Two floors beneath a modern but unremarkable building, a man in his late 20’s dressed in jeans and a hooded sweatshirt enters an executive bathroom. Once inside, he breaks into the storage closet and unscrews a grill from the wall, stripping the colour from a mass of cabling with wire cutters.
He attaches the metal threads to a breakout board fed into a Raspberry Pi – a $35 computer board the size of a credit card. Once connected, the Raspberry Pi will bypass IT security and allow direct access to the heating ventilation and air conditioning (HVAC) system of the building.
A hacker’s ability to compromise the network of a major city utility is a worrying thought.
The company in question is a mass data storage facility, operating from an underground bunker – housing digital and cloud data storage for major international corporations.
The conglomerate of data records inside the underground storage centre amounts to 70 per cent of worldwide consumer debt. The facility itself is equipped with an internal power plant, water treatment facilities, emergency services and is regarded as being completely impenetrable.
Later, from a remote location, the hacker sends a signal to the device that raises the temperature of the HVAC system and renders the backup storage tapes unusable.
The leviathan corporations soon crumble, and less than 72 hours later the world stock markets collapse, plunging society into a technological dark age and inciting global riots and a state of emergency.
Utilities face a flood of hackers
Thankfully, the situation above took place in the safe confines of a television show, not the real world. But while the comminatory plot of Mr Robot may be a thing of fiction, the real world implications of its storyline are surprisingly real.
In 2013 an Iranian hacker managed to gain access to the Bowman Avenue Dam in New York, first by identifying an unprotected computer within the network and then using other methods to breach the dam’s security.
Although access to the dam posed a relatively minor threat – the modestly sized facility is situated 20 miles north of New York City – a hacker’s ability to compromise the network of a major city utility is a worrying thought.
Real-time threat intelligence is required to counter the ever-changing cyber threat landscape.”
Smart cities need a reality check
The future of city infrastructure could likely include the adoption of smart buildings and utilities. A smart city integrates information and communication technology solutions in a secure fashion to manage a city’s resources.
These include everything from its transportation system, power plants, water networks, medical and law enforcement buildings and many other community features such as street lamps.
The idea of a smart city is that buildings and other elements will be connected by wireless devices, allowing data to be collected, monitored and processed in real-time. This data assists the government and citizens in making more economical and resource-friendly decisions, evolving the city in the most beneficial way.
One example of this is Amsterdam, where the smart city initiative that started in 2009 now includes more than 97 projects – including smart lighting for street lamps. Smart lighting benefits the energy efficiency of a city, using data monitoring to assess the amount of light needed based on the nearby activity of its citizens.
Countermeasures in real-time
Malicious software can be a nightmare for a smart city. In 2012, a courthouse in California accidentally summoned 1,200 people for jury duty on the same morning, causing immense traffic issues. The following year, a glitch in San Francisco’s Bay Area Rapid Transit service affected almost 20 trains with up to 1,000 passengers on board.
David Dufour, senior director of security architecture at Webroot, has spoken of how the evolving landscape of cybercrime requires companies to stay constantly alert.
“Today, actionable, real-time threat intelligence with high accuracy is required to counter the ever-changing cyber threat landscape,” he said.
Disaster recovery will be a crucial necessity in the case of a smart city cyberattack.
Dufor will speak at the Gartner Security & Risk Management Summit 2016, examining an organisation’s ability to respond to threats and analyse unknown objects in a network in real time.
One of the largest threats to the successful development of smart cities will remain new and breaking technologies being implemented without proper security testing. Disaster recovery will be a crucial necessity in the case of a smart city cyberattack – hackers can find hundreds of ways to compromise a system, and disabling or shutting down the network would be an ineffective way of countering this.
The NetCraft Australia Solution
NetCraft Australia has an extensive history in providing IT security solutions for businesses in both Australia and the Pacific. Offering expertise across a range of areas, NetCraft provides 24/7 support, replacement hardware, network monitoring and redundancy plans to meet your requirements.
To learn more about disaster recovery services, or to discover automated IT project management solutions with NetCraft’s Intellicare Managed Service, get in touch today.