Smart cities \u2013 a brilliant concept of various automata assisting humans in their everyday urban lives \u2013 \u00a0had been envisioned way before computers emerged, and had been featured in sci-fi fiction both in Utopian and dystopian tones, depending on the author\u2019s goals. Now it is on the brink of becoming an everyday reality. Still, the question lingers: will it be Utopia or Dystopia?<\/p>\n
Will it help to solve those countless problems of modern urbanism, or are we going to get used to sudden-to-regular outbursts of cyber-assisted mayhem instead? Both variants are possible for now.<\/p>\n
Outrunning the cautions<\/strong><\/p>\n Technology implementation outrunning cautions and risk estimates is nothing new. Profits and fashion come first, then come \u201cunforeseen consequences\u201d that were actually quite foreseeable, but remained\u00a0ignored for some reason.<\/p>\n Here\u2019s a\u00a0somewhat typical cyberpunk plot: a certain tech company manages to get to the right place, right time and mounts a certain trend, releasing a product which soon becomes ubiquitous. It has its problems (namely, substandard security), but rather than fixing the issues the company uses its now-formidable marketing power to mute and\/or discredit its critics and competitors, while distracting users\u2019 attention from the apparent problems towards its usefulness and utility, as well as \u201clifestyle aspects\u201d, \u201cstatusness\u201d, etc. Then there is the \u201ceveryone makes mistakes\u201d mantra as an ultimate (and hard-to-refute) argument.<\/p>\n #smartcity \u2013 future Utopia or inevitable Dystopia? #security<\/p>Tweet<\/a><\/blockquote>\n Sounds vaguely familiar, does it not? As a matter of fact we\u2019ve seen similar stories in the recent past, when certain software packages have become extremely popular, along with their flaws. Does \u201cSlammer worm\u201d ring a bell?<\/p>\n The \u201cSmart Cities\u201d are a different story\u00a0however: Ultimately there are lives at stake here, not just comfort and efficient performance of urban utilities. The cities are the critical infrastructure (in every possible sense), and if their computerization is conducted without considering security from day one, the problems may be dire and take place on a much more dramatic scale than today\u2019s often discussed issues of critical infrastructure\u2019s cybersecurity. This question must be addressed early on.<\/p>\n Challenges<\/strong><\/p>\n What are the primary challenges with Smart Cities\u2019 information systems, in relation to cybersecurity? Four come to mind immediately:<\/p>\n It\u2019s easy to see that the familiar cybersecurity issues are intertwined with each of them. On the most superficial level, interoperability and intercommunication between various systems means that hackers may try to exploit weaknesses in one system to seize control over another, more important one. For instance: exploiting an on-board Wi-Fi system in a modern passenger jet to get a grip on its avionics \u2013 then extrapolate this on a city-wide scale. Unless the networks are isolated from each other properly, this is a possibility.<\/p>\n Then there is \u201cuneven quality\u201d \u2013 most likely, there is going to be a hotchpotch of technologies belonging to different generations.<\/p>\n We have already seen how it may look: The essential reason there are problems with \u201cmodern\u201d industrial\/utility critical systems is that those are often anything but modern. At the same time, they are retrofitted with connectivity that wasn\u2019t there when these systems were designed and built. We have written about this before<\/a>.<\/p>\n The possible hackability of the smart cities systems, by the way, is well illustrated by the recent research of video surveillance systems in a certain city \u2013 published at Securelist<\/a>. The urban CCTV network proved to have a number of weaknesses, from sloppy set up and unprotected labeling of the hardware to unencrypted data transmittance, etc.<\/p>\n The research is definitely worth reading, as it has a number of important insights on how the most unexpected things may undermine security.<\/p>\n Then there is Big Data and its associated security problems to be solved<\/a>.<\/p>\n And all of these problems, along with many others, should be considered ahead of the \u201csmartening\u201d of every city.<\/p>\n A side-topic: a jet case<\/strong><\/p>\n \u2026What have I said about hacking a plane? Well, according to Kaspersky Lab\u2019s Andrey Nikishin<\/a>, Head of Future Technology Projects, avionics data are usually transmitted via an isolated bus, not connected to Wi-Fi and\/or onboard entertainment network.<\/p>\n However, the U.S. Federal Aviation Administration reportedly warned Boeing seven years ago<\/a> that it had a flaw in the Wi-Fi design of Boeing 787 Dreamliner jets, as well as Airbus A350 and A380 aircrafts, that make them vulnerable to hacking. In April of this year, the FAA reported<\/a> that Dreamliner may be still hackable.<\/p>\n And a certain cybersecurity consultant going by the name Chris Roberts bragged all over Twitter that he has managed to hack into jet\u2019s control systems. Roberts ended up enjoying the FBI\u2019s hospitality, despite the lack of any actual harm inflicted, and according to court records, he told FBI officers that he had indeed hacked into computer systems aboard airliners up to 20 times and managed to control an aircraft engine during a flight<\/a>.<\/p>\n Unless Roberts was lying, there is indeed a critical flaw in the plane\u2019s systems. If critical and non-critical networks are indeed separated by a firewall alone (and firewalls are hackable, you know?), these jets are, mildly put, insecure.<\/p>\n Imagine something similar on a city-wide level. Or watch \u201cLive Free or Die Hard<\/a>\u201d (aka \u201cDie Hard 4.0\u201d), as it really gives a proper picture \u2013 except for the fact that a single hero wouldn\u2019t be enough to clean up the resulting mess.<\/p>\n Thinking ahead of trouble<\/strong><\/p>\n \u201cRetrofitted and added cybersecurity\u201d is not an option for the Smart Cities concept: risks are too dire to build \u201cseven cities of cyber-Troy\u201d upon each other. Our position here is that cybersecurity should be considered early on, at every possible level.<\/p>\n\n