To the Community, City, and State Leader Community,
Wishing you all a joyful holiday season! As the end of the year approaches, it’s a great time to reflect on the security and scalability of our smart community initiatives.
In an open letter, the State Departments of Transportation has reminded the marketplace of the importance of securing and fortifying their cyberinfrastructure ahead of the holiday season.
In response, Miovision has collaborated with policymakers at ITS America to provide additional context, helping to emphasize the significance of securing networks and infrastructure during the holidays and throughout the year. In the spirit of shared insights, here are our recommendations for you to consider.
1. Verify Configurations for Cybersecurity
Security misconfiguration continues to be one of the most common types of cybersecurity attacks. As the threat to critical infrastructure escalates, it’s imperative to thoroughly review the security configuration of your systems, applications, and in-field devices.
Examples of security misconfigurations include using default credentials, running unnecessary operating system services, and using deprecated security protocols and encryption.
Miovision recommends using published frameworks, such as the CIS Benchmarks and the AWS Well-Architected Framework, to help establish and maintain secure configurations of your assets.
2. Stay Informed on Cybersecurity Alerts and Advisories
Cyber threats and attacks are constantly evolving, and new vulnerabilities are regularly announced. Cybersecurity alert and advisory feeds help you and your staff remain informed and vigilant of emerging threats so you know when critical security vulnerabilities need to be patched. There are many free feeds offered by various industry and government organizations.
Miovision recommends using the CISA Cybersecurity Alerts and Advisories and the CISA Known Exploited Vulnerabilities Catalog to stay informed of security threats to your infrastructure.
3. Collaborative Approach to Incident Response
The volume and complexity of cyber threats faced by organizations mean that a cyber incident could occur at any time, despite efforts to prevent one.
It is difficult to educate staff on the proper response processes during an active incident. That’s why it’s important to proactively collaborate with staff to ensure that your organization’s incident response procedures are well-defined, well-understood, and regularly tested.
Miovision recommends:
-
Using published incident response frameworks, such as the NIST Special Publication 800-61, Computer Security Incident Handling Guide, to help establish your incident response process.
-
Regularly reviewing and testing your incident response process to educate staff and identify process improvements.
4. Challenge your Vendors
You place a lot of trust in your vendors to protect your data and not increase your cyber risk profile. But does your vendor understand security and have an active security program? Are they forthcoming with information?
For example, information on the Miovision security program is available directly on our website and we shared recent security improvements to our Miovision One platform.
Your vendors should be able to explain their cybersecurity strategy and implementations so that you can be confident in their products and services.
Miovision recommends working with your vendors to understand their approach to cybersecurity and to ensure it meets your needs.
Secure Your Cyberinfrastructure for 2024
Feel free to share these recommendations within your organization. If you have any questions or would like to request the letter from the State Departments of Transportation, don’t hesitate to contact your Miovision account executive.
By partnering and collaborating we can ensure our smart communities are secure and cyberinfrastructure remains resilient.
Warm regards,
Dave MacFarlane
Head of Cybersecurity, CISSP
Miovision