Let’s start with a bit of fun. Can you spot the fake news story?
The fake story is the veteran cop foiling hackers – this is the plot summary of the summer 2007 blockbuster, Live Free or Die Hard. There are two fake news stories, NSA hacking printers during Operation Desert Storm was an April Fool’s Day hoax. The hoax turned into a new report, regarding a French manufacturer’s printers bound to Iraq are covertly intercepted and planted with malware to crash Microsoft Windows workstations disabling air defenses. In the version of the story someone told me, the printers performed a denial of service attack on the Iraqi networks disrupting their communications – many variations of this hoax exist. Printers have been hacked numerous times, including PewDiePie fans hacktivism to support their favorite Youtuber.
Cities have been hackable; this is not a new challenge. One Australian man was able to sicken waterways forty-five times until caught on the forty-sixth attempt. One inquisitive fourteen-year-old boy was able to cause four trains to derail. We are hopefully learning from these failures. With Smart Cities, we potentially open ourselves to a much more significant scale – the surface area and the number of interconnects is exceptionally challenging to solve. We need some courage and some smarts.
Cyberwarfare, cybercriminals are a real threat. Russian State hackers have disabled Ukraine’s electrical grid, causing shutting off home heater fans circulating heat during the winter. Dallas emergency sirens have sustained a hacker’s replay signal in the middle of the night. We’ve seen in the financial sector hackers diversions to distract IT teams while they commit massive heists. Will China 5G infrastructure weaponized to spy and hack the United States with ease in the future.
Not every event is the next cyber Armageddon. For every high-tech hack, there are hundreds of low-tech errors, and software glitches plague connected devices. Here in the San Francisco Bay Area, we experienced a software glitch causing a system shutdown to our local subway, BART, stranding citizens. And of course, human error creates hysteria, too, such as the false missile alert in Hawaii.
The key to Smart City success is visibility. Visibility of known and unknown cyberattacks. Visibility of software glitches that disrupt services. And the details necessary to discern and track. Device makers are in the best position to address this challenge.
Known issues are easy to forget since once they are solved, we feel we can move on. We discovered for years, all MIPS-based connected devices contained foundational security blunders, for instance, an executable stack.
Device makers need to harden their connected devices’ firmware at the factory. We need victimized connected devices to report known and unknown attacks. The victim device needs to collect vital forensics, including the source of the attack. The forensics empower the device maker’s software engineers to quickly and efficiently fix software glitches and vulnerabilities. And the forensics enables the city operator to know if an incident was a glitch, a known resolved CVE vulnerability, or an unknown advance zero-day attack. If done correctly, each connected device plays a dual role, providing their purpose of safety and services to citizenship, and a threat sensor to ferret out malfeasances and minimize avoidable disruptions.
With built-in at the factory security, we can change the math, so the attacker bears some risk. The current SARS-Cov-2 pandemic has shown us the fragility of our society. Tech will not solve all of our challenges; however, tech is fundamental to improving our lives and our planet. Be safe.