Post-Mirai: Managing the Attack Surface of a Smart City

Smart cities are being planned the world over. Technology development always goes through two phases for any new discipline; first, tools are developed, and infrastructure is built and enabled. Second, the technology is scaled up. In the case of smart cities, we are in the first phase, where many of the kinks and challenges are still being ironed out.

What to Expect from Smart Cities

Here are some examples of services a smart city might provide:

• Coordinated energy control of air conditioners at homes during hot summer days to manage and preserve city power resources
• Directed local discounts in retail and restaurants to avoid city congestion
• An automatic fee for driving a vehicle during highly congested periods
• A smart directed parking app that automatically discounts congestion charges for parking in specific parking lots
• Real-time sensor data to warn citizens affected by allergens and irritants
• Real-time sensor data of standing water for mosquito breeding, etc.
• Vehicle-to-vehicle communication, autonomous driving technology and infrastructure with embedded sensors to warn of things like imminent traffic jams, construction, best routes for navigation during emergencies, etc. based on real-time traffic patterns.

To enable such services, smart cities will need to deploy plenty of IoT devices and services for metering, sensing and controlling.

The Attack Surface of Smart Cities

The increase in the size of a smart city’s IoT device footprint corresponds to an increase in the size of its attack surface.

As was seen recently in a series of IoT-based denial of service attacks, IoT devices can be compromised and hijacked into a Shadownet (an IoT-based botnet that can’t be seen or tracked using normal browsers or tools) and controlled by a command and control (C&C) center run by hackers. Alternatively, these devices and services may be attacked in order to deny services to legitimate users.

Here are some examples of what hackers and attackers can do:

• Take control of parking, traffic lights, signage, street lighting and automated bus stops. For example, changing highway signs to read “Terrorist threat in area” or “Danger: toxic spill ahead” could seriously disrupt traffic and cause panic among drivers
• Direct all cars and buses to a specific area to create congestion and gridlock
• Disable local transportation, thereby disrupting businesses and services because employees can’t get to work
• Open causeways to spill sewage and untreated waste water into parks, rivers and communities
• Cut off access to drinking water
• Send fake SMS directing people to a specific location, such as a targeted business or government agency
• Remotely switching off air conditioners or furnaces during extreme temperature days
• Randomly turning on fire and burglar alarms throughout the city

Increasing the security in smart cities from the inside

While it’s not possible to secure every conceivable network breach in a totally connected environment, it doesn’t mean we need to go back to the Stone Age. Instead, it’s possible to take some key initial steps to strengthen the smart city’s security posture and architecture.

• Use strong encryption
• Design systems that have strong protection against tampering
• Provide strong access control, authentication and authorization
• Maintain detailed logging of activities
• Segment services for individual sub-systems, and then aggregate and pool data that you want to make publicly accessible
• Create centralized management, analysis and control systems through segmented and secured administration channels to troubleshoot problems
• Set baseline standards that trigger alarms or require manual override when thresholds are crossed or anomalous behavior is detected, such as rerouting traffic or disabling water treatment

Segmentation is the Key

With a complex smart city network, segmentation is the key. For example, the Smart Transportation network needs to be logically segmented from other smart networks, such as user services, websites or energy networks, etc. This aids in isolating an attack and allows for the advanced detection of data and threats as attacks and malware move from one network zone to the other. This also divides the smart city network into security zones, which aids in compliance, monitoring internal traffic and devices, and preventing unauthorized access to restricted data and resources.

Such segmentation will ensure that the majority of the IoT components deployed across the smart city only communicate with those devices and systems that they should and only talk in the protocols they have been assigned. This will also ensure that the interior network doesn’t get hacked and can’t participate in a DDoS attack.

In a similar way, other smart networks in the city can be segmented and isolated from each other, thereby avoiding the spread of malware and reducing the impact of any hacks and attacks. Further, smart cities must make the ability of IoT equipment to support and control such traffic an essential purchasing requirement.

Increasing the Security in Smart Cities from the Outside: DDoS Attacks

While network segmentation will ensure that the internal network is protected and its integrity and availability are preserved, we need to increase the availability of the smart city’s Internet-facing properties. DDoS attacks can be easily used to overwhelm this infrastructure. Depending on the size of the pipe and expected worst-case scenarios, city IT teams must develop and implement and effective DDoS attack mitigation strategy. This may be comprised of either an overprovisioned appliance solution or a hybrid solution consisting of appliances combined with a cloud-based scrubbing center.

An overprovisioned appliance solution enables you to manage DDoS attacks that are larger than your normal bandwidth usage. For example, if your normal user traffic is 1 Gbps, develop a plan for a 20 Gbps DDoS attack that includes deploying an appliance to mitigate such attacks, and provision for such potential bandwidth requirements from your service provider. If the actual attack is expected to be larger than your service provider bandwidth, however, you may need a hybrid solution that includes a cloud-based scrubber that works closely with your DDoS appliance solution.

From Smart to Smarter

Smart cities hold the promise of better quality of life and greater convenience and safety for their citizens. Cybercriminals have already demonstrated that they will do all they can to breach networks and cause mayhem, so security is paramount. Because a smart city’s attack surface is so extenstive, next-generation network segmentation is needed to protect against hackers and DDoS attacks. As time passes, smart cities will become even smarter as they learn from researchers, from each other and from incidents that are bound to happen.

About the Author:

Hemant Jain is VP of Engineering at Fortinet (News - Alert). He is responsible for all DDoS attack mitigation related technology at Fortinet including FortiDDoS series of products. He joined Fortinet, via acquisition of IntruGuard, which he founded in 2003. Hemant was a lead architect at Internet Devices as well as at Alcatel, where he led a range of technologies in the Internet security space. Hemant is CISSP and a proud member of InfraGard (News - Alert). He is a leading authority in the DDoS space, with over seven patents and pending applications in the DDoS attack mitigation space alone.