By Nicolas Reys, Consultant, Control Risks Cyber Security Services
- Cities including Amsterdam, Barcelona, Santa Cruz and Stockholm are becoming ‘smart cities’ – using technology to transform how their citizens access services, such as energy, transport and telecoms. These changes are being enabled by rapid improvements in logic controllers, sensors and networks, as well as data analysis and artificial intelligence.
- Many more cities will start to undergo a similar transformation, which will provide businesses with unprecedented opportunities. However, cyber threat actors – whether criminals, activists or nation states – will also be presented with an unprecedented attack surface in smart cities because of a significant increase in the number of interconnected devices.
- Potential threats range from malware designed to spread across smart cities’ networks and steal sensitive information, to ransomware designed to lock the city out of access to its smart services unless a significant ransom is paid, to attacks on energy grids intended to cause physical destruction.
- Securing smart cities needs to be a joint project involving local administrations and private sector organizations with an immediate stake in the city’s stable functioning.
- Ensuring that these cities are cyber-secure will require identifying and prioritizing critical assets, introducing behaviour-based security and securely segmenting critical private assets from the city’s network. This will involve establishing a benchmark for the normal operation of critical assets, while continuously ensuring that all parts of the city adhere to that benchmark, as well as rapidly replacing components if they are compromised or fail.
Faced with rapid urbanization, city planners are turning to technology to solve a wide range of problems associated with modern cities. Smart cities are the outcome of this deepening integration of technology with new or existing urban landscapes. They are set to change how we experience and what we come to expect from the cities around us.
In practical terms, these transformative effects will arise from the combination of three pieces of technology: inexpensive logic controllers, millions of sensors connected to devices dispersed across a city, and a network that connects all of these nodes together and enables real-time communication.
Such connectivity will enable a better and more efficient provision of urban services. Amsterdam, Barcelona, Santa Cruz and Stockholm have begun the process of incorporating elements of a ‘smart grid’ – a network of interconnected sensors within the city – across many of their urban domains, such as energy provision, transport systems and telecoms infrastructure. The inhabitants of these cities have already begun to feel the benefits. However, increased connectivity carries potentially severe cyber security risks, which have yet to be fully revealed and, in many cases, mitigated.
HOW SMART IS SMART?
The concept of smart cities relies on three fundamental ideas:
- Physical infrastructure can be used more efficiently as data analytics and artificial intelligence progress.
- Engaging a city’s population with its administration can be achieved through e-participation – carrying out civic duties through the Internet.
- As technology continues to progress, computer systems will learn and adapt to challenges autonomously.
The benefits and opportunities presented by smart cities – for both citizens and businesses – are broad. With proper implementation, smart cities will provide tremendous economic, social and cultural advantages for their inhabitants. For instance, a city’s electricity infrastructure could be significantly improved by introducing technologies, such as ‘smart meters’, which are electric or gas meters that provide real-time data, via an Internet connection, to the consumer and the electricity company about each user’s consumption. This allows better management of electricity supplies by tailoring them to live demand, thereby reducing overall costs as well as the impact and incidence of power outages.
Indeed, smart cities depend on machine-to-machine (M2M) interactions and decision-making. This is, in part, a product of the sheer number of inputs as well as the frequency and speed with which associated calculations need to be completed. In the case of the energy grid, it would be impossible for a human operator to process all the data necessary to make decisions at the speed required by the system. However, while M2M decision-making (M2MD) is an unavoidable and beneficial feature of smart cities, it also represents one of the greatest risks.
NEW CITY, NEW RISK
M2MD is a highly promising means of ensuring efficient automation across smart cities. However, given the absence of human operators, the risk of a cascading error is significant.
A cascading error refers to the potential for a small, unchecked mistake to spread through a system and become a systemic risk. For instance, if a minor computing error causes a smart electricity reader to transmit inaccurate data readings to its control centre, this could lead to an automated – and mistaken – assessment that a particular private organization’s premises require an increased amount of electricity. This would necessitate rerouting some of the existing energy supply to this facility, which, in turn, could culminate in increased costs for the affected business, as well as for the city, together with a reduced pool of electricity for other companies and citizens. Although minimal at this scale, the consequences of such errors when they affect a larger area – an entire block or an industrial zone, for example – could be far more substantial.
SMART CITIES AND CYBER THREATS
Beyond the potential for human or computer error, smart cities will provide cyber threat actors with a large attack surface to target and potentially exploit, as well as incorporate into broader campaigns:
As we have described above, smart cities will be composed of thousands – if not millions – of interconnected devices. Such a structure is a boon to criminal actors who are able to create or purchase then deploy self-propagating malware, variants of which have been known to proliferate across multiple connected networks. These ‘worms’ could be used to acquire easily commoditized information, such as healthcare records, social security numbers and banking credentials, or even to take control of a significant number of systems.
If attackers were able to successfully hijack these systems, they could then be used for extremely powerful distributed denial of service (DDoS) attacks or to hold an entire city to ransom in extortion attacks. Ransomware variants could be designed to encrypt and cripple an entire city’s grid, with ransom demands likely to be considerable in such a scenario.
These tactics could be highly profitable for cybercriminals and represent a natural evolution of trends that we have observed in the current cybercriminal community. Responding to such incidents will become increasingly difficult if they are city-wide. Private sector organizations and municipal authorities will share ownership of systems and the responsibility for their security. Beyond adding legal and financial costs for the private sector, this will create the need for highly complex pre-planned incident response schemes involving multiple parties.
As cyberactivist groups grow increasingly capable, and in some cases more radical, smart cities will provide them with an attack surface enabling a broad range of attacks. These will range from those akin to nuisances, such as defacements of a city’s billboards, to the more extreme targeting of a smart city’s energy grid with the aim of physical destruction.
In addition, many cyberactivist groups are supporting physical protesters by launching cyberattacks. This practice in a smart city environment could allow cyberactivists to take a leading role in coercing governments and private sector organizations into meeting their demands.
The potential destructiveness of a cyberattack on smart cities is such that even the threat of compromising the city’s systems is likely to be treated by governments and businesses as an existential one. When threat actors such as cyber activists – who arguably lack the self-control of other groups – have the possibility of causing serious physical damage, the security of smart cities becomes essential to those cities’ survival.
The underlying network of a smart city will encompass most aspects of life within that city; if that network were to be compromised by an attacker, they would gain unfettered access to a target individual or organization. For instance, state-owned competitors could compromise a smart city’s infrastructure to gather intelligence on a large number of rival private sector firms. This information could include movements of their executives within the city, private and commercial communications grabbed from the ubiquitous presence of ‘free Wi-Fi hotspots’ managed by the city, and much more.
Moreover, the networks of organizations operating in the city are likely to overlap to some extent with the city’s own network, or, at the very least, to have frequent data transfers from their networks to that of the city. This would enable highly advanced threat actors, such as nation states, to exploit weaknesses within a city’s infrastructure to reach a target organization and compromise the confidentiality of its network.
Beyond traditional espionage operations, the large-scale destruction or disruption of physical infrastructure via computer systems could become a technical reality with the advent of smart cities. The interconnectedness of systems within smart cities will see components become reliant on the availability of the entire system to function properly. As such, an advanced cyberattack, which seeks to destroy parts of the system, could have catastrophic cascading effects on the wider network. This would enable a determined nation-state actor to cause large-scale physical destruction throughout an entire city.
For example, a belligerent nation-state actor could abruptly (if indirectly) interrupt the traffic light system of an entire city in order to cause significant damage and potentially the loss of human life. Similar scenarios are conceivable for the interruption of energy supplies or water networks. While such events will become more plausible with the increase in smart cities, their likelihood will remain low because of the possibility that such an attack would provide a potentially justifiable basis – legally and ethically – for military retaliation, which the perpetrator would presumably appreciate.
SECURING THE IMPLEMENTATION OF SMART CITIES FOR THE PRIVATE SECTOR
Although the exact form that smart cities will eventually take remains uncertain, organizations and city planners can take a number of precautions to ensure a smoother implementation process and, ultimately, a more secure infrastructure.
Prioritize the security of critical assets: Contemporary networks are already impossible to protect in their entirety, a problem that will apply equally to smart cities. Some components of the system will have to be made more secure than others. Public and private sector organizations will need to work together to identify the city’s critical assets and oversee the implementation of appropriate security measures.
Institute behaviour-based security: Auditing millions of separate devices for signs of malware is simply not feasible. A more workable approach would be to evaluate the behaviour of smart cities’ components and systems against an established baseline of normal functionality or network behaviour. Any significant derivation from the norm, above a determined threshold, would trigger an investigation into the possible presence of malware on the subcomponents.
Rapidly replace components: Given the potential for component failure or attacks compromising these components, an automated replacement system will enhance the security of the whole system. Although difficult to apply to critical components without full redundancy, such measures would be suitable for low-level, relatively isolated components.
Segment critical assets of private organizations from the city’s network: Paramount to the security of organizations in the smart city environment is the segmentation of their critical assets from the city’s network. Although costly, as well as potentially reducing the effectiveness of those organizations, this policy will enable them to contain and mitigate the potential for any threat actors, who are exploiting vulnerabilities in the smart city network, to reach their assets. ■
ABOUT THE AUTHOR
Nicolas Reys is a Consultant with Control Risks Cyber Security Services. Nicolas manages and directs the collection and analysis of intelligence surrounding advanced cyber threats. He is responsible for building Control Risks’ qualitative and quantitative data gathering and analysis capabilities. As a consultant, Nicolas provides actionable insight to Control Risks’ clients in order for them to monitor, protect against and respond to advanced cyber threats. Within his role at Control Risks, Nicolas has, amongst other things, contributed to:
- Technical crisis management advisory for a leading UK organization
- Conduct of a crisis management exercise with a leading global financial institution
- Creation and development of Control Risks’ cyber threat quantitative analysis model
- Creation and development of technical intelligence-gathering tools, which leverage proprietary scripts and infrastructure
- Management of several CBEST engagements with leading UK financial sector organizations
Nicolas is a CREST Certified Threat Intelligence Manager.