Thursday, May 16, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Security TrendMicro 

Securing Our Smart Cities: Why We All Need to Be Aware of the Threats Out There

admin , ,

Smart cities are redefining the way we live and work. Blending cutting edge IoT technologies with virtualization, big data, cloud and more, they represent an urgent and ongoing attempt to overcome the challenges associated with rapid urbanization. There’s just one problem. These vast, interconnected technology systems also raise serious privacy and security concerns.

That’s why Trend Micro has produced a new article for smart city stakeholders investigating exactly where these concerns lie. As the pace of tech development and adoption continues to accelerate, it’s vital that we take a step back to consider where the key threats originate.

A trillion-dollar market 

The smart city is a difficult concept to pin down because there’s no typical project. The fundamental aim is to improve quality of life for citizens, reduce the strain on local government finances and promote sustainability through advanced, connected systems. For example, smart water systems in Singapore use sensors to continually track the pressure, flow and quality of water in the network. This not only helps the Public Utilities Board predict and minimize pipe bursts, but also helps end users monitor and conserve their own usage.

Considering the benefits, it’s no surprise that governments all over the world are sinking billions into these projects. In fact, some estimates claim the smart city market will reach a staggering $1.5 trillion by 2020.

Security concerns 

But as with any major IT system – or in this case, “system of systems” – there are security and privacy challenges. As the attacks on Ukrainian power stations over the past couple of years have shown us, suspected nation-states have both the skills and motive to launch attacks on the critical infrastructure of enemies. Financially motivated cybercriminals will look to hold the operators of such systems for ransom by hacking and remotely controlling key elements. And there are even opportunities for hacktivists to publicize their cause by instigating chaos and disruption in urban areas.

The convergence of IT, ICS, IIOT in smart cities, now more than ever, demands real-time metrics for billing, as well as remote access for support, which are done through the Internet. Unprotected and vulnerable systems connected to the Internet represent the single biggest risk to smart cities. Just to highlight the issue, a 2-year study completed using Shodan the search engine, Project SHINE (Shodan Intelligence Extraction) surveyed 2.2 million Internet facing assets and documented 586,997 ICS devices, 13,475 HVAC (Heating, Ventilation, Air Conditioning) and building automation systems.

That’s not to mention the potential privacy issues that arise when user data is collected up in massive quantities to be used by third parties. The end goal might be to improve service levels and the end user experience, but without prior consent owner operators will face actions from the FTC and not to mention where applicable the stiff fines with the implementation of GDPR in 2018.

The bottom line is that as we come increasingly to rely on smart city systems, any outages could have a potentially severe impact on the quality of our lives.

Worst-case scenarios 

Here are a few examples from the paper of where things can go wrong:

  • CI cyber attacks reached a significant milestone in 2015 with the December 23 outage at two of Ukraine’s top energy distributors where destructive malware was used in a broader more sophisticated attack. Stateside, the Dallas Area Rapid Transit’s (DART) computer system was hacked, compromising the availability of critical travel information. The mass transit organization reported no sensitive customer or employee information had been breached; however, the possibility of this information being breached in a future, similar incident is likely.
  • It is believed that the HDDCryptor variant was the one used in an attack against the San Francisco Municipal Transport Agency (SFMTA). Since first writing about the discovery back in September 2016, we have been tracking this ransomware closely as it has evolved.
  • The Yokohama Smart City Project (YSCP) uses a smart grid to throttle high-volume appliances at peak hours and optimizes the use of in-house energy through real-time data. But what if the centralized system controlling this were hacked? Could we see a city-wide blackout?
  • The Dutch city of Rotterdam is six meters below sea level. As such, its “Rain Radar” system is vital in interpreting how much rain has fallen in specific areas, allowing the Water Board to store and redirect excess water to prevent flooding. But what if the data were maliciously manipulated? It could lead to a huge repair bill, or even widespread flooding.
  • The small town of Jun in Spain addresses civic concerns via continually monitored Twitter accounts, allowing taxpayers to do anything from report crimes to book medical appointments. But social media accounts are notoriously easy to crack, leaving this system wide open to mischief makers.

It’s vital that we incorporate security and privacy-by-design into these systems as they’re developed. The cost of bolting on security after the event is always significantly higher, and the end result less effective. But we must also be aware of the scale of the task. Smart cities represent a large and complex attack surface, where vulnerabilities in cloud servers, mobile app ecosystems, data transfers and more could all have serious repercussions for end users and smart city providers.

Click here to find out more about the security and privacy implications of smart cities.

http://feeds.trendmicro.com/TrendMicroSimplySecurity