Smart mobility offers a future of smoother travel and more accessible cities. It offers choice, freedom and unlocks cities for all sections of society. But as this future creates greater value for cities and citizens, it also brings with it new challenges and risks that smart mobility players must mitigate.
Smart mobility involves the integration of transport technologies that simultaneously exchange data within a given urban environment. Via the internet, smart mobility holds and shares an enormous amount of data and it is the responsibility of mobility operators, integrators, and cities to ensure the safety and security of their systems and ensure data privacy.
This means smart mobility players must create robust cyber security defences to ensure the smooth running of their systems and the protection of customer and client data. Areas in need of cyber security protection for smart mobility include hardware and anything considered part of the internet of things, connected and autonomous vehicles, and software such as management platforms. Hacking, ransomware, and data leakage are just some of the cyber security risks that the smart mobility ecosystem must protect itself against.
This is no easy feat as smart mobility represents a unique amalgamation of technologies but crucially, cities and mobility providers are already rolling out the policies, procedures and certified practices needed to dramatically reduce, if not eradicate the instances of cyber security breaches across the mobility ecosystem. Let’s take a look at the arsonal industry can draw upon in their quest for cyber-safe smart mobility:
NCSC Cyber Essentials
Cyber Essentials is an effective, Government backed scheme that helps organisations protect themselves against a whole range of the most common cyber attacks. Certification gives operators peace of mind that their defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.
A Cyber Essentials certification reassures customers that organisations are working to secure their IT against cyber attack. It gives a clear picture of an organisation’s cyber security level and is often required when initiating contracts with government departments.
AppyWay has undertaken the Cyber Essentials self-certification which has paved the way for us to work with a number of local authority partners, helping them to tackle their kerbside challenges in a safe and secure manner.
ISO/IEC 27001
ISO/IEC 27001 is an international standard on how to manage information security. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).
The ISO/IEC 27001 standard requires an organisation to systematically examine the organisation’s information security risks, taking account of the threats, vulnerabilities, and impacts; design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
Organisations that meet the standard’s requirements can choose to be certified by an accredited certification body following successful completion of an audit.
Our ISO 27001 journey is well on its way with the team busy ticking off all the requirements and making the necessary additions to our management process, so watch this space!
The future is smart, the future is safe
Securing the smart mobility ecosystem is a sizable challenge with many players involved. In a rapidly changing world, the future of mobility continues to become more complex as more integrators and partners plug in and play. Thankfully, many of the cyber risks posed by the future of mobility have been confronted before. By taking the hard-earned lessons learned from other industries, the mobility industry and city authorities can keep themselves ahead of hackers and other adversaries.
