Meet Cisco's Security Advisory Services – ensuring innovation results in a secure solution
By MIKE EMERY, IOT & ITS SECURITY SERVICES LEADER, CX EMEAR ARCHITECTURES AT CISCO
Innovation projects such as SMLL are fantastic. They enable London to be at the forefront of frontiers of technology, paving the way for the world of tomorrow. However, the further from the norm we deviate, the more exciting the vision, the more we tend to forget that often unstated feature: Security.
It's understandable, right? You're in uncharted waters- the thing needs to just work, worry about making it secure later! Except, that approach is perhaps less responsible when you've got to consider 2 tons of metal on public roads…
This is why SMLL is working with Cisco's Security Advisory Services, who are consulting with the team from the design stage onwards, helping to ensure that all innovation results in a secure solution. Let's consider one of the threats to SMLL:
· Corporate Espionage- The IP contained and generated by customers whilst at SMLL is worth big bucks. With more than one customer using the Lab at once, it's important to thoroughly segment, and apply the principle of least privilege to minimise the risk of data ending up where it shouldn't.
Considering the threats is just one component of the Secure Life Cycle approach proposed by Cisco for use at SMLL. The full Cycle looks something like:
· Ecosystem Design Review- this looks at the proposed solution, and seems to minimise any obvious security flaws present in the design
· Threat Modelling- this collaboratively identifies threats to the solution, and how best to mitigate them
· Ongoing Support and Technical Assurance during development- support is offered throughout development for security matters, with individual solution components assessed in isolation.
· Final Integration Security Control Validation- once all the components are brought together, the solution as a whole can be validated.
Of course, this approach only works when you have experts. Cisco’s Security Advisory team comprises security experts with decades of experience over every sector imaginable. At different stages of the Cycle, specific consultants will be brought in to share their specialisms with the incredibly receptive SMLL team, whether that be Governance, Risk and Compliance, or Secure Coding.
When you’re working to secure the future, you need to future proof yourself as much as possible. Whilst the specific technologies and protocols that will be used to enable vehicles to talk to their environment are as yet undecided, we can be confident how to secure them. This is why we’ve recommended implementing Public Key Infrastructure (PKI) for SMLL.
This will allow the lab to validate three things about the data passing through:
· Confidentiality- that no-one else can see the message
· Integrity- that the message hasn’t been tampered with
· Authenticity- that the sender (and receiver) of the message is legitimate, and who they claim to be.
This type of security is the same thing that underpins the S (which stands for secure) part of HTTPS on the web.
To find out more about Cisco’s Security Advisory Services, visit our website at: https://www.cisco.com/c/en/us/products/security/advisory-services.html
Or for more specific ITS related queries contact Mike Emery: mikemery@cisco.com