Affiliation:
1. National University "Odessa Law Academy"
Abstract
Smart city systems are becoming more and more widespread in the nearest future. Their deployment allows focusing on combining diverse and varied urban information systems into a single sustainable, energy-efficient, low carbon energy, wasteless, clean "ecosystem" which will be friendly and comfortable for its citizens. This system integrates into itself all existing city IT-systems from individual smartphones to complex urban traffic management systems. And the practice shows that the IT-systems of the smart city do not yet sufficiently meet requirements of security and protection from attacks, malware and external threats. In this respect, the Ukrainian epidemic of ransomware WannaCry and Petya presents a good example. It wasn't targeted attack, ransomware wasn't directed or aimed at any of metropolitan or urban infrastructure it-systems, but as a result of collateral damage, more than a third of Ukrainian computer networks (including banking and state ones) were disabled. There is also a significant and growing demand for a targeted attack against industrial and urban infrastructure. Currently, cases of the following attacks are already known and considered in detail: the malicious computer worm Stuxnet which targets industrial systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran and related malware as Duqu and Flame, Triton/Trisis malware which the first appearance was at a petrochemical plant in 2017, and was aimed at attacking the "last line of defense" - safety instrumented systems (SIS) of Schneider Triconex. Thus, it was only a matter of time before smart city faces IT-infrastructure attack. The paper considers sources of threats and the reasons for the weak security of smart city IT-systems including the following: an increase of the attack surface, the lack of a unified strategy and security service, the developers' emphasis on simplicity and ease of systems deployment at the expense of security, a large percentage of wireless technologies that facilitate access to critical infrastructure objects, the presence of obsolete and legacy code sections in the system. The article proposes a set of measures and actions for smart city IT-systems hardening. Also, the paper considers redundancy and inefficiency of old protection methods and measures such as "air gap", proprietary protocols, "secure by obscure" and others.
Keywords: smart city, information ecosystems, cybersecurity, municipal economy, risks, threats, incidents, protection.
Publisher
O.M.Beketov National University of Urban Economy in Kharkiv
Subject
General Earth and Planetary Sciences,General Environmental Science
Reference34 articles.
1. 1. Barzashka I. (2013). Are cyber-weapons effective? Assessing stuxnet’s impact on the iranian enrichment programme. The RUSI Journal, 158(2), 48–56.
2. 2. Di Pinto A., Dragoni Y., Carcano A. (2018). TRITON: The first ics cyber attack on safety instrument systems / Proc. Black hat usa., 1–26.
3. 3. Lee R. (2017). TRISIS malware: Analysis of safety system targeted malware. Dragos inc. Retrieved from https://www.dragos.com/wp-content/uploads/TRISIS-01.pdf
4. 4. Case D. U. (2016). Analysis of the cyber attack on the Ukrainian power grid // Electricity Information Sharing and Analysis Center (E-ISAC), 388. Retrieved from https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
5. 5. Slowik J. (2019). CRASHOVERRIDE: Reassessing the 2016 Ukraine electric power event as a protection-focused attack. Dragos, Washington, DC, USA, Tech. Rep.. Retrieved from https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献