Urban mobility is advancing towards infrastructures that are fully interconnected with IoT devices and, at the same time, increasingly exposed to new risks, multiplying attack vectors for cybercriminals. In this context, Stormshield has carried out a project to create an ultra-connected, safe and high-performance urban mobility network to streamline traffic and offer faultless services.

The project, implemented in a large metropolis with one of the largest smart transportation ecosystems in Europe, has allowed thousands of assets to be interconnected—from intersections with traffic lights and variable message panels, to traffic cameras and retractable bollards—maintaining a high standard of perimeter protection and operational continuity to reinforce connected urban mobility.

Critical and complex infrastructures

The initiative required a complete renovation of the distributed urban mobility network and, at the same time, offered all the perimeter security guarantees that are essential for its proper functioning and the safety of users. The challenge was successfully overcome thanks to advanced segmentation and Stormshield Network Security platforms.

“Network segmentation is key in critical and complex infrastructures,” says Vincent Nicaise, industrial alliances and ecosystems manager at Stormshield. “Here, detailed segmentation by VLAN has been applied, both for administrative purposes and by business function. This architecture allows processes to be isolated, limit lateral movement, prioritize essential traffic and apply specific policies by zone, something especially relevant in urban mobility environments, which facilitates maintenance and accelerates compliance with frameworks such as IEC 62443 or NIS2.”

Mobility and IoT Network: Providing Seamless Cybersecurity

In addition to the equipment itself, the urban mobility network extends several thousand kilometers, both in the city and on the outskirts of the metropolis. The segmentation was carried out by districts, with eight backbone networks deployed in the different technical facilities of the city. Each backbone network naturally includes the connection with all connected equipment within the corresponding perimeter, supporting the safe operation of urban mobility.

At the exit points, SN520 firewall clusters were placed to protect the links and bidirectional data transmissions between the connected equipment and the different web and FTP servers for business applications, as well as to protect the interconnections – through SSL tunnels and IPSec VPNs – with all the facilities maintenance service providers (road management), operators (road traffic/tram) and various local authorities that make up the metropolis. All of this allows us to reinforce critical urban mobility services.

For its part, an SN2200 firewall cluster guarantees the security of all video streams sent to the different backbone networks and transmitted to all operators of active mobility networks, roads and parking lots, both within the city and on the outskirts (car parks, highways, tunnels, ring roads, highways, etc.). This deployment is key to preserving the resilience of urban mobility. The importance of network segmentation in this type of critical and complex infrastructure must be highlighted, which is guaranteed here through detailed segmentation into different VLANs, for administrative purposes and by business function oriented to urban mobility services.

Benefits for the operation and the citizen

An essential component has been IT/OT convergence to provide protection at the perimeter of the urban mobility network, which includes the use of purely industrial data, collected by sensors located on the road to count vehicles, and which are made available to the general public through an application that provides real-time traffic information, improving urban mobility management.

The challenge of the project was to synchronize the technological infrastructure and digital services of a large metropolis

In short, the advantages for the citizen are multiple, since the project reinforces the continuity of the service and reduces the attack surface thanks to the segmentation and granular control of flows. Secure interoperability between IT and OT enables new services for citizens and operators, while governance and compliance are facilitated by certified equipment and support from a qualified partner. All of this promotes a more efficient, safe and resilient urban mobility model.

The StormShield project foresees new initiatives to perfect the micro-segmentation of the urban mobility network and further strengthen the security of its perimeter, consolidating a new generation of infrastructure for smart urban mobility.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.