Where to look for hundreds of kilometres of cables underground and how to protect Moscow from cyberattacks.
With the world becoming increasingly digital and ever more reliant on daily communication, security strategies are gaining more and more attention, in particular at the state level. Russia is currently among the top five countries with the largest cybersecurity and cyberwarfare spending.
— Some people see the city as a playground for designing new spaces and improving those that already exist. Others think of it as of an endless source of data ready to be analysed: mobility, passenger traffic density, etc. But what do people involved with cybersecurity see?
— When speaking about cybersecurity, a modern city is a space where various communication networks and technological process management systems converge on a large scale. They form the basis of industry, transport and telecommunication infrastructure.
The space where these technologies converge is, on the one hand, a valuable asset. But on the other hand, it is also a point of maximum risk concentration. Despite the fact that many key IT nodes, like major communication cables and data-centers, are usually located on the outskirts, there is still a lot of infrastructure within the city limits. For instance, here we have transportation IT-systems, including more recent smart driverless transportation. There are also traditional telecommunication systems: mainly high-density last mile infrastructures. ISPs provide houses and apartments with their internet and telephone connections. These last mile systems also require management and security.
And finally, a city is a place where user traffic and internet resources are at their peak. Where are the users? In the cities. Where are the user devices? In the cities. What are IP addresses linked to? To devices and nodes they establish on connection, and these things are also mainly localised around city infrastructures.
We only see a small part of the infrastructure, the part we interact with as end users.
From the position of cybersecurity, any city is a large problem. When a cable is at the bottom of the ocean there is a little physical threat to it, except maybe for submarines and fish. Meanwhile, in a city, everything is open, close together, localised, and interconnected. A city is an example of an environment where the cascade effects of a rolling blackout come into play. If one key system goes down, it will be followed by the others, as they are not only interconnected and interdependent but are also localised within the same area.
For instance, a cyberattack aimed at the infrastructure of a power substation may lead to a temporarily blackout, resulting in service providers’ servers failing. When something stops functioning at the level of physical equipment, it immediately leads to residents losing access to any electronic services they use: if Yandex.Traffic goes down, the entire city will turn into one big traffic jam.
— You mentioned smart systems: what are they?
— A smart system is a physical infrastructure involving an automated technological process management system. Put simply, it is a program-controlled system, managed either manually, via commands entered by an operator, or functioning autonomously, under AI control. It can be a bus, a train, an industrial machine, a solar panel – anything, really.
There are automated systems for technological process management. What moves a centrifuge at a plant? A system of hardware and software, controlling mechanical engines and motors. How does an onboard computer in a driverless car function? How does an engine work? The same way: through programmed logic controllers linked to the active equipment. These controllers are being implemented in an increasing number of areas, and smart transportation is one of them.
— Let’s say a person walks through a city. An ordinary urban dweller sees walls, streets, public transport, pedestrians, CCTV, and lots of cables. But is there something that is hidden from our view?
— We only see a small part of the infrastructure, the part we interact with as end users. When we work we see the device that we are using and a Wi-Fi router hanging somewhere in the office. A CCTV camera is merely a front end, a visible part of a larger infrastructure. What is there beyond its lense? We have no idea of most of the technologies that we do not directly interact with, like the infrastructure of servers, or physical communication channels.
At 7 Butlerova St. in Moscow, the M9 node is located inside an underground maintenance well. The M9 node is the key telecommunication network of MSK-IX, Russia’s largest traffic exchange. It is here telecom that providers exchange their data. In Moscow, the MSK-IX exchange point and the M9 node, in particular, handle a significant share of operator traffic, including user and M2M traffic. Operators using MSK-IX provide service to millions of Moscow’s internet users.
Urban cybersecurity strategies currently in development will take 2-3 years before they are ready.
Rumour has it that in the last decade quite a story happened with the M9 node. A car with a malfunctioning oil duct stopped over the cover of the maintenance well. Burning oil dripped down the well and caused a short, which caused city-wide internet issues. Here you have an example of a point-of-failure infrastructure. Should something happen to it, everybody will be affected. At the same time, we as users walk right past it with no idea what it is, where it is and without interacting with it in any way.
— What city cybersecurity strategies are there?
— I have yet to see a fully developed comprehensive cybersecurity strategy for a city environment. However, projects like this are being discussed and implemented by governments and private companies in developed and developing countries: Singapore, South Korea, the US, and certain EU members. However, it does not quite fall under the usual algorithm used for creating similar concepts and documents. Cybersecurity strategies for critically important objects in separate industries are already in development: these include the energy industry, the metal industry, the petrochemical industry, and rocket fuel production. A city contains a number of infrastructures – telecom networks, power distribution systems, etc. – servicing various industries, and new security concepts and policies for these infrastructures have been in development for the last 3-4 years.
But what happens if an onboard computer in a smart car does not receive a security update? It will become vulnerable to hacking, and the person inside the car will face the danger of getting into an accident. The risks are increasing from losing data to losing human lives.
Here we have an environment where a number of industries and infrastructure types are converged within a very narrow space. We have to deal with a hypercomplex cross-sectoral mix of everything. That is why the urban cybersecurity strategies that are currently in development will take 2-3 years before they are ready.
— Have there been recorded cyberattacks targeting cities? Not technical incidents, but deliberate cyberattacks?
— A proper answer is limited by the existing terms and notions. In cybersecurity, a city space is not regarded as something that can be targeted. Instead, an attack can target a system, an infrastructure. For instance, if an attack targets equipment owned by a major telecom provider, then we can say that this particular infrastructure was attacked. Here we have a follow-up question: is there a correct way to refer to a smart city as a potential cyberattack target? I think that there are prospects for that. We should step away from focusing on the infrastructures that are being targeted and instead look into attack scenarios and potential damage models.
— Could you provide an example?
— At some point in the future, we will face attacks complex enough to trigger the failure of all smart city services, instead of targeting a single informational system.
For instance, imagine a city located next to a nuclear power plant. Hackers target a site created by its former employees, where they steal their accounts and passwords and get access to the official site of the power plant operating company. Then they obtain administrative rights and get into the private sections of the power station website, stealing sensitive information and blueprints. They proceed to publish this data and announce that they possess full information about the station subsystems and their weaknesses and that they are ready to launch a cyberattack on it. They instigate panic, threatening people into leaving the city.
Some residents start to pack and leave without waiting for any proper explanations of what is going on. Meanwhile, the attack goes on: a state news website has been hacked and now states that a radiation leak was detected, which is also confirmed by the hacked Twitter account of a state watchdog and a local police department website. People see things they can’t explain, and nobody is able to stop it, or at least provide them with a proper explanation. The panic spreads in an explosive manner, and the city falls into chaos. All this is happening, despite the fact that no actual terrorist attack is being planned.
At the city scale, the easiest way to deliver a person to their workplace is a driverless car. Robots are becoming a common sight, and these cyberphysical systems can be hacked and mismanaged.
If criminals had an opportunity to hack the server of a company which supplies the residents of the city with cars, they could get remote access to their autopilot systems. They could exploit this by activating them on a whim or even by taking over the driving control.
— How will the idea of cybersecurity change in the context of smart cities, and what should be done to avoid a serious city-wide disaster?
— The main thing that I have already mentioned is transforming the existing concept of cybersecurity in this field. Splitting it based on separate systems and infrastructures and their respective risks is obsolete; instead, we should discover other, more comprehensive ways to analyse the risks. This is already happening, but there is still a long road ahead. As smart cities grow and develop, this professional understanding matures. It involves changing cybersecurity policies, adapting priorities and adjusting standards used for their implementation. In its traditional understanding, information security must safeguard accessibility, integrity and confidentiality.
Yet when we refer to an active environment, and even more so to a cyberphysical environment, the necessity of supporting the continuity of business processes of residents and users – the operators of these cyberphysical systems – becomes crucial. This is a whole new standard which is not distinctively opposite but is rather orthogonal to our previous ideas. This process will involve reimagining the existing concepts and approaches for risk management on which we base our current cybersecurity solutions and standards. This will allow us to form risk concepts for the environment rather than for separate systems.
Secondly, the risk levels – including user risks – are going to rise. The development of a smart city inevitably spawns large-scale cyberphysical systems. At the city scale, the easiest way to deliver a pizza to the 45th floor is a drone. To deliver a person to their workplace – with a driverless car. Robots are becoming a common sight, and these cyberphysical systems can be hacked and mismanaged. The cost of hacking is rising, and the danger to cybersecurity, when these systems end up in the wrong hands, is rising with it.
How does a common user sitting in front of a computer perceive risk? Not downloading an update carries the risk of losing data, or maybe an entire laptop in the worst case scenario. But what happens if an onboard computer in a smart car does not receive a security update? It will become vulnerable to hacking, and the person inside the car will face the danger of getting into an accident. The risks are increasing from losing data to losing human lives.