Remote working has become a new normal and availing online services and getting products delivered to doorsteps have become a new habit. Since the COVID pandemic, the adoption of technology surged dramatically and transformed the lives of people worldwide. This transformation made life easy and convenient but also brought along a threat to cybersecurity which is now a major concern. Highlighting the significance of cybersecurity in a smart city scenario, Marat Nuriev, IoT-Business Development Manager, Kaspersky, Moscow, Russia addressed the Governance Leadership Summit.
He commenced with a brief on Kaspersky saying, “We’ve been in the cybersecurity industry for over 20 years. We’re known as a brand providing cybersecurity solutions, anti-viruses, industry-specific solutions and more.”
Speaking on the theme of securing smart cities, Marat said, “Smart city is a concept that brings technology, society and environment together on one platform. This has increased the productivity of urban services and reduces costs and resources consumption. Also, the smart city concept focuses on improving the overall quality of life for people.” This effectiveness of smart cities can be realised by a wide range of connected systems that include smart city administration, smart transportation, and more, he added.
“One of the key technologies for smart cities is the Internet of Things (IoT) technology that consists of networking technologies and specific devices. IoT can be used in various aspects of a smart city like e-governance, smart health, smart surveillance systems, smart homes, smart transportation, etc. And, we see the merger of digital systems and the physical world,” he said. So, on one side it brings benefits as it improves the efficiency of systems, organisations and public administration. Digital processes and services make the entire governance more convenient for the people. However, risks of cyberattacks, data breaches, hacking, etc. accompany the technology. “For the attackers/ hackers, the various connections in the IoT system opens up opportunity,” Marat added.
Addressing statistics he said, “If we observe the growth in the number of cyberattacks, this had increased 10 folds in 2020 when compared with the cyberattacks identified in 2017.” Elaborating on cyberattacks Marat said, “If we observe the cyberattacks we find out that nine of every 10 attacks were on Linux operated systems. Linux is the most preferred operating system for working algorithms and for developers… If we take a look at statistics on the type of operating systems used in botnets, we see the majority of them are Linux-powered machines.”
Mentioning vulnerabilities in embedded device libraries, he said, “In June 2020, an Israel based company JSOF discovered a vulnerability called Ripple20. This vulnerability affects millions of devices worldwide using the Trek networking library for the TCP/IP stack. This Trek TCP/IP was developed 1990s. Most devices with these cannot be updated either they are outdated or they do not receive updates. Another vulnerability is Amnesia:33. These are 33 vulnerabilities in four open-source implementations of TCP/IP stack – uIP, FNET, pico TCP, and Nut/Net. According to Forescout, these protocol stacks are used in products of 158 vendors/manufacturers of communication modules, office equipment, IoT.”
Highlighting the actual target of cybercriminals in smart city systems, he said, “Almost all smart city verticals are at risk so attacks can be focused on traditional IT and cloud infrastructure. Also, attacks can be focused on communication networks, IoT components in mobile applications or specific verticals can be a target like smart grids, smart transportation, etc.”
Further, he cited a few case studies of cyberattacks. One of the case studies is of the traffic cameras. Over 100 traffic cams in the Moscow region were disabled in cyber-incident. The attack resulted in damage to file systems of processing and control units, making it impossible to launch camera OS and software. OS system logs were damaged and the cameras remained out of service for five days. After Kaspersky’s research on the case concluded that many cameras had no protection from attacking or falsification of transmitted data. Further, the cameras being wireless opened opportunities for Man-in-Middle attacks.
Addressing cybersecurity strategies for smart cities, Marat said, “When we study the cyberattacks on smart city systems we found that most of them could have been avoided with the right approach which is right principles of system design that takes into account the cybersecurity from the very beginning and not afterwards.” Therefore, recommendations from Kaspersky is to establish the right principles to ensure the long-term cyber protection of smart cities. These principles include two aspects – organisational and technological. The organisational principles include standardisation (ISO/IEC), education, threat analysis, while the technological principles include timely implementation of cyber protection and design based on IMMUNE systems. This approach forms a cyber fence to protect the system, however, it’s not enough. So, Kaspersky offers Cyber Immunity as a product that offers a secure-by-design system, microkernel architecture, security layer isolation for all modules and trusted behaviour, he added.
Further, he detailed a few more cybersecurity solutions, services and products from Kaspersky that offers the security of IoT gateways to protect smart city systems.