Cyber
security in urban infrastructure
Introduction
In this world of technology cities, all across the world
are being attacked by a various anonymous group or rather called it Hackers.
The urban infrastructure like energy, transportation, waste management,
communications is all being hacked. It can be said that Public health and
safety are at risk. The data of the cities are encrypted by the Hackers, and
these public agencies or the cities are being asked to pay a huge amount of money
to get back their data or get control over their data. Well, many cities end up
paying such huge money and they still don’t get the data back. Every single
day there are a plethora of attacks across the world and law enforcement is no-avail.
Law is unable to identify such attackers. And many cities don’t have money to
retrieve the data. The best thing to do for a city is to develop defensive
social-engineering. This technique is low-cost which is the best defense for
the city to avoid cyberattacks.
Scope of Cyberattacks
In 2019, various small cities in America were attacked
by hackers, every city was told to back up their data and store it offline
and update their software. Many of the Cities failed to backup and update the
software which resulted in Ransomware Attacks. It was traced that the attacks
were from Europe, Iran, and the United States. The reason these attacks are
increasing is due to the paying capacity of the cities in the United States. There
is cyber-insurance in the U.S. that if attackers demand money then the insurer
has to pay and get the data back. As the money it takes to start from scratch
is more than that demanded by the Hackers.
There were attacks on Atlanta, Baltimore where hackers
disabled the city’s computers and shut it down, they demanded $51,000 and $76,000
in Bitcoins, but both the mayors refused to pay as there is no guarantee of data.
But it cost Millions of dollars for the cities to start from new. There is
punishment for such Ransome attacks but till now no-one is punished with such
law. It has become easier for attackers to attack the small government
population cities. Here this attack is very easy because if a single person
makes a mistake then the whole municipality suffers. Even if a single click a
phishing e-mail, the virus can spread through him to the whole system of the
Government leading to attack in the system. And the only solution these cities could
do was going offline by writing notices or records on Notebook paper. As there
is no strong Legal structure to prosecute such Cyber Criminals.
Cyber Attacks
Here let’s see what’s behind such attacks …Where are
the weaknesses in these attack vectors? What makes things particularly bad for critical
urban infrastructure? How do attackers choose vulnerabilities? How do they
exploit these vulnerabilities? And what do attackers do once they've actually exploited
the vulnerability?
The First most easy attack vectors are “PEOPLE”. Let’s
consider there is a company which obviously has a member or people in it playing the
role of managers, or administrator who has access to the confidential
information in the system. Now hackers are well versed with this concept that in
order to get that confidential info. of the company, they have to bypass the
security and enter the system via these managers or administrators. Here if the
managers or any specially authorized person are not conscious then they might welcome
the hacker into the system.
And when we speak about critical urban infrastructure,
the other most attack vector are “suppliers” or “contractors” as many of the
companies don’t do everything on their own they hire such suppliers,
contractors, and these suppliers have special access to the system. Now the
reality is that Hackers ostensibly partner with these suppliers to enter into
the system and extract the information from the urban infrastructure. The most obvious attack vector is through “TECHNOLOGY”.
When we talk about any system one must remember that there is no 100% security
on the internet. And therefore, these digital public infrastructures tend to
have bugs or vulnerabilities. Hence, hackers are at ease to enter such public
infrastructure systems.
Well how do these hackers break into the public
infrastructure?
They use the “COMMERCIAL OFF SHELF TECHNOLOGY” also
known as “COTS”. Which is generally used by stores to check whether they have
the product demanded by the consumer. So the hacker can buy such software to
check and find out the vulnerabilities in the system, and by directly applying
that to the urban infrastructure. For e.g. everyone uses Windows on their PC’s,
even the Public Infrastructure of the Government use Windows. Well, the
Judiciary till date used to run UBUNTU but now they have replaced themselves
with the windows. Therefore, everyone is using the same software, which helps these
hackers to work on the system to find the weakness and directly apply the weakness
to hack the computers.
What things are bad for Urban Infrastructure?
The fact that it is challenging to manage all the different
digital systems by one person. There is the involvement of different people in
managing the system. Due to which some might be ignorant to check what software
they are using? Or what version software is being used or whether their
software is updated with the recent release.
How do Hackers choose the ‘vulnerability’ or ‘weakness’
in the system to go after?
Well, hackers would generally go for the least resistance
path which would generally let them into the system without wasting their time.
They usually go for the Public infrastructure as the government doesn’t have
experts all the time with them for updating and fixing the technology.
How do these hackers exploit such ‘vulnerabilities’?
Hackers usually use the ‘exploit kits’ which are open
source and available online for e.g. ‘KALI LINUX’ which is an OS which has pre-installed
toll kits used by many small hackers as well right from WI-FI Hacking to System
Hacking… Some hackers buy such exploit kit from “DARK WEB” or from “NATION
STATES”. And some are leaked from Government Organization. For e.g. in the US urban
infrastructure was attacked from ransomware with the help of NSA exploits (National
Security Agency) of the US itself. The main issues are that such exploits affect
many systems of the Government.
What do hackers do once they have access to the system
or Vulnerability?
Hackers have a clear goal in their mind to attack or
steal the information, but sometimes they hide into the system so
that they are not noticed by the Systems and they can attack the system next time.
And the challenge for the Government is that they don’t know whether these
hackers are hiding in the system. They come to know only when the system is
attacked.
Therefore, the Internet is not 100% safe…and our system
cannot be free from attacks all the time. The only thing we or the Government
can do is beware of such players who hack, their method of hacking, different
types of attacks, and if they break into the system what might they do…
0 Comments