The cybersecurity context: Smart City & IIoTFirst part of 2
This post was written by Carlos Valderrama, CIPSEC Project Manager for Worldsensing
Barcelona, Feb. 27th
The cities we live in are constantly changing. Every day, new tools and technologies appear with the aim to improve daily activities such as traffic and parking management, electricity, water, and gas and phone coverage as well as offering improvements in public services such as health, safety, waste management and public administration.
These new technologies seem to have no limits and can be applied anywhere: they appear at every corner of our cities. Already today basic services depend on interconnected objects to assist city decision-makers by transmitting huge volumes of data in a brief, graphic and comprehensive way.
However, city innovations are not only advantageous but open the door to novel cyber-security threats that have to be faced and fought by modern cyber-security heroes.
In a first step, we would like to differentiate two concepts which are similar but have different solutions depending on the context and scenario. Those two are Internet of Things (IoT) and Industrial Internet of Things (IIoT). Both technologies have their specific market and growth forecast but they are interconnected since they share the same basis: they aim to not only improve citizens’ everyday live, but the impact of business decisions through the use innovative technologies.
The Internet of Things has already had a noticeable impact on Smart Cities, the general public is already aware of the benefits of this concept and the important role it plays in our lives. The IIoT on the other hand, is a concept that evolved from the idea of Smart industries (Industry 4.0): we still have a great deal to learn about how to properly configure new technologies in order to optimize todays industrial and critical infrastructure processes. Although the effects of the IIoT are not as visible to every citizen, its impact on our everyday life is just as significant as the IoT. Both approaches have one thing in common: they depend on stable and secure wireless technologies.
In a few words, both Smart City and IIoT services depend on the combination of traditional and innovative communication technologies that allow to interconnect smart objects and elements of deployed networks in real-time in order to properly exploit collected data and thus to offer advanced functionalities to each user. This connectivity is provided through a great variety of protocols and technologies, which own their specific technical characteristics and cover determinate needs and that, are carefully selected depending on the application requirements (the chart below shows currently implemented communication technologies taking into account “packet rate” Vs “range”).
Source: Reproduced with kind permission. © 2016 Mobile Experts LLC. All Rights Reserved.
The idea of the Smart City sector is to connect physical objects with the virtual world. This allows to collect data in real time and to then transform data into useful information which provides decision-makers with actionable insights. A very simple example is the use of smartwatches within the health sector. Some Smart devices have a pulse sensor which constantly monitors the heartbeat in order to evaluate possible health risks and can trigger alerts to inform doctors about users’ health status. Picture a person suffering from a heart dysfunction who runs to catch a train. His smartwatch detects a heart rhythm pattern with a high risk of causing a heart attack and informs the user about this risk by means of an alarm. This is already happening today, this is living in a Smart City!
And then there is the Industrial Internet of Things (IIoT). It is based on the IoT which was adapted to the specific requirements of different industrial sectors and Critical Infrastructures. Critical Infrastructures require a great consumption of resources and need advanced solutions to achieve sustainability and to manage assets in an efficient way. Operators of Critical Infrastructures have spent years striving to evolve towards a more sustainable management model. Today, evolving this model is possible thanks to new technologies: sensors and interconnected devices represent the backbone of new, more efficient services which improve the operations of water treatment plants, power plants, roads, hospitals, airports, ports and many more.
Picture a Critical Infrastructure such as a water treatment plant. A few years ago, water treatment plants were depending almost completely on human intervention: for example, workers were only able to detect failures within the pumping pressure of the residual water if they observed a water leak in the pipes. Now, exploiting the IIoT benefits, water treatment plants use sensors that are able to collect real-time data regarding water pressure or density and that are deployed in each of the critical operating processes. All this data is processed and converted into useful information in order to timely identify and even forecast possible failures, thus supporting the definition of a proper maintenance plan without resulting in emergency operations. In few words: thanks to IIoT technologies water treatment processes, and any other industrial process, can be optimized to achieve economic savings and more efficient technical operations.
But what happens when Critical Infrastructures are breached by cyber attacks?
How severe can a cyber-attack affect urban water treatment systems or the radioactive storage room of a nuclear power plant?
What if cyber-attackers gained control over Smart devices which monitor water quality of a Smart City? Or if cyber-attacks blocked the residual filtering process which ensures the quality of the water treatment process? Some citizens would start suffering from a gastric infection due to unsafe tap water: bus and metro conductors, security agents, health workers - the majority of the city could be on sick leave.
In the second part of this article we will present an example of a Critical Infrastructure cyber-attack. We will classify the attack, locate it and provide a possible solution enriching our analysis with forensics proof and additional investigations. The case that we will analyze is titled: “a cyber-attack against a nuclear power plant” and for reasons of confidentiality, it will be presented as a fictitious case.
We will also explain the JAMMER technology and how it can put an entire nation in a tight spot. At the same time, we will present the main activities of the CIPSEC project which aims to counteract attacks of the wireless Denial of Service – Jammer. To be continued…
CIPSEC project results receive funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700378.
The opinions expressed and arguments employed in this publication do not necessarily reflect the official views of the Research Executive Agency (REA) nor the European Commission.