The supervillain scenario

How vulnerable are critical infrastructures in cities – and how can we ensure more security?

Smart Cities can be our next step towards a more efficient way of living and ultimately increase the quality of life for all of us. Accidents happen, but deliberately causing major traffic jams of gridlock proportions are things that we only come across in movies. But with hackers on the prowl trying to hack into what is regarded to them as a city-sized playground to abuse the network and its decision making patterns: how viable is the Hollywood “supervillain scenario“ to be able to control a city and what can we do about it as a society?

Historical chaos

It’s called the Hollywood “supervillain” scenario; and it speaks to people’s imaginations and that of Hollywood to show to what extremes one could go if one controlled all the information about a city and was able to use it in a way that could benefit an individual, a group or just to cause chaos. This might sound like nothing more than Hollywood but one does not need to go back that far in time. In the 1800ies a somewhat unique bet was made between two friends in pre-Victorian London. Can someone with a few simple tricks make a certain street the most talked about street in the city in a matter of hours? The individual in question, now known to be Theodore Hook, sent thousands of fabricated letters, pretending to be coming from a certain Mrs. Tottenham, located at a certain address: 54 Berners Street. The letters written in her name consisted of requests for chimney sweepers, banquets, doctors, shoemakers, lawyers, cakemakers and other professionals and were all requested to arrive at the same address on the same day. And on that 27th November 1809, complete and utter chaos ensued with Mr. Hook having a clear view from across the street to see his creation take shape. Every police officer in London had to be dispatched, fights broke out and eventually this one prank brought the majority of the city of London to a complete stand still during the day and remainder of the night – as what is now known as the Berners Street hoax.

The human condition

You can tell a lot about society and the human condition when you turn off the traffic lights for a few hours in a major city. Now add to that instilling doubt of not being able to trust the drinking water coming from your own tap due to corrupted data at the water company. Not being able to trust the information for bridges, major roads and parking lots on when they are congested or when they are empty. And on top of that, trying to figure out if the alarms you are hearing are for a genuine chemical spill and the emergency  evacuation plan is to be followed, or are just the result of human error.

Smart Cities rely on a plethora of sensors and analysis tools throughout the city and its infrastructure to be able to gather data on a massive scale. This, to be able to make decisions based on the data, business intelligence and context to ultimately bring down cost, increase efficiency and eventually increase the quality of life in the city. Garbage containers are nowadays monitored to see how full they are so they can be picked up in a timely manner through a central and interconnected dispatch system. Potholes in streets can easily be detected by equipping busses and other public transportation with accelerometers. If multiple sensors pick up the same anomaly then a maintenance crew can be alerted in order to resolve the issue.

Smart Cities Highway

A Smart City is only as smart as the data it can trust

As with the Berners Street hoax, which was nothing more than a prank, the purposeful manipulation of data and ultimately the actions that might result from it is what an attacker is for the purpose of self-enrichment or chaos. To cause economic instability or cause harm on purpose. Multiple security companies and authorities on the subject have alerted the public at large about the dangers of not having elaborate and relevant security requirements when it comes to the technology being deployed right now. Just like the physical infrastructure of any city decays over time and requires timely maintenance, so does the network of sensors, antennas and related infrastructure. To be able to ensure that the information gathered can be relied upon is crucial to avoid any kind of Berners Street like situation. And this is exactly what hackers want to target.

Hackers will try to inject their own messages pretending to be coming from the individual sensors, will try to replay existing messages or will try to get into the IT infrastructure itself for the same purpose: shut down or manipulate the system. The Smart City programming and its operators will have to make the actual call: is the data real or is the data being manipulated? So far we have only seen incidents that can be chalked up to human error or simply accidents. The ICBM (Intercontinental Ballistic Missile) early warning system of Hawaii suffered a glitch which turned out to be human error that mistakenly alerted the population to look for cover because of an incoming ICBM attack. While similarly in the US a database glitch causes massive traffic jams and commotion when the entire database of candidates for jury duty got called up in an automated fashion and asked to all attend on the same day and hour. Being able to manipulate and instil doubt about the quality and integrity of the data is the name of the game for attackers.

Attackers on the prowl

As the sensor network is mostly exposed to the airwaves and a lot of data is being made available by the cities themselves in order to find new ways of efficiency, so are attackers trying to make their mark. If sensor data can be tampered with and impersonated, it stands to reason that certain actions as a result of the interpretation of data can either be withheld or arbitrarily instigated. Generating fake messages about increased traffic in certain areas of the city might spawn different traffic light routing patterns. Silencing or numbing sensors used for finding seismic anomalies or the detection of certain dangerous chemicals can have nasty consequences; and might not get detected in time before it is too late and a crime is committed that might result in damage to human life or the city itself. Autonomous vehicles are making their way into societies and those rely on sensor data from different sources which can be manipulated with disastrous consequences for human life. More and more infrastructure is relying on electronic or smart devices such as electronic locks, switches and doors and those require power and online services. Power that can be disrupted and online services that can be rendered unavailable or can be manipulated.

Securing Smart Cities

So how can a Smart City avoid these kinds of situations or minimize the impact of these kinds of examples? The challenge is that cities are hungry for data and innovation, IT service providers are eager to get contracts at the lowest price and politicians are hungry for bragging rights. And with that comes the trade-off between what can be achieved at what price tag on what is usually a very short term plan. What might seem cheap and reliable now might become the downfall of an IT infrastructure years down the road due to the choices made serving only a few. Having stringent and relevant requirements on what is expected from the supplier, service, software, hardware and network is paramount into making sure that resilience can be built in – in order to create a luxury of space to operate in if changes are needed of any kind. Ensuring that certain key parts of the network, its sensors, data stores and management capabilities are not all based on a single technology vendor or stack provides more robustness towards attacks propagated to a massive scale. But at the same time requires more management overhead, increases the complexity and thus the overall cost. A segregated infrastructure might result in the loss of the intelligence required in order to make the necessary decisions in the first place and with that loses the whole objective of making a city more inter-connected and “smarter”.

So with that in mind we require a governance model that entails that the software related to the IT systems and sensors used, can be changed or replaced when needed. It means knowing what the threat landscape looks like and being able to have the overview on what the actual attack surface is. To make sure the infrastructure can only be controlled by those that require it. The integrity of the data being generated needs to be guaranteed and fall-back mechanisms need to exist. These are some of the things that stand at the forefront of designing and running a Smart City and being able to make the necessary changes as time passes and the city and its infrastructure evolves.

The future

Over time, a central machine learning or artificial intelligence-like state machine could run the city overnight. Or rather and more preferred: ML/AI should be leveraged to detect the anomalies and abuses we have seen and expect in the future and learn from them. But how much can or should cities cooperate with each other and the general public on these topics knowing that once the data is out there, it can potentially be abused? Where IT service providers see functionality and interaction possibilities, attackers see attack surface and opportunity. Making sure that cities provide transparency about their technology and cyber security choices and making sure their threat model stays up to date versus what is available to would-be attackers will become crucial for any Smart City in the future. Ensuring security layers and fall-back mechanisms exist and are verified for efficiency; early warning systems based on aggregated data to limit the impact of any incident on an on-going basis will ultimately help determine the quality of living for a city in the future.

With enough expert collaboration, an open mind and a prudent approach to cyber security we can leave the supervillain scenario to the Hollywood screenplays where they belong.

Contributor: Tom Van de Wiele

Tom Van de Wiele is Principal Cyber Security Consultant at the Finish provider of IT security solutions and anti-virus programs F-Secure. He has 15 years of experience in information security. Van de Wiele specializes in red team operations and targeted penetration testing for the financial, gaming and service industry.

Opinions expressed by Forbes Contributors are their own.

Up to Date

Mit dem FORBES-NEWSLETTER bekommen sie regelmässig die spannendsten Artikel sowie Eventankündigungen direkt in Ihr E-mail-Postfach geliefert.