The major issue in dealing with cybersecurity predictive analytics

One of the major issues surrounding cyber protection of smart and safe city initiatives is that cybersecurity fails to get adequate importance. This includes a lack of encryption to prevent surreptitious control over traffic control systems, streetlights, security cameras, gunshot detectors, and other sensors.

As many of these technologies are wireless by nature, these systems are easy to hack if not sufficiently encrypted. Often, legacy systems are integrated into the system, which can be especially vulnerable to exploitation by threat actors.

What is needed

Brian Schwab, Founder and Principal Consultant at S3SDC pointed out there is an appalling lack of even basic security practices existing on most metropolitan area technology development projects. This, coupled with the lack of established cyber response protocols, means that these cities are unable to protect against and adequately understand how to respond to cyber incidents.

“Nowhere was the importance of establishing and implementing basic security and cyber response protocols more clearly demonstrated than by the ransomware attacks conducted against the Bay Area Transportation System in San Francisco in 2016 and the municipal systems in Atlanta in 2018 and Baltimore in 2019,” Schwab said. “Ensuring municipal employees are adequately trained in cybersecurity best practices and having proper response protocols will ensure that opportunities for cyberattacks (particularly from phishing or social engineering) are minimized and that should an attack occur, the damage is contained and minimized to the extent possible. Also, ensuring that Computer Emergency Response Teams are available, properly funded and supported will help guarantee that proper technology and management practices are in place to resist attacks.”

The vast size and interconnected nature of these initiatives leave a large attack surface that must be protected. The size and complexity of these interconnected systems make it difficult for experts to know what and how is exposed, what priority protection systems must be implemented, what redundancies need to be built into the system and how to implement appropriate fail-over triggers to ensure continued operation. 

“The nature of the safe city program’s over-reliance on technology ultimately leaves many interconnected city services potentially vulnerable to denial of service and distributed denial of service attacks,” Schwab added. “Integrating the use of "SYN cookies" either in the server OS or in a security device at the network edge provides an efficient method for tracking incoming TCP connections, thus lessening the chance for a typical SYN flood to overwhelm the stack. The deployment of reverse proxies (particularly a collection of reverse proxies spread across multiple hosting locations) will also help buffer against an HTTP flood thereby lessening the possibility the network will be overwhelmed.”

Are analytics vulnerable?

Although analytic solutions are software-based and contain data that hackers would be interested to access, they in themselves are not a reason for hackers gaining access to systems. Giovanni Gaccione, Justice & Public Safety Practice Leader at Genetec explained that the threat does not come from using analytics tools. All too often, people are the weakest link when it comes to cybersecurity breaches.

“Employees not changing default passwords on IoT devices such as surveillance cameras or sensors is one of the easiest ways for opportunistic cybercriminals to gain access to a physical security system – and, if undetected, eventually a city network,” Gaccione said. “Most physical security solutions in a city are a work in progress with new devices being added to expand the system or to replace outdated or broken products. The process of adding new equipment – perhaps from a different manufacturer with less secure standards – is another opportunity for a vulnerability.”