Abstract Research purpose. Smart City technologies offer great promise for a higher quality of life, including improved public services, in an era of rapid and intense global urbanization. The use of intelligent or smart information and communication technologies to produce more efficient systems of services in those urban areas, captured under the broad rubric of “smart cities,” also create new vectors of risk and vulnerability. The aim of this article is to raise consideration of an integrated cross-domain approach for risk reduction based on the risks smart cities are exposed to, on the one hand, from natural disasters and, on the other, from cyber-attacks. Design / Methodology / Approach. This contribution describes and explains the risk profile for which smart cities are exposed to both natural disasters and cyber-attacks. The vulnerability of smart city technologies to natural hazards and cyber-attacks will first be summarized briefly from each domain, outlining those respective domain characteristics. Subsequently, methods and approaches for risk reduction in the areas of natural hazards and ICT security will be examined in order to create the basis for an integrated cross-domain approach to risk reduction. Differences are also clearly identified if an adaptation of a risk reduction pattern appears unsuitable. Finally, the results are summarized into an initial, preliminary integrated cross-domain approach to risk reduction. Findings. Risk management in the two domains of ICT security and natural hazards is basically similar. Both domains use a multilayer approach in risk reduction, both have reasonably well-defined regimes and established risk management protocols. At the same time, both domains share a policymaking and policy implementation challenge of the difficulty of appropriately forecasting future risk and making corresponding resource commitments to address future risk. Despite similarities, different concepts like the CIA Triad, community resilience, absorption capacity and so on exist too. Future research of these concepts could lead to improve risk management. Originality / Value / Practical implications. Cyber-attacks on the ICT infrastructure of smart cities are a major vulnerability – but relatively little systematic evaluation exists on the topic. Likewise, ICT infrastructure is vulnerable to natural disasters too – and the risk of more severe natural disasters in the context of a global trend toward massive cities is increasing dramatically. Explicit consideration of the issues associated with cross-domain integration of reduction of interdependent risk is a necessary step in ensuring smart city technologies also serve to promote longer-term community sustainability and resilience.
more »
« less
IoT Security and Safety Testing Toolkits for Water Distribution Systems
Due to the critical importance of Industrial Control
Systems (ICS) to the operations of cities and countries, research
into the security of critical infrastructure has become increasingly
relevant and necessary. As a component of both the research and
application sides of smart city development, accurate and precise
modeling, simulation, and verification are key parts of a robust
design and development tools that provide critical assistance in
the prevention, detection, and recovery from abnormal behavior
in the sensors, controllers, and actuators which make up a
modern ICS system. However, while these tools have potential,
there is currently a need for helper-tools to assist with their
setup and configuration, if they are to be utilized widely. Existing
state-of-the-art tools are often technically complex and difficult
to customize for any given IoT/ICS processes. This is a serious
barrier to entry for most technicians, engineers, researchers, and
smart city planners, while slowing down the critical aspects of
safety and security verification. To remedy this issue, we take
a case study of existing simulation toolkits within the field of
water management and expand on existing tools and algorithms
with simplistic automated retrieval functionality using a much
more in-depth and usable customization interface to accelerate
simulation scenario design and implementation, allowing for
customization of the cyber-physical network infrastructure and
cyber attack scenarios. We additionally provide a novel in tool assessment of network’s resilience according to graph theory path
diversity. Further, we lay out a roadmap for future development
and application of the proposed tool, including expansions on
resiliency and potential vulnerability model checking, and discuss
applications of our work to other fields relevant to the design
and operation of smart cities.
more »
« less
- Award ID(s):
- 1846493
- NSF-PAR ID:
- 10322468
- Date Published:
- Journal Name:
- 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
In recent years, there has been a growing interest in so-called smart cities. These cities use technology to connect and enhance the lives of their citizens. Smart cities use many Internet of Things (loT) devices, such as sensors and video cameras, that are interconnected to provide constant feedback and up-to-date information on everything that is happening. Despite the benefits of these cities, they introduce a numerous new vulnerabilities as well. These smart cities are now susceptible to cyber-attacks that aim to “alter, disrupt, deceive, degrade, or destroy computer systems.” Through the use of an educational and research-based loT test-bed with multiple networking layers and heterogeneous devices connected to simultaneously support networking research, anomaly detection, and security principles, we can pinpoint some of these vulnerabilities. This work will contribute potential solutions to these vulnerabilities that can hopefully be replicated in smart cities around the world. Specifically, in the transportation section of our educational smart city several vulnerabilities in the signal lights, street lights, and the cities train network were discovered. To conduct this research two scenarios were developed. These consisted of inside the network security and network perimeter security. For the latter we were able to find extensive vulnerabilities that would allow an attacker to map the entire smart city sub-network. Solutions to this problem are outlined that utilize an Intrusion Detection System and Port Mirroring. However, while we were able to exploit the city's Programmable Logic Controller (PLC) once inside the network, it was found that due to dated Supervisory Control and Data Acquisition (SCADA) systems, there were almost no solutions to these exploits.more » « less
-
Industrial control systems (ICS) include systems that control industrial processes in critical infrastructure such as electric grids, nuclear power plants, manufacturing plans, water treatment systems, pharmaceutical plants, and building automation systems. ICS represent complex systems that contain an abundance of unique devices all of which may hold different types of software, including applications, firmware and operating systems. Due to their ability to control physical infrastructure, ICS have more and more become targets of cyber-attacks, increasing the risk of serious damage, negative financial impact, disruption to business operations, disruption to communities, and even the loss of life. Ethical hacking represents one way to test the security of ICS. Ethical hacking consists of using a cyber-attacker's perspective and a variety of cybersecurity tools to actively discover vulnerabilities and entry points for potential cyber-attacks. However, ICS ethical hacking represents a difficult task due to the wide variety of devices found on ICS networks. Most ethical hackers do not hold expertise or knowledge about ICS hardware, device computing elements, protocols, vulnerabilities found on these elements, and exploits used to exploit these vulnerabilities. Effective approaches are needed to reduce the complexity of ICS ethical hacking tasks. In this study, we use ontology modeling, a knowledge representation approach in artificial intelligence (AI), to model data that represent ethical hacking tasks of building automation systems. With ontology modeling, information is stored and represented in the form of semantic graphs that express individuals, their properties, and the relations between multiple individuals. Data are drawn from sources such as the National Vulnerability Database, ExploitDB, Common Weakness Enumeration (CWE), the Common Attack Pattern and Enumeration Classification (CAPEC), and others. We show, through semantic queries, how the ontology model can automatically link together entities such as software names and versions of ICS software, vulnerabilities found on those software instances, vulnerabilities found on the protocols used by the software, exploits found on those vulnerabilities, weaknesses that represent those vulnerabilities, and attacks that can exploit those weaknesses. The ontology modeling of ICS ethical hacking and the semantic queries run over the model can reduce the complexity of ICS hacking tasks.more » « less
-
Industrial Control Systems (ICS) are the brain and backbone of nation's critical infrastructure such as nuclear power, water treatment, and petrochemical plants. In order to increase interoperability, real-time availability of data, and flexibility, information/communication technologies are adopted in this domain. While these information technologies have been effective, they are integrated into operational technologies without the necessary security defense. Designing an effective, layered security defense is not possible unless security threats are identified through a structural analysis of the ICS. For that reason, this paper provides an attacker's point of view on the reconnaissance effort necessary to gather details of the system dynamics - which are required for the development of sophisticated attacks. We present a reconnaissance approach which uses the system's I/O data to infer the dynamic model of the system. In this effort, we propose a novel cyber-attack which targets the controller proportional-integral-derivative gain values in a constant setpoint control system. Our findings will help researchers design more secure control systems.more » « less
-
null (Ed.)Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of serious concern, recent reports have shown an increase in targeted attacks aimed at manipulating physical processes to cause catastrophic consequences. This trend emphasizes the need for algorithms and tools that provide resilient and smart attack detection mechanisms to protect ICS. In this paper, we propose an anomaly detection framework for ICS based on a deep neural network. The proposed methodology uses dilated convolution and long short-term memory (LSTM) layers to learn temporal as well as long term dependencies within sensor and actuator data in an ICS. The sensor/actuator data are passed through a unique feature engineering pipeline where wavelet transformation is applied to the sensor signals to extract features that are fed into the model. Additionally, this paper explores four variations of supervised deep learning models, as well as an unsupervised support vector machine (SVM) model for this problem. The proposed framework is validated on Secure Water Treatment testbed results. This framework detects more attacks in a shorter period of time than previously published methods.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/IOTSMS53705.2021.9704886
