Cyber Threats To Smart Cities

Smart cities are outcome of integration of technologies with new or existing urban landscapes. There is going to be a paradigm shift of what we experience and what we come to expect from the cities around us. These “Smart Cities” integrate cyber-physical technologies and infrastructure to create environmental and economic efficiency while improving the overall quality of life. This have created important increases in the understanding of infrastructure usage, improved efficiency, and better service provision to citizens. In times to come, smart cities will provide businesses with unprecedented economic opportunities.

In effect, these transformations of today’s cities into smart cities will be an amalgamation of two major technologies — millions of sensors connected to devices dispersed across a city i.e Internet of Things (IoT) and Network that connects all of these nodes together and enables real-time communication. By 2025, there will be more than 75 Billion Internet-connected devices that will transform the way we live and work.

Present Cities are becoming smarter by deploying new technologies such as:

• Smart Water Management. Smart pipes measure water quality, detect leaks, distribute water, and detect problems.
• Smart Waste Management. Sensors in waste containers detect the volume of garbage, smell, and so on. Garbage collection can be better planned by skipping empty containers.

Vulnerabilities of Smart Cities

Every new technology and innovation brings new Risks and Vulnerabilities. These vulnerabilities would impact the city administration, residents, businesses and other organizations alike that conduct business there. Keeping in mind the new technologies and life in a smarter city, just consider what could happen if one or more technology-reliant services don’t work. What would commuting look like with non-functioning traffic control systems, no street lights, and no public transportation? How would citizens respond to an inadequate supply of electricity or water, dark streets, and no cameras? What if garbage collection is interrupted in summertime and stinks up the streets? I guess it would be unpleasant and probably cause a lot of chaos in any city.

As the cities become smarter with implementation of newer technologies, consider as to what could happen if one or more technology-reliant services fails to work.

• What would commuting look like with non-functioning traffic control systems, no streetlights, and no public transportation?
• How would citizens respond to an inadequate supply of electricity or water, or to dark streets, and no cameras?
• What if garbage collection is interrupted in the summertime and the smell of refuse stinks up the streets?

To anybody’s guess that it would be unpleasant and probably cause a lot of chaos in any city. When prolonged, interruptions to sanitation services or other basic services, goes beyond unpleasant odours and inconvenience, it does not take long before these issues create major concerns.

Internet of Things (IoT) based Smart devices as the enabler for effectively converting the city to be a smart city. These are extensively utilized in traffic and surveillance cameras, meters, street lights, traffic lights, smart pipes and sensors are easy to implement and at the same time are even easier to hack due to lack of stringent security measures and insecure encryption mechanisms. This is a major point of concern as smart cities are implementing newer technologies at a very fast pace without testing them for cyber threats and its vulnerabilities.

Few of the very happening and dreaded Cyber Threats will be presented with an unprecedented attack surface in smart cities because of the significant increase in the number of interconnected IoT devices.

In case, if a cyber-attack on smart cities causes an inadequate supply of electricity or water or tripping of complete electricity grid, dark streets, or/and no cameras and the hackers asking for Ransom to restore the services. Then how would citizens respond to it?

Smart IoT devices create huge potential for cyber-attacks due numerous vulnerabilities, making the future of smart cities more vulnerable than today’s computers and smartphones. People residing in such a city might face a panic attack when they are made slaves of their “cyber masters/criminals for Ransom.” This scenario might not be as unlikely as you think. Problems in cyber security could trigger anytime causing devastating effects. Few of the vulnerabilities that could trigger cyber-attacks in smart cities are as under:

• New technologies (system, devices, etc.) are being deployed without any security testing.
• Ease-of-use and quick deployment vs security plagued by vulnerabilities (vendors are clueless about security)
• Almost every component in the network is wireless which could be easily hacked.
• Custom protocol and encryption-related issues (even in RF transceiver chips)
• Lack of CERTs due to weak coordination and communication on security incidents
• IoT Device in Smart Cities give a huge and unknown attack surface for hackers.
• Complexity, interdependency, chain reaction, patch deployment and systems updates. How to test on non-production system?
• How to keep up patching up to date? If patch isn’t available for a vulnerability, stop the service? Patch delays by vendors and patches difficult to apply Legacy systems (vulnerable) communicate with new systems
• Lack of standards amongst different devices deployed as part of the Smart City Network.
• Insecure legacy system. New technology is being integrated with old technology that may be vulnerable. Some old technologies that lack standards can require a piece of technology in the middle to communicate between old and new systems and to translate protocols.

Cyber Attacks on Smart Cities

Simple bugs can cause big problems and have big impact, Whether it’s a water dam in Rye Brook or power grids, financial institutions, water systems or online networks, all these infrastructures are going to be at risk and would be under assault like never before, and we need to do more about it. Recently, a police department in Massachusetts paid $750 to get its files back after being hit by the ransomware. In February 2016, California’s Hollywood Presbyterian Medical Center paid a ransom of about $17,000 in Bitcoins, one of at least six major health care systems victimized so far this year. In Mar 2016, the city of Plainfield, New Jersey, faced a demand for about $700 in Bitcoins to unfreeze their municipal servers. Technologies used by smart cities would pose a major cyber security threat and open the door for several possible cyber-attacks. Each new city technology or system creates a new opportunity for cyber attackers. Some of the key technologies and systems that together make up the smart city’s complex attack surface are:

• Traffic Control Systems. Traffic control systems could be easily hacked as some of the devices used are without any encryption for communication between traffic control systems and traffic lights, traffic controllers, and so on, allowing an attacker to directly change traffic lights.
• Smart Street Lighting Systems. Wireless street lighting systems are being deployed in many cities around the world. Most systems use wireless communications and have the encryption related problems. Attacks on smart street lighting systems are not complex and can have big impact by causing street blackouts in large areas.
• City Management Systems. Every city has hundreds of systems to manage different services and tasks. Hacking these systems would give an attacker a lot of options to cause harm. Just as simple software bugs can create significant harm, manipulating simple information could also have a seemingly oversized security effect.
• Cloud and SaaS Solutions. City servers and cloud infrastructure are exposed to common Distributed Denial of Services (DDoS) attacks. Servers and cloud infrastructure are cheaper targets for cybercriminals or cyber terrorists.
• Smart Power and Water Grid. Attacks on a smart grid and water could be devastating, causing millions of dollars in losses and even loss of life.
• Public Transportation. By just by displaying incorrect information by manipulating public transportation information systems, it’s possible to influence people’s behaviour to cause delays, overcrowding, and so on.
• Surveillance Cameras. Traffic and surveillance cameras are the eyes of the city and by attacking them, attackers can make cities blind.
• Location-based Services. Many services are location-based, which means GPS spoofing and other attacks are possible. People get real-time location information, and if the location is wrong, then people will make decisions based on incorrect information. The nature of the impact depends on the extent to which a city relies on the services affected.

Challenges in Implementation of Cyber Security

New war scenarios make cities technologies an important and interesting target. Cyber war attacks will target city services and infrastructure. Cyber-threats are expanding in every way from attack frequency to scale, sophistication and impact severity. The rate of code vulnerabilities found in dated, internet-accessible software also shows no signs of abating. Present day Virus and Malware with complex algorithm leverages clever engineering techniques is also on the rise. As more and more smart devices running critical infrastructure organizations would connect to the public Internet — SCADA applications and national cybersecurity strategies are becoming mandatory. There are large number of challenges in ensuring cyber security while implementing smart cities , these are:-

• Lack of Cyber Security Testing
• Encryption Issues of IoT Devices and Network Components
• Lack of Computer Emergency Response Teams
• Patch Management Issues
• Insecure Legacy Systems
• Lack of Cyber Attack Emergency Plans
• Susceptibility to Denial of Service
• Proliferation of “Smart” Devices or The Internet of Things

Securing Against Cyber Attacks

Ensuring that smart cities are cyber secure against cyber-attacks will require the identification and prioritisation of critical infrastructure and assets, behaviour based security. Establishing a benchmark of normal operations of all the critical infrastructures/ assets and continuously ensuring that all parts of the city adhere to said benchmark. Businesses operating public or private infrastructures that want to enhance cyber-security against Ransomware can started by:

• Adopt or create a Cybersecurity Framework and adhere to it.
• Explicit policies should cover everything from the selection of systems, procurement of systems, management of systems, and who accesses systems to the manner in which technology is disposed of securely once it has reached the end of its service life.
• Create a simple checklist-type cyber security review. Check for proper encryption, authentication, and authorization and make sure the systems can be easily updated
• Applying application whitelisting to prevent unauthorized applications from running
• Enabling a USB lockdown on all SCADA environments to stop malware from physically entering the environment
• Deploying basic security measures in between network segments, such as firewalls/IPS.
• Proactively monitor networks for unusual traffic, access logs, or requests that could indicate an attack in progress.
• Create specific city CERTs that can deal with cyber security incidents, vulnerability reporting and patching, coordination, information sharing, and so on.
• Regularly run penetration tests on all city systems and networks.

Current attack surface for smart cities is unimaginably vast open to attack. This is a real and immediate danger. The more technology a city uses, the more vulnerable to cyberattacks. Therefore, the smartest cities have the highest risks. It is only a matter of time until attacks on city services and infrastructure happen. It may be ongoing or could happen at any moment in the future. Actions must be taken now to make cities more secure and protect against cyber-attacks.