I-REAL creates the Internet of Things for the public infrastructure, allowing administrators and operators to manage objects that contribute to discharging water. Their product, REALM2M, is also being used by the municipality of The Hague who remotely monitors, controls, administers and manages the water chain with this application, traffic information signs and other objects of the public infrastructure. René Kroes, Product Owner at I-REAL, explains why their yearly participation in Hâck The Hague is welcomed as another opportunity to enhance the digital security of their software.
Read the article in Dutch
The importance of a solid digital security
“Our software solution helps municipalities to manage their public infrastructure by remotely managing objects like sewer pumps, fountains, bridges and traffic control equipment. You can imagine the effect when someone successfully hacks one of these items and takes over control. That’s why digital security has always been an important focus for our company. Apart from our participation in Hâck the Hague right from the start, we also do our own pen tests and many other activities in order to keep our ISO certification up to date. Local governments expect us to deliver a ‘waterproof’ solution and so far we have delivered just that.”
Knowledgeable group of people
“Hâck The Hague focusses on attacks from the outside, which we have never experienced so far. In past editions of the event, hackers did come up with some minor vulnerabilities in our software, most of which could be solved during the event. The good thing about Hâck The Hague is that when issues are being found, you get a clear report on what the issue is, where it was found and sometimes even solutions on how to solve them. If you want to, you can also get in touch with the hacker that reported the vulnerability and work together on the best solution for the issue. As always, this year we are looking forward to the event, curious of what might be found. The many participants of this event form a knowledgeable group of people, who work in a controlled setting with clear rules and regulations. We’d rather have one of them come across an issue with our products during the event, than unknowingly give access to anonymous persons who might have bad intentions.”
Preparation is key
“When you participate, make sure the systems or websites that you would like to be tested are well prepared - either in live production setting or in a test environment. Make sure you are present at the event and have people ready to follow up on discoveries that might be made. Although we never experienced any major hacks in the past, each and every time we participate in Hâck The Hague is an exciting occasion. Our software continuously develops and changes. We try to find the right balance in making the solution more and more accessible whilst maintaining the right levels of security. Hâck The Hague is one of the proof points to find out if we are successful at that. It helped us to improve our software and take it to the next (security) level. My message to other suppliers would be: do participate and be open to the possibilities. Sure, it’s a pity when a small or major bug is found in your system but that does give you the opportunity to solve it. Moreover, your participation shows that you take cybersecurity seriously and work with experts in the field to make your product(s) better.”