«SMART CITY» IN THE CONTEXT OF CYBERSECURITY: INCIDENTS, RISKS, THREATS

Abstract

Smart city systems are becoming more and more widespread in the nearest future. Their deployment allows focusing on combining diverse and varied urban information systems into a single sustainable, energy-efficient, low carbon energy, wasteless, clean "ecosystem" which will be friendly and comfortable for its citizens. This system integrates into itself all existing city IT-systems from individual smartphones to complex urban traffic management systems. And the practice shows that the IT-systems of the smart city do not yet sufficiently meet requirements of security and protection from attacks, malware and external threats. In this respect, the Ukrainian epidemic of ransomware WannaCry and Petya presents a good example. It wasn't targeted attack, ransomware wasn't directed or aimed at any of metropolitan or urban infrastructure it-systems, but as a result of collateral damage, more than a third of Ukrainian computer networks (including banking and state ones) were disabled. There is also a significant and growing demand for a targeted attack against industrial and urban infrastructure. Currently, cases of the following attacks are already known and considered in detail: the malicious computer worm Stuxnet which targets industrial systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran and related malware as Duqu and Flame, Triton/Trisis malware which the first appearance was at a petrochemical plant in 2017, and was aimed at attacking the "last line of defense" - safety instrumented systems (SIS) of Schneider Triconex. Thus, it was only a matter of time before smart city faces IT-infrastructure attack. The paper considers sources of threats and the reasons for the weak security of smart city IT-systems including the following: an increase of the attack surface, the lack of a unified strategy and security service, the developers' emphasis on simplicity and ease of systems deployment at the expense of security, a large percentage of wireless technologies that facilitate access to critical infrastructure objects, the presence of obsolete and legacy code sections in the system. The article proposes a set of measures and actions for smart city IT-systems hardening. Also, the paper considers redundancy and inefficiency of old protection methods and measures such as "air gap", proprietary protocols, "secure by obscure" and others. Keywords: smart city, information ecosystems, cybersecurity, municipal economy, risks, threats, incidents, protection.