Smart cities and the threat within

null

When a typical citizen thinks of a smart city, they think of a city that is fully connected like a smart home. A city that has lighting, train schedules, traffic lights, and everything integrated to make the citizen feel safe, on time, and provide maximum comfort.   

The truth is, the definition is different for every city and for every country. A true smart city starts with an ecofriendly environment that is sustainable, reliable, and builds technology on top of not being a drain on natural resources. This can include everything from renewable energy like solar to urban gardening on buildings and backyards. The goal is to make a city sustainable. Once the vision is understood, then technology plays a part. Whether this is enablement of driverless cars or train schedules depends on the city itself. If you consider all the possibilities, we then understand the number of potentially accessible devices, services, applications, and resources.   

While not all of these would be directly accessible to the citizen, they would need to be electronically addressable. The current standards for IPv4 are grossly inadequate to meet these needs. There are just not enough IP addresses to assign to all the devices. This is where IPv6 becomes relevant for any smart city plans and potentially the threats that can lie within. 

IPv6 was developed to address the problems of running out of public IP addresses in 1998. Its adoption has been slowed by the inception of Network Address Translation (NAT), legacy solutions, and the sheer fact that a human being cannot easily remember an IPv6 address verses and an IPv4 one (i.e. 192.168.1.200 verses fe80::54c4:14ee:5d69:9435). While the number of combinations possible for IPv4 address is 2^32, IPv6 allows for a staggering 2^128. That should easily accommodate every smart city in the world with unique addresses for every single device and still have room for private addresses within governments and businesses.  

With this in mind, implementing a true smart city means that all of the devices should be IPv6 addressable, our infrastructure needs to be able to manage all of these devices, and our cyber defences scale to the volume needed to protect everything. This means security best practices like vulnerability management, patch management, and privileged access management for a smart city need to accommodate millions of potentially dumb devices from street lights to cameras. A volume exceeding anything we have today and a volume exceeding the capabilities of most security and management tools. This is growth beyond anything we have seen before and an exponential risk surface of unimaginable proportions.   

We need to begin being smart in terms of our smart city plans. Smart about management, security, the tools, workflow and policies for sustainable management. A botnet of hundreds of thousands of streetlights would put the threats of the Mirai botnet to shame. So how do we move forward?   

Consider the following recommendations to scale a smart city (or any large IPv6 environment) for public usage: 

1. Even though there are enough IPv6 addresses to make every device (everywhere) unique, they do not need to be routable from public access. Security best practices for segmentation are still very much applicable and even more so to keep IoT and IIoT devices from direct access. Smart cities should keep their resources off the public Internet and user secure middleware to instrument their usage for normal consumption. 

2. Each device should have unique credentials. With potentially millions of devices, any shared, reused, default, or dictionary-based passwords (or keys) could allow malicious access and lateral movement. Consider implementing a privileged access management solution for password management and rotation to keep every device unique and secure from rogue root or administrator access. 

3. While we consider millions of addressable devices, the human mind cannot remember or communicate IPv6 addresses effectively. This why a robust and resilient DNS implementation becomes a tier one service. Typically, cameras, street lights, and even trash cans have serial numbers or identification schemes that teams can understand and reference for a specific device. A successful DNS implementation in a smart city uses the same scheme so teams can identify the asset electronically and physically to remediate any potential problems. 

4. Security best practices for asset, vulnerability, and patch management are more relevant than ever. Information technology teams must be able to inventory all smart city assets and determine if security risks are present. If they are, a remediation plan should be able to patch systems or even flash firmware. Visiting every street light with a USB stick to flash firmware is not acceptable. Any, and all deployments of resources needs to be centrally managed and allow for centralised remediation and inventory. 

5. In a smart city, it is completely cost prohibitive to think every device will be wired. While some might be, many will be wireless. Whether the device is WiFi based, cellular (LTE, 4G or 5G for example), the challenges in securing wireless communications from man in the middle attacks to jammers need to be considered. To that end, all communications should be encrypted and strong access control lists enforced. Successfully wardriving a smart city to identify vulnerabilities in the infrastructure is just not acceptable. 

6. Your choice of management tools from inventory and asset management to logging need to be able scale to your city’s needs. It is doubtful many on premise solutions will meet your needs from a centralised routing perspective, bandwidth, or even scalability. This makes management of your smart city ideal from the cloud. If you consider all the diversification needed to instrument a smart city, potential network zones and segmentation, and the protection of sensitive systems and critical infrastructure, the cloud provides a central point to manage everything. With more devices, there is a need for more resources and management. While the cloud is not infinitely scalable, it definitely can scale from a PaaS, SaaS, and IaaS, perspective to make smart cities a reality. 

Whether you are ready for it or not, smart cities are coming. With the enablement of mobile technologies and the convenience and efficiencies of mobile applications and electronic payments, the cities of the future will make our lives more convenient, sustainable, efficient, and less problematic (when everything is working right). Security threats, bad architectures, and threat actors will test our new standards, implementations, and limits of our patience and intellect. They will be the first widespread implementations of IPv6 and potentially add common devices like street lights to resources we already consider critical infrastructure. 

While the definition of a smart city will vary by location and country, one thing is for certain, once we connect and enable them electronically, a threat actor somewhere will try and attack it. That is for certain.   

Morey J. Haber, Chief Technology Officer at BeyondTrust 

Image Credit: Jamesteohart / Shutterstock