Kathy Gibson reports from Kaspersky Labs’ Cybersecurity conference in Baku – Smart cities are on their way: around the world, cities are looking to connected infrastructure and communications to improve service delivery to citizens – but the benefits of smart cities come with a host of new and potentially crippling cyberthreats.
Denis Legezo, technology positioning manager at Kaspersky Lab, points out that the Internet of Things (IoT) changes the security landscape entirely, and Kaspersky has seen a sharp increase in the number of threats being reported.
“These devices are not supposed to be online – but many of them are,” he says. In fact, about 600 000 ICS devices can be found on the Internet today, and this number of growing.
More worrying is the number of CCTV cameras that can be found online simply by searching for them. Even power turbines have been identified as connected and accessible by literally anyone with an Internet connection.
“Even a schoolchild could search these devices online and find them,” says Legezo.
Hospitals are among the most vulnerable sites, with new IoT devices joining the local area network and WiFi connectivity to increase the number of threats for these systems.
A number of cities have installed sensors on roads to monitor traffic flows, check speed compliance and add security to the area.
“A hacker can literally stand underneath many of these sensors, on the kerb, and access all the information that has been collected,” Legezo says.
“In addition, people can change the status of these devices quite easily.”
With the growth of the IoT, more commonplace devices could become potential entry points for attacks: even cameras or appliances will be linked to home or corporate networks and open of new vulnerabilities.
To counteract the threat, Legezo advises industrial organisations to start thinking out of the box: to accept that attacks probably won’t come be the same as before. In light of this, they should look to developing new standards that are more appropriate for the changing environment.
Businesses should be more careful of patch management, password, management and whitelisting in order to mitigate the growing threats.
Amin Hasbini, senior security researcher at Kaspersky Lab, points out that the smart city threat is exacerbated by the fact that there are many different standards in use.
A CRO Forum study shows that threats are becoming easier for cybercriminals to carry out; while their sophistication is increasing.
“In a smart city, such threats could be the source of lot of danger.”
In the Ukraine, a recent attack led to a power black-out – but it could have been much worse. “We could start seeing gas and oil pipeline outages, petrol short supplies, transportation shutdown, and inventories being exhausted in factories or hospitals.
The UK has assessed the risk of an extended power failure on the country, Hasbini says. “People are starting to prepare for these kind of attacks because they see them coming.
“As we move to smarter cities where everything is reachable, the threat grows,” he adds.
Kaspersky Lab is a member of SecuringSmartCities.org, a non-profit organisation that is working hard to secure cities, with a large number of vendors working together to develop solutions.