How Francis AI is Securing Its Smart City Solutions: IoT Attack Surface Opportunities & Challenges
April 26, 2022
IoT systems with ever-changing attack surfaces are susceptible to various cyber threats. This article explores the security risks inherent with IoT technologies and describes the measures Francis AI is taking to safeguard its AI-powered mobility solutions.
Cybersecurity remains a major concern as governments around the world turn toward smart city solutions to address the pressing challenges stemming from rapid urbanization — the increasing traffic congestion, rising levels of inequality, and the growing strain on public resources.
Smart city solutions typically rely on IoT devices to collect and analyze data, and to generate insights that help streamline city operations and resource allocation, thus improving the quality of life for citizens and enhancing the overall sustainability of cities. However, the proliferation of IoT devices is not without its challenges, especially in terms of security which often has been an afterthought.
Francis AI, a leading smart city solutions provider, is at the forefront of this technological development. Our company is constantly challenged with ensuring the security of its autonomous traffic management platform, which integrates a variety of IoT devices.
This article explores the security risks inherent with IoT technologies and the measures we are taking to safeguard our AI-powered mobility solutions against cyber threats.
THE IoT ATTACK SURFACE
IoT attack surfaces are expanding rapidly with the increased penetration of smart devices and the growing connectivity between them. This magnifies the exposure of a typical IoT system to security risks over time.
The attack surface encompasses the security vulnerabilities of all interconnected devices that could be exploited by malicious actors to gain access to the system and exfiltrate data. These vulnerabilities subsequently enable access to other devices, software, and infrastructure on the same network.
IoT systems with ever-changing attack surfaces are susceptible to various forms of cyber threats. The crucial first step in securing IoT systems is mapping out potential security vulnerabilities by reviewing the design and technical architecture from the perspective of attackers. This allows the organization to gain complete visibility across all internal and external assets — both in the cloud and on premise.
Organizations need to continuously track changes after the initial mapping of the entire attack surface as the size and nature of IoT attack surfaces are constantly evolving.
Once the attack surface is completely mapped out, high-risk areas can be identified to prioritize the vulnerabilities that need to be addressed in order to reduce the attack surface and minimize security risks.
MAPPING AND REDUCING THE ATTACK SURFACE
Francis AI reduces its IoT attack surface by adopting an attacker’s mindset and employing automated and continuous tooling designed with a “jointness” concept similar to the one embraced by the U.S. Department of Defense many decades ago.
The idea behind this ‘jointness’ concept is that each security tool and operation is designed to support multiple areas of security, not just one. One could also rephrase ‘jointness’ to define Defense in Depth, which has multiple layers of controls that complement each other in protecting critical data. There is an obviously purposeful intent and connection here.
Francis AI’s driving methodology involves various industry standard tools and best practices tied to leveraging the MITRE ATT&CK framework, OWASP, and OWASP IoT Top 10 to better inform security controls and decisions.
The ATT&CK framework, which stands for Adversarial Tactics, Techniques, and Common Knowledge, documents the sequence of tactics, techniques, and procedures that threat actors use to launch cyberattacks based on observations in the real world. This helps our company identify likely network attacks and threat models, and pinpoint security vulnerabilities when building our defense strategy and implementing precautionary measures.
Using ATT&CK in a rigorous analytical process, Francis AI creates test scenarios to assess the effectiveness of the existing defense mechanisms put in place to monitor and mitigate common cyberattacks. We also use the framework to analyze the behaviors of attackers in order to predict their next moves and to improve the effectiveness of our system in detecting and responding to possible intrusions.
The basis for reducing our attack surface is to know our network. We are looking to consistently gain total visibility and control of our attack surface — it is a process that never ends. We constantly search for known, unknown, and hidden technologies (devices, software, etc.) to address risks and map out our network fully. Fundamentally, you can’t protect what you don’t know exists. The ‘jointness’ comes into play in our methodology.
Francis AI’s vulnerability and configuration management operations aim to identify network misconfigurations and Common Vulnerabilities and Exposures (CVEs) that could be exploited by attackers. These operations also enable us to observe unnecessary exposures such as open ports, and to discover new or hidden technologies that can support attack surface mapping and asset management.
The program tooling also scans for CIS Benchmarks to assess hardening and develop additional action plans to improve hardening system wide. As you can see, this one program supports many key security functions inside Francis AI, including rethinking and discovering new ways to resolve any patch management issues.
Another ‘jointness’ element is robust automated on-demand pentests. At Francis AI, we use this key security element not just on a bi-yearly basis, but routinely. It also includes elements of social engineering and testing for weak passwords that feed back to adjust our internal security awareness training program.
Our company uses on-demand pentests to understand how real attacks against our systems would play out and to fix the seams and gaps that threat actors could exploit. We find real attack vectors and pathways. We war-game our security controls then fix those identified seams and gaps, including misconfigurations and accidental errors, to lower our risk profile. We then retest by attacking ourselves again to verify that everything was fixed properly, and the cycle continues.
These pentests help Francis AI improve its priority list for vulnerabilities with more precise assessments, ensuring that vulnerabilities with low CVSS scores yet high exploitability factors get fixed faster. They also help us map out unique layers of our attack surface, inform adjustments to security controls, and add certain elements to our training or security stack depending on findings.
Another opportunity to reduce the attack surface is tied to network segmentation. We create separate subnets for not only different functional areas of our company (sales, marketing, guest, engineer, etc.), but also to segment key infrastructure assets inside those subnets.
This includes a firewall with solid rules to better manage inbound and outbound traffic and DMZs, especially around sensitive assets. This simple yet important security improvement protects our company by increasing the time an attacker would need to navigate through our network. It also creates opportunities for other elements in our security stack to pick up on the intrusion and take appropriate action.
Francis AI’S ASYMMETRIC INTELLIGENCE CELL
The Francis AI Asymmetric Intelligence Cell, which is currently being built, will sit on top of our company’s network security stack. The cell is designed to produce intelligence that supports enterprise security design and controls, risk appetite, and justifications for security changes. It uses proven U.S. Intelligence Community standards, techniques, and methodologies as the foundational bedrock.
This echoes truisms from my days working on criminal and national security intelligence issues. Intelligence, when done right, is the first step in understanding security risks. The goal of our Asymmetric Intelligence Cell, therefore, is to help decision makers at Francis AI mitigate risks and respond to risks that are unavoidable.
Francis AI’s upcoming security operations center (SOC) with threat hunting pursuit teams will feed the cell threads of information, intelligence, and actual security event data for analysis — another aspect to “jointness” in our company’s security design.
The cell also will provide analyzed task orders to the threat hunting team and contribute to the intelligence flow open-source research and industry threat reports to highlight any Francis AI Bottom Line Up Front (BLUF) actionable intelligence for decision makers.
This is another area where the MITRE ATT&CK framework comes into play as we threat model and precisely refine a variety of threats to not only Francis AI, but also to the clients we serve. We liaison and collaborate with partners, law enforcement, and federal government intelligence officials, ISACs, and other related organizations to gather additional intelligence to help inform any changes we need to make to our security controls and risk assessments.
The Asymmetric Intelligence Cell is also designed with optimized security architectures and information flows and built with feedback loops to facilitate learning in order to improve effectiveness. We, at our core at Francis AI, are an “always learning and innovating” organization. The Francis AI Asymmetric Intelligence Cell carries on that ethos as we enhance our security design and continuously improve our security capability and operations to reduce our attack surface and the risks as effectively and swiftly as possible.
AN ONGOING CHALLENGE THAT SEEMINGLY NEVER ENDS
We leverage tools in our security stack and SOPs to support as much of our security operations as possible, building up a ‘jointness’ concept in our design architecture. A properly managed attack surface — including well-segmented networks with firewalls and DMZs, thorough vulnerability/patch management operations, and continuous security controls testing — allows us to build a highly effective Defense in Depth strategy.
However, attack surface management is an ongoing challenge that seemingly never ends. It’s important to keep processes simple and to observe trends over time for insights into better security controls. It’s also important to continuously map the attack surface in order to discover unknown and hidden risks and to reduce them faster than an attacker could exploit them.
After building, designing, implementing, and rethinking attack surface management on the data security side, Francis AI started developing an innovative hyperledger fabric security/privacy by design datachain (patent pending). The innovation, which is tied to the chain of custody of digital evidence, is purposely designed to further mitigate and reduce the impact of a security incident or breach.
This security/privacy by design datachain will revolutionize how Francis AI protects sensitive data in the traffic enforcement space and beyond. The concept will be covered in a separate article.
You may also like