In the below video Cesar Cerrudo, the CTO of IOActive Labs and Board Member of Securing Smart Cities, presents his perspective of what a Smart City is before delving into some of his experiences with the security of smart technologies and describing some rather frightening attack vectors and potential scenarios. Finally, he concludes with some recommendations to Smart City vendors and governments to better secure these technologies and protect their citizens. Although I highly recommend watching the full video, for those of you who would rather read an ‘executive summary’ I have summarised the speech and slide package in my own words below the video.
A Smart City is “a city that uses technology to automate and improve city services, making citizens’ lives better”. Such technology can be employed in areas such as: traffic control, parking, street lighting, public transportation, energy management, water management, waste management, city management, security, M2M, sensors (weather, pollution, seismic, flood, smell, sound, etc), open data, and mobile applications.
A large number of vulnerabilities are present in Smart Cities around the world due mainly to new technologies being deployed without any security testing occurring beforehand. These problems are compounded by the facts that almost everything is wireless (ie able to be attacked without requiring physical access) and there is a wide lack of city CERTs (Computer Emergency Response Teams), resulting in a lack of coordination and communication about security incidents. Other problems plaguing technology-dependent cities are: huge and unknown attack surfaces, patch deployment and system update difficulties, vulnerable legacy systems being interconnected with new systems, government bureaucracy and shortage of skilled people, no city cyberattack response plans, and difficulty for security researchers to obtain systems and devices for testing. There are already many cases where even simple bugs have caused significant city-wide disruptions and, in some cases, even loss of life.
In consideration of the aforementioned vulnerabilities, there are many potential and proven malicious attacks that could occur on city systems. Hundreds of thousands of traffic control systems across the world have already been proven to be vulnerable to attack. Wireless encryption problems leave street lighting vulnerable to the extent that entire cities and islands could be left in the dark. The integrity of city management system information is vulnerable and could lead to events such as the 2010 confusion of Texan construction workers with respect to the location and status of a buried gas pipeline; resulting in an explosion with several casualties and one death. With real-time access to open data available to the public, attacks can even be freely orchestrated to determine the best timing for maximum impact.
So, it has been established that Smart Cities are vulnerable and that there are a variety of ways that these vulnerabilities can be maliciously exploited to cause havoc. The remaining variable in this equation is intent, or, threat likelihood. Cities are a valuable and interesting target when it comes to consideration of war scenarios such as cyberwar or cyber terrorism. It is publicly known that nation states have the knowledge and skills to easily attack cities and cause significant damage. Cybercriminals also exist and have proven to be well organised and have a large amount of resources at their disposal. Finally, let’s not forget about Hacktivist groups who have become known for launching coordinated cyber attack campaigns against various targets of their choice.
Despite the above seemingly alarmist information, there are a number of recommendations that Cerrudo believes will help mitigate against a lot of the highlighted problem areas. In order to highlight these solutions, I have provided them in dot-point format below:
- Do not implement systems and devices without security testing and auditing
- Ask vendors to provide all security documentation and timely incident response
- Fix security issues as soon as they are discovered
- Create a City CERT that can handle the various security aspects of the Smart City
- Regularly run penetration testing on all city systems and networks
- Implement fail-safe and manual overrides on all city systems
- Implement and make known secondary services/procedures in case of cyber attack
- Restrict access to public data
- Threat model everything and prepare for the worst