«SMART CITY» IN THE CONTEXT OF CYBERSECURITY: INCIDENTS, RISKS, THREATS

Array

Authors

  • V. Boyko National University "Odessa Law Academy"
  • M. Vasilenko National University "Odessa Law Academy"

Keywords:

smart city, information ecosystems, cybersecurity, municipal economy, risks, threats, incidents, protection.

Abstract

Smart city systems are becoming more and more widespread in the nearest future. Their deployment allows focusing on combining diverse and varied urban information systems into a single sustainable, energy-efficient, low carbon energy, wasteless, clean "ecosystem" which will be friendly and comfortable for its citizens. This system integrates into itself all existing city IT-systems from individual smartphones to complex urban traffic management systems. And the practice shows that the IT-systems of the smart city do not yet sufficiently meet requirements of security and protection from attacks, malware and external threats. In this respect, the Ukrainian epidemic of ransomware WannaCry and Petya presents a good example. It wasn't targeted attack, ransomware wasn't directed or aimed at any of metropolitan or urban infrastructure it-systems, but as a result of collateral damage, more than a third of Ukrainian computer networks (including banking and state ones) were disabled. There is also a significant and growing demand for a targeted attack against industrial and urban infrastructure. Currently, cases of the following attacks are already known and considered in detail: the malicious computer worm Stuxnet which targets industrial systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran and related malware as Duqu and Flame, Triton/Trisis malware which the first appearance was at a petrochemical plant in 2017, and was aimed at attacking the "last line of defense" - safety instrumented systems (SIS) of Schneider Triconex. Thus, it was only a matter of time before smart city faces IT-infrastructure attack. The paper considers sources of threats and the reasons for the weak security of smart city IT-systems including the following: an increase of the attack surface, the lack of a unified strategy and security service, the developers' emphasis on simplicity and ease of systems deployment at the expense of security, a large percentage of wireless technologies that facilitate access to critical infrastructure objects, the presence of obsolete and legacy code sections in the system. The article proposes a set of measures and actions for smart city IT-systems hardening. Also, the paper considers redundancy and inefficiency of old protection methods and measures such as "air gap", proprietary protocols, "secure by obscure" and others.

Author Biographies

V. Boyko, National University "Odessa Law Academy"

PhD in Technical Sciences, Associate Professor of the Department of Cybersecurity

M. Vasilenko, National University "Odessa Law Academy"

Doctor of Sciences (Physics and Mathematics), Doctor of Law, Professor, Head of the Department of Cybersecurity

References

1. Barzashka I. (2013). Are cyber-weapons effective? Assessing stuxnet’s impact on the iranian enrichment programme. The RUSI Journal, 158(2), 48–56.
2. Di Pinto A., Dragoni Y., Carcano A. (2018). TRITON: The first ics cyber attack on safety instrument systems / Proc. Black hat usa., 1–26.
3. Lee R. (2017). TRISIS malware: Analysis of safety system targeted malware. Dragos inc. Retrieved from https://www.dragos.com/wp-content/uploads/TRISIS-01.pdf
4. Case D. U. (2016). Analysis of the cyber attack on the Ukrainian power grid // Electricity Information Sharing and Analysis Center (E-ISAC), 388. Retrieved from https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
5. Slowik J. (2019). CRASHOVERRIDE: Reassessing the 2016 Ukraine electric power event as a protection-focused attack. Dragos, Washington, DC, USA, Tech. Rep.. Retrieved from https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf
6. Fayi S. Y. A. (2018). What petya/notpetya ransomware is and what its remidiations are. Information technology-new generations, 93–100.
7. Slowik J. (2020). Evolution of ics attacks and the prospects for future disruptive events. — Accessed: Feb, 2020.
8. Branquinho M. A. (2018). Ransomware in industrial control systems. What comes after wannacry and petya global attacks? // WIT Transactions on The Built Environment. — WIT Press, 174, 329–334.
9. Ransomware Against the Machine: How Adversaries are Learning to Disrupt / FireEye. — 2020. Retrieved from https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html
10. Financially Motivated Actors Are Expanding Access Into OT: Analysis of / FireEye. — 2020. Retrieved from https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html#:~:text=Threat%20Research-,Financially%20Motivated%20Actors%20Are%20Expanding%20Access%20Into%20OT%3A%20Analysis%20of,Used%20With%20Seven%20Malware%20Families&text=For%20example%2C%20the%20shift%20to,adapt%20to%20more%20complex%20environments.
11. Ghena B., Beyer W., Hillaker A., Pevarnek J., Halderman J. A. (2014). Green lights forever: Analyzing the security of traffic infrastructure / 8th USENIX workshop on offensive technologies (WOOT 14). — San Diego, CA: USENIX Association. Retrieved fromhttps://www.usenix.org/system/files/conference/woot14/woot14-ghena.pdf
12. Cerrudo C. (2014). Hacking traffic control systems (us, uk, australia, france, etc.). DEF CON, 22, 1-5.
13. Perätalo S., Ahokangas P. (2018). Toward smart city business models. Journal of Business Models, 6(2), 65–70.
14. Cocchia A. (2014). Smart and digital city: A systematic literature review. Smart city, 13–43.
15. Bollier D. (1998). How smart growth can stop sprawl: A fledgling citizen movement expands. Essential Books, 90.
16. Komninos N. (2006). The architecture of intelligent cities. Intelligent Environments. — IET, 6, 53–61.
17. Komninos N. (2008). Intelligent cities and globalisation of innovation networks. — Routledge. Retrieved from file:///C:/Users/HP/Downloads/Intelligent-Cities-and-Globalisation-of-Innovation-Networks.pdf
18. Schuler D. (2001). Digital cities and digital citizens. Kyoto workshop on digital cities, 71–85.
19. Deren L., Zhenfeng S., Xiaomin Y. (2011). Theory and practice from digital city to smart city [j]. Geospatial Information, 6, 002.
20. Zygiaris S. (2013). Smart city reference model: Assisting planners to conceptualize the building of smart city innovation ecosystems. Journal of the knowledge economy, 4(2), 217–231.
21. Tokody D., Schuster G. (2016). Driving forces behind smart city implementations-the next smart revolution. Journal of Emerging research and solutions in ICT, 1(2), 1–16.
22. Braun T., Fung B. C., Iqbal F., Shah B. (2018). Security and privacy challenges in smart cities. Sustainable cities and society, 39, 499–507.
23. Cerrudo C. (2015). Hacking smart cities. RSA conference, 2–18.
24. Friis K., Muller L. P., Gjesvik L. (2018). Cyber-weapons in international politics: Possible sabotage against the norwegian petroleum sector. NUPI Report. Retrieved from https://nupi.brage.unit.no/nupi-xmlui/bitstream/handle/11250/2486814/NUPI_Report_2018-3.pdf?sequence=1
25. Lee K.-b., Lim J.-i. (2016). The reality and response of cyber threats to critical infrastructure: A case study of the cyber-terror attack on the korea hydro & nuclear power co., ltd. KSII Transactions on Internet & Information Systems, 10(2), 857-880.
26. Losavio M. M., Chow K. P., Koltay A., James J. (2018). The internet of things and the smart city: Legal challenges with digital forensics, privacy, and security. Security and Privacy. 1(3), e23.
27. Song H., Srinivasan R., Sookoor T., Jeschke S. (2017). Smart cities: Foundations, principles, and applications. John Wiley & Sons, 912.
28. Elmaghraby A. S., Losavio M. M. (2014). Cyber security challenges in smart cities: Safety, security and privacy. Journal of advanced research, 5(4), 491–497.
29. Lacinák M., Ristvej J. (2017). Smart city, safety and security. Procedia engineering, 192, 522–527.
30. Rawat D. B., Ghafoor K. Z. (2018). Smart cities cybersecurity and privacy. Elsevier, 303.
31. Opara-Martins J., Sahandi R., Tian F. (2014). Critical review of vendor lock-in and its impact on adoption of cloud computing. International conference on information society (i-society 2014), 92–97.
32. Pellegrini R., Rottmann P., Strieder G. (2017). Preventing vendor lock-ins via an interoperable multi-cloud deployment approach. 2017 12th international conference for internet technology and secured transactions (icitst), 382–387.
33. Singh G. (2019). China-us trade war: An overview. Manag Econ Res J. — HATASO, 5, 10805.
34. Sun J., Yan J., Zhang K. Z. (2016). Blockchain-based sharing services: What blockchain technology can contribute to smart cities. Financial Innovation, 2(1), 1–9.

Published

2020-09-30

How to Cite

Boyko, V., & Vasilenko, M. (2020). «SMART CITY» IN THE CONTEXT OF CYBERSECURITY: INCIDENTS, RISKS, THREATS: Array. Municipal Economy of Cities, 4(157), 184–191. Retrieved from https://khg.kname.edu.ua/index.php/khg/article/view/5653