Mahmoud Gad1 and Ibrahim Abualhaol2
1Cognitive Labs Inc., Ottawa, Canada
2Carleton University, Ottawa, Canada
Critical infrastructures (CI) are those assets or systems that are essential for the maintenance of vital societal functions, which include energy, utilities, and transportation. A smart city is a city that incorporates smart solutions in order to optimize its resources and improve the quality of service. Resource management includes waste management, water management, and energy management. The quality of service includes e‐governance and citizen services, urban mobility, and telecommunications. This purpose is associated with a mission of driving economic growth and improves the quality of life of smart city citizens.
Smart cities services may be categorized into transportation, environment services, utility management, administration, and public safety, as shown in Figure 22.1. A more detailed taxonomy of smart cities services can be found in Lee and Lee (2014).
The concept of smart city embraces several definitions depending on the meaning of the word “smart.” In Bowerman et al. (2000), it is a city that monitors and integrates all its critical infrastructures, including roads, bridges, tunnels, rails, subways, airports, seaports, communications, water, power, and even major buildings. Additionally, it can better optimize its resources, plan its preventive maintenance activities, and monitor security aspects while maximizing services to its citizens. In Harrison et al. (2010), it is a city connecting the physical infrastructure, the IT infrastructure, the social infrastructure, and the business infrastructure to leverage the collective intelligence of the city. According to Toppeta (2010), a smart city is a city that combines information and communication technology (ICT) and Web 2.0 technology with other organizational, design, and planning efforts to dematerialize and speed up bureaucratic processes and help to identify new, innovative solutions to city management complexity, in order to improve sustainability and livability. A systematic literature review of the definition can be found in Cocchia (2014). The evolution of the definition, over the years, highlights the importance of data and the integration between physical and cyber‐systems in the design and operation of smart cities.
One of the challenges confronting smart cities is the volume of data collected from critical infrastructure subsystems. These data vary in type, importance, and sensitivity, which introduces a new challenge for any cybersecurity solution proposed for smart cities. In addition, any cybersecurity solution must be usable by the operators and end users. Usability is defined as the degree to which a user can complete tasks effectively and efficiently. A usable system is one that meets the needs of the user. Usability is concerned with functionality/usefulness, ease of learning, ease of use, aesthetics, user satisfaction and quality Rubin and Chisnell (2008). Usability consists of five factors: ease of learning, task efficiency, ease of remembering, understandability, and subjective satisfaction (Lauesen and Younessi, 1998). This raises the need for an innovative approach to designing cyber‐fusion centers that aim at enabling the operator to make informed decisions and providing informed data‐driven insights for future improvements.
Chourabi et al. (2012) identified two categories of challenges that smart cities would face: (i) managerial and organizational challenges and (ii) technological challenges. Gil‐Garcia and Pardo (2005) identified the managerial and organizational challenges as well as the strategies to tackle them. From a cybersecurity point of view, the most important strategies are preplanning, setting clear and measurable deliverables, end‐user involvement in the decision process by providing a feedback mechanism, and continuous improvements to the system. The technological challenges were outlined by Ebrahim and Irani (2005). They include operational challenges, organizational challenges, and IT skills. These challenges and strategies should be taken into consideration when designing any cybersecurity solution for smart cities.
The chapter is presented as follows. A typical cyberattack surface is presented in Section 22.2. Then, we present the design science approach to secure smart city systems in Section 22.3. After that, we present the risk‐based NIST Cybersecurity Framework in Section 22.4. Then, we propose the use of a cybersecurity fusion center with big data analytics in Section 22.5. Finally, we conclude the chapter in Section 22.6.
In October 2016, the Internet witnessed a record‐breaking massive distributed denial of service (DDoS) attack of over 1.2 Tbps against Dyn, a domain name service (DNS) provider. Arbor Networks Inc. reported that the original attack was conducted by at least one Mirai IoT botnet and spread into 500,000 IoT devices, with clusters around the world, including China, Hong Kong, Taiwan, South Korea, Southeast Asia, Brazil, Spain, and elsewhere. This caused a sudden outage of popular sites and services, including Twitter, SoundCloud, Spotify, and Shopify. This incident highlights the vulnerability of one of the key enablers in smart cities.
Three key enablers of smart cities are the Internet of things (IoT), smartphones, and cloud computing. Their integration with smart city critical infrastructure should be considered with cybersecurity threats in mind.
Internet of things (IoT): The IoT is one of the major technologies that will shape the future of the digital world including smart cities and homes. It is a mesh network of physical objects that either exchange data in peer‐to‐peer (P2P) mode or communicate and relay information with the service provider (Atzori, Iera, and Morabito. 2010). There are many connected objects today such as electronic appliances (microwaves, cameras, refrigerators, etc.) that rely on RFID technology and state‐of‐the‐art software and sensors (Xiaohang, 2004) in their proper operation. IoT objects can be sensed and controlled across local area networks (LANs) or wide area networks (WANs). Here are a few key applications of smart dust in the context of smart cities and homes:
Smartphones: Smartphones today contain a variety of chips and sensors such as GPS, gyroscope, microphone, camera, and accelerometer, among others, that are generating a lot of raw data (Soldo, Quarto, and Di Lecce, 2012).
In the context of a smart home, for instance (Balakrishna, 2012), there are already some applications that run on smartphones to control many appliances in the home, such as TV sets, lights, garage doors, and security cameras. Moreover, users can operate their smartphones in order to interact with their city, receive live information, and connect with local authorities and public transportation systems.
Cloud Computing: Cloud computing has become a de facto platform to enable content delivery to consumers (Obaidat and Nicopolitidis, 2016). Provided pervasive computing today, largely enabled by smartphones and IoT devices, massive amounts of data need to be processed in order to transform raw data into insightful information. Current computing paradigms are no longer suitable for such endeavors. Cloud computing has three main offers:
A combination of the aforementioned service cloud offering leads to the emergence of other types commonly known as XaaS (everything as a service) such as storage as a service, communications as a service, network as a service, monitoring as a service, analytics as a service, data as a service, and so on (Obaidat and Nicopolitidis, 2016).
In this section, we use the list of software weaknesses known as common attack pattern enumeration and classification (CAPEC) to describe the common patterns based on the attack domains and attack mechanisms (MITRE Corporation, 2017). This classification helps smart city security designers to understand the cybersecurity attack surface.
In this category, attackers focus on using the weaknesses in the communication protocols. They can block, manipulate, or eavesdrop on communications in an attempt to achieve a desired negative technical impact. Attacks in this category may be classified into three subcategories: interception, protocol manipulation, and obstruction. In a typical smart city, this attack domain includes radio and wireless connections, fiber links, and cable links.
Attack patterns within this category focus on the exploitation of software applications. Attacks in this category could exploit weaknesses in the design of the software, its implementation, or both. There are many subcategories of attacks including brute force, software integrity attacks, reverse engineering, and code injection. This includes applications on corporate IT networks, sensors firmware, middleware code, and others.
Attacks in this category focus on the physical hardware used in cyber‐physical systems. This includes replacement, destruction, modification, and exploitation of hardware components. Attacks against hardware components target the chips, circuit boards, device ports, or other components that comprise a cyber‐physical system (e.g., SCADA and PLC systems). Sophisticated attacks may include hardware footprinting, hardware integrity attacks, and malicious logic insertion.
This category of attacks focuses on the manipulation and exploitation of system users by convincing someone to perform actions or disclose confidential information, often resulting in access to computer systems or assets. Techniques in this category can range from social information gathering attacks, to information elicitation via social engineering, to target influence via social engineering.
Table 22.1 Attack Mechanisms on Smart Cities Infrastructure Systems.
Category | Attack mechanism |
Gather information | Gathering, collecting, and theft of information |
Deplete resources | Depletion of a resource to affect service availability |
Injection | Control or disrupt the behavior of a target through crafted input data |
Deceptive interactions | Malicious interactions with a target in an attempt to deceive the target |
Manipulate timing and state | Exploit weaknesses in timing or state maintaining functions to perform unauthorized actions |
Abuse of functionality | Manipulate one or more functions of an application in order to achieve a malicious objective |
Probabilistic techniques | Utilize probabilistic techniques to explore and overcome security properties of the target |
Exploitation of authentication | Target exploitation of weaknesses, limitations, and assumptions in the mechanisms utilized to manage identity and authentication |
Exploitation of authorization | Target exploitation of weaknesses, limitations, and assumptions in the mechanisms a target utilizes to manage access to its resources or authorize utilization of its functionality |
Manipulate data structures | Manipulate characteristics of system data structures in order to violate their intended usage |
Manipulate resources | Manipulate system resources or attributes in order to perform an attack |
Analyze target | Analyze a target system, protocol, message, or application in order to overcome protections on the target or as a precursor to other attacks |
Gain physical access | Gain physical access to a system or device |
Execute code | Use of malicious code to achieve a desired negative technical impact |
Alter system components | Alter or manipulate system components in an attempt to achieve a desired negative technical impact |
Manipulate system users | Manipulate a user in an attempt to achieve a desired negative technical impact |
This category focuses on the disruption of the supply chain lifecycle caused by the manipulation of computer system hardware, software, or services with the purpose of espionage, data or IP theft, or the disruption of mission‐critical operations. Supply chain operations are usually multinational with manufacturing and delivery occurring across multiple locations, offering an attacker multiple points for disruption. This can be done by modification during manufacturing or manipulation during distribution (MDD).
Attacks in this category exploit weaknesses in the physical security of a system. This includes bypassing physical security, physical theft, and physical destruction of device or component.
Table 22.1 describes the different possible attack mechanisms on smart cities critical infrastructure. Each of these mechanisms must be taken into consideration when designing a security solution for smart cities.
Design can be defined as the process of inventing objects that perform specific functions (Hatch, 2001). Design science has been successfully applied to many domains (Romme and Endenburg, 2006). Muegge and Craigen (2015) proposed a five‐step design process to be applied to cybersecurity design problems. The five steps are presented in Figure 22.2 as follows:
In the following, we propose a set of design principles for securing smart cities infrastructure based on the literature survey in Sections 22.1 and 22.2. These principles are enabled by utilizing the NIST Framework in a cybersecurity fusion center with Big Data analytics capabilities.
The NIST cybersecurity framework is a risk‐based approach for managing cybersecurity risks. It consists of three components: core, profile, and tiers. The framework core presents the cybersecurity activities and informative references (subcategories) organized around particular outcomes (categories) to achieve five functionalities. The framework core functions are identify, protect, detect, respond, and recover. Identify can be thought of as the answer to the question “What are the assets that need protection?” Protect is an answer to the question “What safeguards are available?” Detect is an answer to “What techniques can identify incidents?” Respond is an answer to “What techniques can contain impacts of incidents?” And recover is an answer to “What techniques can restore capabilities?” The NIST cybersecurity framework core is presented in Table 22.2 (NIST, 2014).
Table 22.2 NIST Cybersecurity Framework Core.
Function | Categories | Fusion center phase |
Identify |
|
Descriptive phase |
Protect |
|
Predictive phase |
Detect |
|
Predictive phase |
Respond |
|
Prescriptive phase |
Recover |
|
Prescriptive phase |
Table 22.3 NIST Framework Definitions.
Term | Definition |
Framework core | A set of cybersecurity activities and references that are common across critical infrastructure sectors and are organized around particular outcomes. The framework core comprises four types of elements: functions, categories, subcategories, and informative references. |
Framework tier | A lens through which to view the characteristics of an organization's approach to risk—how an organization views cybersecurity risk and the processes in place to manage that risk. |
Framework profile | A representation of the outcomes that a particular system or organization has selected from the framework categories and subcategories. |
Function | One of the main components of the framework. Functions provide the highest level of structure for organizing basic cybersecurity activities into categories and subcategories. The five functions are identify, protect, detect, respond, and recover. |
The NIST framework profile aligns industry standards and best practices to the framework core in a particular implementation scenario. Building the profile is an innovation by itself, and it needs prioritization and consideration of resources and capabilities in each of the smart city critical infrastructure systems. The framework profile aligns functions and categories with requirements, risk tolerance, and resources of a critical infrastructure. The framework tiers provide context to how a critical infrastructure deals with a cybersecurity risk. A critical infrastructure can assess current security practices and use the tier system to prioritize improvements. A summarized list of important NIST framework definitions is provided in Table 22.3 (NIST, 2014).
The framework profile describes the current state or desired target state of cybersecurity activities. The profile enables organizations or critical infrastructures to establish a roadmap for reducing cybersecurity risks that is well aligned with organizational and sector goals and management priorities. The references recommended by the framework are standards and practices that are globally accepted, which help facilitate the operation of the framework on a global base. Industry and nonprofits are improving the framework by mapping sector's specific standards, guidelines, and best practices to the framework. They are also developing and sharing examples of how organizations are using the framework. One important example of implementing the framework in a smart city critical infrastructure component (e.g., energy sector) is given in Table 22.4. Table 22.4 summarizes the main highlights and recommendations of implementing the NIST cybersecurity framework at the USA energy sector. These insights align with the importance of implementing a fusion center that simplifies the operations and provides cybersecurity maturity insights, as it is proposed in the next section.
Table 22.4 USA Energy Sector Case Study (US DOE, 2015).
Highlights and recommendations |
|
As described in Section 22.1, a smart city is a collection of critical infrastructures that need to be operated with minimum cybersecurity risk. One well‐proven risk‐based approach is the NIST cybersecurity framework that highlights the importance of minimizing the risk in three dimensions (vulnerability, threat, and damage) using five functionalities (identify, protect, detect, recover, and respond).
To enable the implementation of such framework and to provide insights into the adopted design science approach, we are proposing an analytics‐driven cybersecurity fusion center, as given in Table 22.5. The fusion center consists of three phases, each of which has three characteristics inspired by the work in Delen and Demirkan (2013) and Wang et al. (2015).
Table 22.5 A Smart City Cybersecurity Fusion Center.
Cybersecurity Fusion Center | |||
Descriptive | Predictive | Prescriptive | |
Questions |
|
|
|
Enablers |
|
|
|
Outcomes | Well‐defined cybersecurity incident and countermeasures | Accurate projection of future cybersecurity risks in terms of vulnerabilities, threats, and damages | Best possible operations and future design decisions |
The first phase is a descriptive phase, where the fusion center utilizes cybersecurity reports and critical infrastructures monitoring dashboards and scorecards and data aggregated from sensors. It aims not only to answer the questions of what is happening and why it happened but also to reach to well‐defined cybersecurity incidents and possible countermeasures. This phase is based on the previously articulated science design approach and provides insights into both identify and detect functionalities in the NIST Framework.
The second phase is the predictive phase, where the answer to questions such as what will happen and why it will happen can be reached. The patterns that are hidden in a big data (volume, velocity, variety, and veracity) collection are immensely valuable in answering those questions. Machine learning with text mining, web/media mining, and forecasting enable an accurate projection of future cybersecurity risks in terms of vulnerabilities, threats, and damages, which align with the NIST framework functionalities such as detect and recover.
The third prescriptive phase tackles the NIST framework's respond functionality and provides valuable insights into the previously articulated design science approach. In this phase (i.e., the prescriptive phase), questions such as what should we do and why should we do it in terms of operations and future designs are raised. To enable the prescriptive phase, optimizations, simulations, decision models, and expert systems are integrated into the fusion center to provide the best possible operations and future design decisions that would minimize the cybersecurity risk in smart cities' critical infrastructure.
The cybersecurity fusion center with big data analytics is visualized in Figure 22.3. The NIST framework functionalities (outer circle) are achieved in the three phases analytics (inner circle).
In this chapter, we proposed an integrated risk‐based cybersecurity approach with design science in mind and enabled it with a Big Data analytics fusion center solution to help minimize the cybersecurity risk exposure. The risk‐based NIST framework focuses on minimizing the risk to critical infrastructures within smart cities in five functionalities: identify, detect, protect, recover, and respond. These functionalities help improve the smart city cybersecurity in two dimensions: design and operations. The Big Data aggregated by the different smart city systems and users is utilized by the fusion center analytics engine to provide descriptive (identify), predictive (detect and protect), and prescriptive (respond and recover) functionalities that align together to minimize the cybersecurity risk during operations and provide insights for future improved designs.
Abbreviation | Definition |
BART | Bay Area Rapid Transit |
C2M2 | Cybersecurity maturity model |
CAPEC | Common attack pattern enumeration and classification |
CI | Critical infrastructures |
DDoS | Distributed denial of service |
DNS | Domain name service |
GPS | Global Positioning System |
IaaS | Infrastructure as a service |
ICT | Information and communication technology |
IoT | Internet of things |
LAN | Local area network |
MDD | Manipulation during distribution |
NHS | National Health Services |
NIST | National Institute of Standards and Technology |
P2P | Peer‐to‐peer |
PaaS | Platform as a service |
PLC | Programmable logic controller |
RFID | Radio‐frequency identification |
SaaS | Software as a service |
SCADA | Supervisory control and data acquisition |
Tbps | Terabytes per second |
WAN | Wide area network |
XaaS | Everything as a service |
3.21.43.192