About LYT:
A cloud-based traffic management solution provider
- Mission: LYT is a cloud software solution that uses state-of-the-art connected vehicle and machine learning technologies to prioritize the flow of vehicles in a city and across a corridor. By optimizing public transport, emergency, and other vehicles we enable shorter travel times, less congestion, improved air-quality, and more reliable mass transit.
- Year Founded: 2016
- Number of Staff: ~14
- Operational Reach: US and Canada
As municipalities continue to grow and expand in the safe/smart city arena, so do the cyber threats to those systems, networks, and devices. These safe/smart city initiatives leverage advanced technologies, data analytics, and interconnected systems to enhance their residents’ quality of life, safety, and sustainability. These cities utilize the Internet of Things (IoT), artificial intelligence (AI), and other innovative solutions to manage infrastructure and services efficiently, such as traffic flow, energy consumption, public safety, and emergency response. By integrating real-time data and smart applications, safe and smart cities aim to improve operational efficiency, reduce environmental impact, and ensure the well-being and security of their inhabitants while fostering a connected and responsive community.
Safe/smart city technology relies heavily on interconnected systems and vast networks of devices, but this presents an expansive attack surface for potential cyber threats. Protecting technologies that manage critical infrastructure, such as traffic control, public safety, utilities, and emergency services, is paramount. Additionally, the dynamic nature of smart city environments, with frequent updates and the integration of new technologies, necessitates continuous cyber risk assessments. This can help ensure that vulnerabilities are identified and addressed promptly, preventing malicious actors from exploiting weaknesses that could disrupt essential services, compromise sensitive data, or endanger public safety. Implementation of continuous assessments not only helps to simulate real-world attack scenarios but provides security professionals with insights into the effectiveness of their security measures and the resilience of their systems against evolving threats.
Keep traffic flowing smoothly
In a recent interview with Dustin Harber, CTO at LYT, he highlights that “security is the number one thing that keeps me up at night in my role as CTO…if that’s not your number one issue as a CTO, then you probably need to be doing something else.” As an innovative cloud-based traffic management solution, LYT’s technology creates safer and more efficient traffic flows for communities through public transit and emergency vehicles while ensuring interconnection between them. However, as Dustin points out, securing those technologies and systems is even more important, as “this is critical infrastructure that controls who gets access to the road and needs to be protected with the utmost security.”
A cyber-attack on traffic management systems could lead to severe disruptions, causing accidents, gridlock, and delays that impact emergency response times, economic activities, and overall public safety. Ensuring robust cybersecurity measures for traffic management technology is essential to maintain the reliability and safety of urban transportation infrastructure.
In April, the Kansas City (KC) Scout traffic management system suffered a cyber-attack by the ransomware group Play, forcing the shutdown of its website, traffic cameras, and message boards. Although KC Scout has not confirmed this, the attackers claim to have stolen a variety of sensitive data. The incident has led to significant disruptions in traffic information services, with full restoration expected to take months. This is the second ransomware attack on KC transportation systems this year. As of 11 June, the KC Scout is testing its first phase of restoration, and “If testing is successful, real-time information should return to the boards in the next week,” KC Scout stated. “Returning real-time information is considered the first step to restoring all KC Scout systems and services,” they also announced
Seconds matter
In the context of emergency services, “seconds matter.” LYT’s mission is to enhance traffic flows, while prioritizing emergency vehicle safety and response times so they can “get to their destinations as fast as possible,” according to Dustin. He also says that “for every actual minute you can shave off of an ambulance’s journey with a heart attack patient, you decrease a patient’s risk of dying by 10%.” The goal is to prep each intersection using LYT’s technology, through machine learning and AI, to shave seconds and even minutes off response times to increase public safety and potentially save lives.
Enter NodeZeroTM
With more technology comes more cyber attackers looking to exploit weaknesses and disrupt services, such as traffic management. LYT’s software runs in the cloud and communicates with a gateway inside a city’s traffic management center, providing real-time updates across all its interconnected traffic signals. As Dustin states, “[LYT runs] on the municipality’s infrastructure, and they trust us to be able to do what we do…they know that we’re going do it securely and verify that level of trust…we’re not just the only vendor accessing their infrastructure, as multiple vendors have access to the environment any of those vendors are at risk, then that’s going to affect everyone who uses that infrastructure.”
So, absolutely, the more they can do to make their vendors secure, the less risk they will have across their entire environment. NodeZero allows us to do just that.
Dustin needed to find a solution that ensured LYT’s environment was secure and safe to integrate across a city’s traffic management infrastructure. “Being a cloud based business, projecting a good image and making sure that we demonstrate good security is always top of mind…that is really what we consider when we built this architecture from the ground up…we know that it’s very sensitive for our customers to access their infrastructure…so we built this architecture and added the most security that we could into it, but we always wanted to make sure we had a third party to be able to verify that we were in fact secure,” he says.
Repeatable results and reporting, saving valuable time
Dustin wanted to find a pentesting solution that could simulate the ways a potential attacker could get into and exploit their environment in a repeatable way. Once he demo’d NodeZero, he says that “it was exactly what we were looking for!” He also says that, “in a couple of clicks [when running a NodeZero pentest], you go through some configuration screens to ensure that you’re testing the right part of your framework or infrastructure and bam, you’re up and running…it’s that easy to do…even someone like me, who doesn’t have a DevOps background could easily run the tool…the fact that this is internally accessible by anyone I want to give access to saves a ton of time.”
Moreover, Dustin likes how easy it is to share NodeZero pentesting reports, and LYT’s stakeholders also like the presentation of the reports: “[It’s] as simple as just dropping a link and you’re done…it’s not something that takes a long time to produce.” NodeZero reports are easily produced in the user’s portal with just a few clicks, providing a detailed PDF that shows remediations Horizon3.ai customers need to take, allowing them to stay ahead of threat actors proactively. “This [NodeZero pentest results and reports] enables us to stay ahead of threats by mitigating vulnerabilities quickly, allowing us to pretty much rinse and repeat,” Dustin says.
In Conclusion
As cities increasingly adopt smart technologies to enhance infrastructure and services, the importance of robust cybersecurity measures cannot be overstated. The interconnected nature of these systems, which manage critical services such as traffic management and emergency response, creates a significant attack surface for cyber threats. Continuous and proactive security assessments are essential to identify and mitigate vulnerabilities, ensuring the reliability, safety, and efficiency of urban operations. Implementing solutions like NodeZero is necessary for illuminating potential attack vectors, while providing detailed and actionable insights. This enables cities to stay ahead of evolving threats, maintain public trust, and protect critical infrastructure. By integrating advanced cybersecurity practices, cities can safeguard their infrastructure and maintain the trust and safety of their residents, ultimately enhancing overall public well-being.
Now, anyone on my team can run this tool whenever they want in just a few minutes, and it saves us at least 90% of our time than if we used somebody else [another competitor to Horizon3.ai]
We’re not just saying that we’re secure…we actually have evidence around this…we have a third-party vendor [NodeZero], who has tried to penetrate our system all kinds of ways and shown us where we are vulnerable…and here’s what we’re doing on a quarterly basis [to continuously assess our environment] …and here’s a report to prove it [for existing and potential customers]! That has been tremendously powerful for us!
Want to know more? Watch our Fireside Chat with Dustin Harber from LYT.