Written by Will Overstreet, VP of Strategic Partnerships
How and why should a traffic company get involved in cyber security? At GRIDSMART, we pride ourselves on being entrepreneurs and outsiders within the traffic industry. We always think several moves ahead, a strategy that hockey legend Wayne Gretzky described best. He said, “I skate to where the puck is going to be, not where it has been.” For the transportation industry and local municipalities, that puck is cyber-crime, and they need to be skating to build out their cyber defense today.
At GRIDSMART, as we work hard to develop new products to defeat cyber criminals, I’m struck by the fact that hackers are driven by the same principles and market forces as any successful business: low risk and high return. Any industry or investment that is low risk and has the potential for generating high returns will have rapid growth and increase in the number of entrants into the market. Right now, the hacking industry meets these conditions. An organized crime syndicate in a former communist country or an ISIS terrorist cell can set up offices with internet access and hire few individuals with basic computer knowledge to steal social security numbers, credit cards, or hold hostage a city’s IT systems for ransom with very little to no risk of ever being prosecuted.
If we compare hacking to other illegal activities where the risk of being arrested, having product stopped by customs agents, and the potential for meeting a violent and early demise is much more likely, hacking is a pretty palatable option. It is no wonder that there are now approximately 4,000 ransomware attacks per day, with the average ransom increasing from $300 to $1,000 in the last two years.
A Different Kind of Brand Reputation
As more entities have entered the industry, brand reputation has become increasingly more important. For instance, on the dark web there is a rating site that allows individuals to rate their experience on whether the hacker met their obligations once the ransom demands were paid. Talk about honor among thieves.
Value Based Pricing
Hackers have become more sophisticated in their pricing by using an estimated cost of what the victim would pay out in damages and recovering the data on their own. The hacker then sets the ransom demand at a price that is lower and likely more attractive than any other alternative. However, value- based pricing does not mean cheap. Uber found this out when they paid a hacker $100,000 to delete the files he had stolen rather than announce that they had been hacked.
Hackers are by nature entrepreneurial and are always looking for new ways to grow their business. Recently, a group of hackers tried a new way to increase their market share by simply changing the terms of their ransom demand. The initial victim, in lieu of having to pay money, could email the virus to two of their friends. Hopefully, that friend doesn’t make your next year’s Christmas card list.
Why Traffic and Smart Cities are attractive as lucrative targets.
- The industry has Access to Capital. A city’s budget is larger than most businesses and the amount a city spends relative to the cyber threat is a fraction of what businesses with similar size budgets spend.
- Traffic Cabinets are Connected. As traffic cabinets go online, they become higher value targets because of the increased potential to break in to a city’s network, access individual citizen personal data, driver licenses, tax payments, property records, social security numbers etc., or infect other utility systems and services.
- Traffic Hacks are Impactful. How much could a hacker reasonably charge a city if the signals at all the major intersections were in flash for a week? What would the total cost be to the city and local economy? How many car wrecks might there be and how many people would be hurt? Who would answer the questions from the press and respond to complaints and phone calls from citizens?
- Connected Vehicles Increase the Potential. If hackers penetrate the traffic department or a traffic cabinet, could they then infect any vehicle passing through the intersection?
After adding up the reasons why a traffic department and cities are attractive targets, it doesn’t take a Nostradamus to predict that hackers represent one of the biggest threats they will face. Several incidents have already occurred, yet the threat is still being largely ignored or downplayed. The danger is that by the time local governments realize where the puck is going to be, the damage will be done. That is why GRIDSMART is so committed to staying ahead of the bad guys. We are reexamining virtually everything we do from developing software, to updating our products and developing new products and services, all in an effort to reduce the risk for our company and our customers.
We encourage all of our partners to do the same because if traffic departments and cities do not invest in cyber security, they’ll have a big target on their backs and pretty soon, they’ll need to consider a new strategy, deciding how much money to put aside to pay for ransom demands and legal fees.
Upcoming Cyber Security Webinar – Is the Threat Real?
Join us for GRIDSMART Webinar Wednesday on March 7th at 1:30 pm EST. We’ll discuss strategies and techniques to keep your networks secure, close vulnerabilities, and lower your risk of being victimized by hackers.