there is tracking of user activities. This includes:
Logins: Secure logins require each user to enter their own username and password. Two-factor authentication can be enabled via Google Authenticator or Duo Security.
Role-based permissions: Settings can be configured to control access rights by role. These permissions restrict who can perform what functions, and activity is logged.
- Robust and Private Networking
Spectrum leverages the reliable networks and secure practices of our wireless and cloud partners. This includes dedicated and fully staffed security teams at Miovision and Amazon Web Services who focus on monitoring the systems, deploying patches, and evolving the system to respond to future and unknown threats.
Spectrum uses a VPN that is designed so that Spectrum initiates all communication. This ensures that a physically compromised cabinet restricts access to the cloud and other signal infrastructure. The IP addresses of devices are not externally accessible and are on a private network.
- Secure Data Storage
All customer data security is protected via inbound and outbound network traffic filtering to prevent data leaks. Data is backed up several times daily. Backups are transferred over an encrypted link and periodically deleted. Multiple secure data centers, each with redundant internet connections, ensure connectivity is available at all times.
This data resides in Spectrum, which is housed in the AWS Cloud. Various government departments rely on AWS to secure their information, including the C.I.A. and the Department of Defense.
- Security Response Process
Miovision understands that security is a continually evolving aspect of product engineering. We work with external security experts to improve our products by:
- Alerting our customers of security vulnerabilities
- Accepting external reports of vulnerabilities in our products at email@example.com
- Engaging external experts to proactively test and review the security of our products
- Providing the city the ability to remotely patch deployed hardware
Defense in depth. That’s the approach behind these six pillars and what’s baked into Spectrum. To learn more about Spectrum and to download our security whitepaper, go to https://miovision.com/spectrum/
Dave Bullock is a serial entrepreneur who has built successful companies in the mobile, gaming, and telecommunications industries. He joined Miovision in 2015 and spearheads Miovision’s Intelligent Transportation efforts.