中文 English

Grappling With Smart City Security Issues

Economics and convenience are driving cities to connect services, but they’re also widening the attack surface.

popularity

Security concerns are rising as cities seek to modernize services by connecting them to the internet and to each other, creating a widening attack surface that is a potential target for everything from disruption of services to ransomware demands.

The goal of smart cities is to apply technology and intelligence to a variety of services to enable independent operation, real-time response, as well as other advantages. That, in turn, is expected to lower some costs and make urban areas more attractive for both businesses and residents. But delivering on those promises requires a complex system-of-systems architecture, which needs to be continuously managed both from technology and security standpoints.

“Security is expected and required to be everywhere,” said Bart Stevens, senior director of product marketing for security at Rambus. “It should be top-notch, updatable, and resilient to attacks for decades. Each involved device needs remote access, and therefore needs a secure identity. All security needs to be built ensuring that break once, deploy everywhere should not and cannot happen.”

That’s a tall order given the long list of services that can be included in a smart city. “There are so many new applications one can develop for the smart cities, and there are many other new ones we have not even thought of yet,” said Stevens. “Some of these examples are managing grid and energy usage, such as neighborhoods, buildings, EV charging, solar panels, etc. There also is management of smart utilities, including water, waste, electricity, and maintaining road and infrastructure.”

There are many others that can be added to that list. Among them:

  • Smart parking, which saves time and helps reduces fuel consumption;
  • Automated traffic management to reduce congestion;
  • Connected streetlights, which can save energy and quickly identify lights that are not working;
  • Smart buildings, which boost energy efficiency and comfort in smart buildings;
  • Remote management and predictive maintenance of power grids to avoid blackouts;
  • Connecting ambulance services with hospitals;
  • Disaster management to increase city management efficiency and minimize casualties.

IoT Analytics, a market research company, published a market report highlighting the top 10 smart city use cases in 2020. Top on its list is connected public transport, followed by traffic management, and water level/flood monitoring.

While the term smart city groups everything under a single banner, most of these services are separate. “Smart city is not a single application,” said Michela Menting, digital security and blockchain research director at ABI Research. “It includes multiple verticals, including energy/utility, asset and location tracking, smart parking, smart streetlights, intelligent transportation, healthcare/ emergency, retail/entertainment/hotel, and more.”

Each vertical application has its own characteristics and challenges, making smart city management of cybersecurity complicated. Additionally, cybersecurity is only one part of the technology matrix in smart city applications.


Fig. 1: Technology matrix for smart cities. Source: ABI Research

5G’s growing importance
One of the core technologies in smart cities is communications, and 5G is considered a key element. Right now, 5G is spotty, and much of it is running at sub-6 GHz speeds. But 5G — and even 4G performance — will improve over time.

The download speed of 5G potentially can reach 20 Gbps, while 4G can reach multiple Mbps. 5G speed potentially will be 10 times that of 4G. The FCC recently has auctioned many high-band spectrums, including 24 GHz, 28 GHz, and the upper 37 GHz, 39 GHz, and the 47 GHz bands, for a total of 5 gigahertz of the 5G spectrum. Additionally, the SEC will also create new opportunities for the unlicensed Wi-Fi in the 5.9 GHz, 6 GHz, and above-95 GHz bands. For rural areas, a 5G fund of $9 billion was established by the FCC. This will help propel 5G applications in smart cities.

Even though we’re still at the beginning of the 5G journey, the momentum is building. The three major carriers are investing and expanding their 5G network infrastructures nationwide. Some are exploring the idea of building 5G smart city prototypes. For example, AT&T and JBG SMITH are partnering to build a smart city with 5G network infrastructure deployments by 2022 in the city of National Landing. The other carriers will soon be doing the same.

“As wired and wireless connectivity (via 5G and other technologies) accelerates, we are rapidly approaching an ‘everything-to-everything’ (X2X) level of communication that will allow people, mobile devices, stationary objects, and large structures to bring not only data, but intelligence, to the conversation,” said Chris Pearson, president of 5G Americas, an industry trade organization composed of leading telecommunications service providers to promote and support the growth of 5G technology. “The ‘smart’ in smart city will ultimately be powered by advances in AI that will enhance cognitive and sensory functionality, unleashing new capabilities and ways of doing business. However, AI algorithms will require constant infusions of test data to functionally operate, which will require increasing amounts of bandwidth capacity in networks.”

Ransomware and other cyberattacks
One of the key concerns among security experts is ransomware, and that concern is growing as more city services are connected to the internet. Ransomware is now a household word because it appears so frequently in the news. Hackers’ business model is to hold organizations’ data or services hostage by demanding a ransom. The high-profile Colonial Pipeline ransomware attack, to cite a recent example, has caused major disruptions and underscores the vitalness of cybersecurity.

Supplying half of the gas demand on the East Coast, the Colonial Pipeline carries 2.5 million barrels a day of fuel including gasoline and jet fuel. When a ransomware attack temporarily interrupted the fuel supply it caused panic buying by consumers. Gasoline prices increased in Georgia, North Carolina, and Virginia.

The unknown attacker obtained the ransomware from DarkSide, as confirmed by the FBI. Based in Eastern Europe, DarkSide provides ransomware services to its partners, enabling a network of attackers. Colonial Pipeline was frozen by the ransomware and a hefty sum of $4.4 million in bitcoin was demanded. What is worse, besides the ransom, Colonial Pipeline will need to spend many more millions to restore the system. According to Colonial, this was the first time the entire pipeline system was shut down in its 57-year history.

The difficulty of tracing digital currency, along with the increased sophistication, varieties, and frequency of cyberattacks, present major challenges.

Many connected critical infrastructures make up a smart city. These include smart power grids, oil and gas supplies, emergency services (hospitals and healthcare, police, and fire stations), and disaster warning services (flood, fire, earthquake, storms and more). Any of these infrastructures can be targeted by hackers. Without defenses, cyberattacks can cause major infrastructure disruptions and, depending on the scale, potentially lead to disaster on a nationwide scale.

How should a smart city guard against cyberattacks?
Gone are the days when cybersecurity meant using antivirus software to scan the computer. Today’s attacks are so sophisticated and so frequent that no software tools can make cybersecurity 100% effective. It’s only a matter of time before the network, cloud-based servers, and mobile devices have a security breach. In the future, cyberattacks will be a fact of life.

Today’s cybersecurity concepts require a new mindset. First, build a strong castle to protect your systems. Second, know what to do when your systems have been compromised.

The best defense mechanism involves a holistic approach. Built-in security for hardware, software, firmware, silicon, systems, and network connection initiation must require authentication using security keys or other means.

New technology and future developments, including artificial intelligence, can help significantly.

“With critical infrastructure, cybersecurity is of paramount importance as it can lead to life-threatening situations,” said Guruprasad M. Parthasarathy, Xilinx’s strategic market and ISV development manager for APAC. “The critical systems must be designed to be disaggregated and self-healing systems, with an AI-based control plane. With that, a cyberattack can be identified quickly, and its impact reduced in real time by isolating the possible areas and healing the rest of the network around it. With real time AI-based analytics, we can potentially provide an automated cyber security solution.”

Alongside of this is the concept of Zero Trust. The idea is that users or devices, whether they are inside or outside an organization or the networks, must verify their identities and privileges before they can access the system. In addition, the connections need to be timed out periodically, forcing users or devices to be continually re-verified.

“All networks must be architected with ‘Security by Design,'”, said Parthasarathy. “The network architecture is designed with cybersecurity as the primary parameter, and not overlaid on a conventional network topology. By doing that, all networks can be independently qualified for security and also collectively modeled to provide a cyber safe operating environment. However, some of the smart city cybersecurity requirements are defined very loosely. Vulnerability will be exploited by hackers and there will be problems down the road.”

Given the understanding that no user or device can be trusted until authenticated, the design of systems meant for smart city applications begins at the lowest chip level. Having root of trust at the lowest chip level means that when a system or network boots up for the first time, no malware exists. The built-in root of trust firmware has been locked and can never be tampered with or modified by outside sources. Any connection initiation must be authenticated.

Beyond that, security threats can be developed and updated for each city service. “Data protection requires application security,” said Jonathan Knudson, senior security strategist at Synopsys. “Threat modeling and vulnerability management help you secure your apps from development through production.”

Knudson emphasized the importance of lifecycle software development in building, testing, and implementation of each component.

Still, technology is only part of the solution. On many occasions, attackers use phishing, disguising their real identities to gain access to the system. Most phishing attacks come in the form of an email, which looks so real that an untrained user will fall for the trick. Therefore, staff training and establishing a cybersecurity process on how to play defense is key. Equally important, team members must know what steps to take when a system is breached to minimize disruptions and damages.

Steve Hanna, distinguished engineer in Infineon’s Connected Secure Systems Business Unit, emphasizes a three-pronged approach to designing the holistic cyber safe system which covers people, processes, and technology.

“You need to train your staff regarding their cybersecurity responsibilities,” Hanna said. “Programmers must know how to do secure software development. Everyone must know not to click on suspicious links in emails. And security experts are required so that they can prevent, find, and fix cybersecurity problems. You need to create good cybersecurity processes, follow them, and improve them over time. For example, there should be a secure process for signing firmware updates. Without that, the firmware signing key might be left on the software build machine because that’s the easiest thing to do. That happens surprisingly often, and that’s how we end up with malware that’s signed with the authorized signing key. For technology, you need solid cybersecurity technology that fends off attacks. For example, the firmware signing key should be stored in a Hardware Security Module (HSM) so that it can’t be copied and stolen by a bad guy. For the IoT device in the field, technology should be used to verify the firmware signature before installing a firmware update. Even better is to use a Hardware Root of Trust in the device to check the firmware signature whenever the device boots to make sure the firmware is still good and hasn’t been corrupted or infected.”

Best practices to guard against cyberattacks
A well designed smart city cybersecurity system is effective only until attackers come up with the next new trick. The level of cybersecurity requirements depends on the applications. For example, the requirements to secure a smart power grid differ from those for securing a sprinkler system because the risks are different. While it is impossible to achieve 100% security, the ultimate goal is to stay one step ahead of the hackers. The best defense strategy is to design a system with a layered approach. Additionally, it’s important to apply proven technology and processes that are known to be effective.

“All systems need to be certified against security and safety standards, such as Global Platform SESIP for IoT devices,” said Rambus’ Stevens. “Additional security can be established through using 5G to secure communications, as well as role-based authentication. These tactics all work with privacy in mind.”

To keep a connected network or system safe, each of the components inside the network has to be secure. The network is only as strong as its weakest component. It is important to make it as difficult as possible for the hacker by taking the layered design approach. With this approach, when a system is breached the hacker can only reach the first layer of the “onion.” You can lock the second layer immediately to prevent further damage. It’s a matter of time before the hackers figure out how to reach the second layer. When that happens, by design the third layer will shut down. In the meantime, one will work on solutions to strengthen your first and second layers.

The stronger the layers, the better the protection.

A case study in smart city security
According to IoT Analytics, Miami has 500,000 connected streetlights deployed by Itron and Florida Power & Light. Based on open-standard IEEE 802.15.4 (sub-GHz wireless), the Wi-SUN field area network (FAN) technology provides both built-in security and convenience. Additionally, if the Florida Power & Light smart grids are partially damaged by a storm, the wireless mesh network will automatically reroute the power grids so the power supply will not be disrupted.

“Robust security should be built on two key elements, authentication and encryption,” said Phil Beecher, President of the Wi-SUN Alliance. “Each device must be uniquely identifiable so that it can be authenticated effectively when joining a network, as well as able to prove that it has not been tampered with or hijacked with rogue code. Digital certificates embedded in each device are an ideal way to achieve this. Passwords should be avoided as they can be easily stolen or cracked. Private keys can be protected by using a hardware secure element, or a physical unclonable function (PUF). Here, a ‘fingerprint’ is derived from the unique characteristics of a piece of silicon. This can then be turned into a unique cryptographic key and used as the chip’s private key. The advantage here is that no additional hardware is needed to store the key securely, and that it becomes invisible to hackers when the device is powered off.”

There are other open standards for smart cities such as NB-IoT, as well as open specifications based on proprietary technology such as LoRaWAN. Each offers a different security scheme.


Fig. 2: Miami has 500,000 connected, streetlights deployed by the Itron and Florida Power & Light Company. Source: IoT Analytics

Who’s responsible?
Smart cities are complex entities with many stakeholders, including federal and local governments, building or facilities operators, and property or landowners. When ransomware attacks result in real damages, who will be responsible for cleaning up the mess?

Generally speaking, the operators of the targeted facilities or properties such as a hospital, power grid, or traffic lights will be directly responsible. In the case of connected smart traffic lights, it can be the responsibility of the city or a contractor who works for the city.

But it gets complicated in a scenario when an ambulance and smart traffic lights are both attacked. The compromised traffic lights could cause a delay leading to the ambulance rerouting to a different hospital. In such a scenario, precious time could be wasted. If the lost time contributes to a fatality, who will be responsible?

In the United States, the Department of Homeland Security is responsible for ensuring the country is safe overall. It has provided various guidelines for states, cities, and operators to follow. Local cities also have guidelines for the operators to follow. However, those creating the guidelines may not be on the same page. They may not have the same ideas about risk, responsibilities, and costs. When there is a cyber incident resulting in damages, it is possible for one party to blame the other, pointing out the ambiguities in the policies. Therefore, clear communication, understanding, pre-defined security expectations, and acceptance of responsibilities are critically important.

Guidelines and resources to help build a safer smart city, and the organizations behind them, include:

  • The Center for Internet Security (CIS), a community-driven nonprofit organization, the Multi-State Information Sharing and Analysis Center (MS-ISAC), provides resources for cyberthreat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities. SLTT is under the Homeland Security Department.
  • The Security Evaluation Standard for IoT Platforms (SESIP) methodology designed for IoT devices. IoT security certification schemes available.
  • The National Institute of Standards and Technology (NIST), which is part of the U.S. Department of Commerce, provides a National Vulnerability Database.
  • The ISA/IEC 62443 standards provide a flexible framework to address security vulnerabilities in industrial automation and control systems (IACSs). It was developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC).
  • The UK’s National Cyber Security Centre (NCSC) has published new guidance on securing smart city infrastructure.
  • The World Economic Forum has published a policy benchmarks white paper on governing smart cities.

Are smart cities ready for security challenges?
Smart cities are at the beginning of a long journey. Some networks or systems within smart city verticals have robust security designs while others do not. Challenges remain for connecting all the verticals together and having everything functioning securely within a smart city. All things considered, overall optimism prevails.

But it’s still important for cities to be ready to handle the increased demands of connecting their services to the internet.

“Does it make financial sense for a certain city to be a smart city?” asks Synopsys’ Knudson. “Planning is crucial. Secure software solutions are important. For example, when connected power grids or hospitals are attacked by ransomware, does everyone know what to do? Have mitigation of risk, isolation of systems, and system backup been in place as part of the plan?”

Despite the complexity of managing a smart city with so many vertical segments, new opportunities abound. The increasing sophistication of IoT and sensor technology is enabling more types of monitoring applications and creating new benefits.

“The future of smart cities is very bright,” said Infineon’s Hanna. “But remember, where there is bright light there are also dark shadows. We must prepare for cybersecurity attacks by building a hardware root of trust into our systems.”

The bottom line, according to experts: Proceed with making city services smarter, but use caution.

Related
Massive IoT Interop Fuels Protocol Battle
The race to scale communications for smart cities.
Bridging The Gap Between Smart Cities And Autonomous Vehicles
Communication, security, and power issues still need to be solved, but there is progress.
Fundamental Changes In Economics Of Chip Security
More and higher value data, thinner chips and a shifting customer base are forcing long-overdue changes in semiconductor security.
Semiconductor Security Knowledge Center
Top stories, special reports, blogs, white papers and videos on security



Leave a Reply


(Note: This name will be displayed publicly)