Cyber security vulnerabilities in traffic lights, including some in Chicago
November 11, 2014 A new report identifies the city of Chicago among the U.S. locations utilizing Sensys Networks wireless technology in traffic light systems recently identified as vulnerable to cyber attacks.
The findings of a NBC 5 Chicago investigation released on Tuesday found that Sensys Networks systems are used in 10 countries, and 45 U.S. states — including Illinois. A Chicago Department of Transportation spokesperson told NBC reporters that only 12 intersections in Chicago utilize Sensys Networks wireless technology, but could not say whether a security patch issued by the company had been applied to the affected traffic lights.
In September, the U.S. Department of Homeland Security Computer Emergency Readiness Team or US-CERT issued an advisory warning of “vulnerabilities” after a cyber security researcher, Cesar Cerrudo demonstrated that he could hack into Sensys’s traffic signals using a cheap drone flying hundreds of feet above. CERT instructed organizations observing any suspected malicious activity to follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
U.S. intelligence officials say cyber-attacks are the number one threat to the homeland. The U.S. government depends on technology for everything from missile targeting to student loan processing. Cyber security experts have long warned that a “cyber 9/11” terrorist attack could cripple the nation’s financial system, power grid, and other critical infrastructure such as airplanes and phone service.
Recent cyber attacks on U.S. government and military websites, including the Department of Defense, Department of Justice, FBI and other law enforcement agencies sparked a sense of urgency by U.S. officials to address threats to U.S. computer networks. Despite the $10 billion-a-year effort to protect sensitive data, the U.S. government struggles to close cyber security holes. A lack of knowledge, staff or systems increases vulnerability to attacks by an ever-evolving and determined enemy. For instance, in January, 2012, security researchers uncovered malicious software called Sykipot, embedded by Chinese hackers targeting smart cards used by the U.S. Department of Defense, Department of Homeland Security, State Department and several other United States government agencies employees. The security researchers said the Sykipot malware could be traced in cyber-attacks dating back to 2006.
Unlike businesses, the federal government is not required to publicize its own data breaches — so it is probable that more breaches occur while others remain undetected. USIS, the contractor hired by the federal government to run background checks for federal security clearances reported a cyber attack in August that compromised the private records of at least 25,000 Homeland Security employees. As a result of the security breach, USIS announced more than 2,500 employees would be laid off in October after losing contracts with the Office of Personnel Management and other government agencies.
Despite massive security breaches in both the private and public sector weekly which compromise American taxpayers personal information and security, the U.S. government does not pause to reevaluate cyber security policies but rather increases the vast amount of information of Americans stored online. For instance, the security of HealthCare.gov was a major concern for politicians and cyber security experts — even before its debut. The Obama administration received much criticism after the website launched in October 2013, even though its security had not been fully tested and did not meet federal standards.