How will Australian smart cities defend against hackers?
Australian metropolises being wired up as ‘smart cities’ face an emerging security threat. While many of these technologically advanced metro areas will benefit from improved surveillance and physical protection, they could also be a lure for hackers.
The potential for cyber criminals to do damage grows as more and more urban control systems get connected, says Reuven Harrison, chief technology officer and co-founder of the network security company Tufin.
“Hackers that find a way in through vulnerabilities in one system could then move laterally through various infrastructural data centres to gain access to citizens’ sensitive personal information,” he says.
The threat isn’t just about personal information, either. In December of 2014, hackers besieged 23 nuclear reactors in South Korea.
Korea Hydro and Nuclear Power said there was no danger to the power plants, but the cyber criminals were able to make away with non-critical data.
And while Australians need not worry about nuclear plants going offline, the episode showed how easy it was for hackers to break into critical infrastructure.
That’s a concern for places such as Brisbane, Adelaide, Ipswich, Sunshine Coast and Canterbury-Bankstown, which were all shortlisted for Australian Smart Cities Awards last year.
It’s also potentially a worry for communities benefiting from initiatives such as the $50 million Smart Cities and Suburbs Program launched by the Australian government in 2016, or private-sector projects spearheaded by tech giants such as Bosch.
Much of the investment needed for smart cities goes into installing Internet-of-things (IoT) devices such as sensors and automation systems. And these are already being targeted by criminals.
In August 2016, for example, connected devices such as home routers and IP cameras were overrun by an IoT botnet called Mirai. Infected devices were then used as hosts for distributed denial of service attacks. Mirai is still out there, being updated every day.
Faced with such pervasive threats, what should Australia’s smart city planners do? Perhaps the most important step is to recognise that the scope for modern-day urban security has increased.
Hence security professionals will need to include cyber protection in any civil defence plans. “Clearly, ensuring any connected systems and services are effectively secured at all times must be a priority,” Harrison says.
“Every time a new system or device is connected to the network, or something is changed, it can potentially introduce new vulnerabilities elsewhere in the network,” he notes.
It is also important to bear in mind that the sheer scale of smart city IT infrastructures might require more extensive forms of cyber protection than those used traditionally today.
Just ensuring sensitive data is encrypted effectively, networks are segmented properly, and access is strictly controlled can result in hundreds of changes a day to various firewalls and systems across a smart city network, Harrison points out.
“The potential for human errors and omissions is huge and is becoming ever huger as the complexity of public-sector systems and networks grows,” he says.
As a result, he believes, the process of monitoring and approving network access will have to go from human hands as smart cities evolve.
This means those in charge of networks will need to automate the design, provisioning, analysis, and auditing of network security changes in applications and networks.
Orchestration tools can be set up to understand a smart city’s security and compliance policies and ensure every component of its sprawling networks continually adheres to them.
But it’s a process that IT and security experts need to grapple with today, not tomorrow.
According to Jason Hart, an award-winning cyber security expert, when it comes to guarding smart cities the security community is already playing catch-up with hackers. “We’re already too late,” he says. “The basics have not been implemented.”
There’s a reason why the Security Exhibition & Conference, the leading industry event for security professionals in Australia, is pushing IT defence at its Cyber Zone in 2019. The smart cities of tomorrow won’t just be subject to physical dangers but will also have to face the threat of hackers already targeting the Internet of things.
Visit Security in July, the largest trade event for the security industry, to see all the latest access control products and services available.