“A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation, and services and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social, environmental and cultural aspects.», International Telecommunication Union (ITU) – United Nations Specialized Agency for Information and Communication Technologies.

Increase in the urban population, ecological emergency and energy transition, constraints on public finances, need to reinvent the link between the public service and the user, increase in the living comfort of the inhabitants, etc. All of these issues are challenges that the Smart City could help respond to and which are pushing communities to invest in this direction.

In order to meet these challenges of today and tomorrow, the Smart City will have to create a synergy between different areas such as intelligent traffic management, the development of new modes of transport, the optimization of energy consumption and waste management, the protection of goods and services, home automation, etc.

All these services can be federated around a single control center which will provide an uplink and downlink, giving the possibility of collecting information on the state of the services and/or acting directly on the infrastructure.

A new target for cyber attackers

Many cities in France and around the world have taken up the subject of the Smart City to meet the challenges set out above: large metropolises of course, but also smaller cities.

In parallel with these initiatives, it is becoming more and more frequent to observe cyberattacks targeting cities. As an illustration, in 2019, 22 US municipalities were victims of cyberattacks. The losses amount to millions. The governor of Louisiana went so far as to declare a state of emergency following attacks on several cities in the state. But these attacks are not limited to the United States, as evidenced by the attacks in France on the cities of Sarrebourg (Moselle), Sequedin (Nord), Huez (Oisans), La Croix-Valmer (Var) or even Nuits-Saint-Gorges (Côtes-d’Or).

So, the question now is why Smart Cities present a new playground for Cyber Attacks and how to protect oneself from them.

The Smart City induces a paradigm shift

Conducting a Smart City project requires changing the usual ways of proceeding by implementing a new kind of information system (IS), mixing many issues and generating new risks in terms of Cybersecurity.

A complex architecture

The Smart City is partly characterized by the new structure of its architecture. Its atypical IS compiles the constraints of a management IS, those of an industrial IS and those of an IoT IS.

Thus, its management IS will have a propensity to collect and process a large amount of data, whereas its industrial IS will have the characteristic of being directly connected to the physical world: water management, traffic lights, variable road signs, retractable bollards, intelligent lighting, autonomous car control, etc. and reconciling the challenges of these two worlds is no easy task: where the industrial world traditionally focuses on availability, the IT world will focus on the integrity and confidentiality of information and processing, considering furthermore that the Smart City will reinforce the existing IT and digital dimension of industrial systems.

Furthermore, the rationale for an IoT IS must be considered, which is to collect data as close as possible to their sources, through the deployment of connected objects, multiple entry points to the IS in potentially hostile environments. As a result, these objects will be individually exposed to physical attacks against which it was not previously necessary or easier to guard against (e.g. physical access to a serial or USB port, replacement of flash memory, etc.).

Finally, the systems that make up the Smart City must be able to evolve rapidly in order to benefit from the innovations of market players. The challenge is to succeed in building a flexible IS with the capacity to respond to uses yet unidentified today while providing systems capable of being maintained over time, on the scale of a Smart City built for decades.

The paradox of interoperability

Moreover, a Smart City approach is intended to be inclusive in order to take advantage of the strengths of all the players in the area. This implies managing heterogeneous systems, mixing new and old technological bricks, and mastering the opening of its IS.

Smart Cities polymorphism complicates the definition of global security policies. Their implementation evolves alongside the development of new technologies, making the security policies of another generation obsolete or inapplicable. This problem has already been present in the industrial world for years, where operational constraints make it sometimes impossible to evolve systems that have become vulnerable.

Beyond security policy, while interoperability between multi-generational systems makes it possible to develop new functionalities that create value for the user, it also implies using disparate protocols that can lead to security breaches. A “security by design” approach would consist in identifying the current need and its potential evolutions, in order to be able to propose specifications integrating both concrete answers to the functional need and minimum security rules allowing the service deployment with a satisfactory level of confidence. However, this is likely to oppose to the principle of inclusiveness of the Smart City.

The importance of data

An operational and political challenge

Information from the field is of paramount importance in driving the Smart City: assisting in decision-making, communicating information to citizens, planning events, and evaluating public policy. While the data itself is not necessarily critical, this is no longer true when it is aggregated into a larger whole. Errors in the collection or processing of data can lead to operational inefficiencies in services or to inappropriate choices in response to changing circumstances.

Moreover, the construction of the Smart City is done by layer. Gradually, new services appear and develop. Historically siloed, the trend is to look for synergies between the different services to create ever more added value for the user. These growing interconnections and overlapping induce such complexity that in the event of a failure, there is a risk, if we are not careful, of seeing the whole infrastructure collapse, either because of error propagation or because each service has become dependent on the others.

Security: a request coming from the citizens themselves

Elabe and Wavestone have conducted a survey on the importance of data in tomorrow’s public services, and on the challenges facing stakeholders in such projects.

Among these challenges lies the use made of the user personal data. Overall, citizens are in favor of the idea of ​​digital transformation of public services, and a fortiori of the Smart City as a public service but remain concerned about the purpose of processing their data.

However, a significant proportion of the population, between 30% and 50%, is not in favour of transferring their data even if it could save money, save time or reduce their carbon footprint. This could be due to the fact that 76% of the population surveyed believe that the administration is not currently able to ensure the security of the data it collects.

The success of the Smart City therefore also lies in the ability of stakeholders to reassure users about the use and protection of their data.

Thus, we have seen that the Smart City is inducing a paradigm shift which, combined with the high expectations of the general public on the security of its data, required an adaptation of its approach. Indeed, as the Smart City grows, urban activity becomes more and more dependent on its services, increasing its security needs, but also the interest of cyber attackers. Based on these observations, the challenge will therefore be to identify which approach to implement to take into account the risk of cybersecurity and, failing to completely eliminate it, to reduce it. We will talk about it in a second article.

Cet article Cybersecurity issues around Smart City (1/2) est apparu en premier sur RiskInsight.

In this series, we’ll first present connected vehicles and their associated cybersecurity challenges; the main sources of threat and the risks will be addressed in a second installment. Lastly, a third article will present our views on the issue and the main lines of the response required to address it.

The connected car: a vehicle supporting a raft of interactions

Entertainment, an extension of your smartphone, shared mobility, management of the car’s life cycle… users are demanding new experiences, and the services and applications they generate are resulting in a range of interactions. We can imagine a smart car being able to find a free parking space, automatically schedule an appointment for maintenance, or turn a traffic light green as it approaches. Since April 1, 2018, all new vehicle models must also have an emergency call system, as well as geolocalization to enable the authorities to be contacted in the case of an accident. In this respect, they are already “connected”.

Manufacturers and other players are already capitalizing on the opportunity to maintain a close relationship with customers throughout the vehicle life cycle. By doing this, they become “providers of services and mobility solutions,” drawing on, among other things, collected data. In particular, because such connectivity represents a step toward autonomy, the vehicle needs to be able to communicate with other vehicles and the surrounding environment. These changes are underway, and their pace will progressively increase.

However, the challenge of cybersecurity is scarcely taken into account, or ignored: yet it has to be a key plank of any connected solution—from the design phase to the end of the life cycle. Such thinking is essential to safeguarding the vehicle’s integrity, protecting passenger lives, and complying with current and future regulation.

The first prerequisite is to properly understand the connected vehicle’s technologies and ecosystem.

How connected vehicles interact with their environment

A specific feature of a connected vehicle is that it interacts with its ecosystem, via mobile data streams, over both the short and long-ranges.

• Short-range connections: Here, the vehicle interacts directly with an object (such as a smartphone, infrastructure, etc.), without any intermediary. It uses technologies with a limited range for local exchanges (WAVE, on-board Wi-Fi, Bluetooth, etc.).
• Long-range connections: Here, the vehicle uses remote access to interact with external components via a cloud platform. 4G, and soon 5G, connections are the technologies of choice for connecting vehicles to the internet.

This connected-vehicle concept also covers exchanges with the vehicle’s direct environment under the umbrella term “Vehicle-to-Everything” (or V2X). Lastly, the standard, ISO 20077, covers “Extended Vehicles” (or ExVe) as a whole: which comprise the physical vehicle as well as all the platforms and infrastructures that the car manufacturer is responsible for.

A range of ecosystems and players that need to work together

The car was once a very closed system; with the exception of diagnostic connections for garages and some connectivity to be able to broadcast multimedia content; any connectivity risks were largely contained. Today, the proliferation of forms of connectivity and access to the internet have opened up new opportunities for manufacturers and service providers, but also for attackers.

The first ecosystem to consider is the . Electronic and communication systems must be able to communicate with each other without the transmitted data or stored secrets being altered or stolen. Among these systems are the ECUs, the mini “on-board computers” that control the vehicle’s key functions, such as the braking system, air conditioning, lighting, etc.

Beyond on-board security, there are the user and owner (the latter not necessarily an individual) who have the right to give orders to the vehicle according to pre-defined rules. In the future, their authentication will be essential when it comes to questions of responsibility, as well as for verifying the legitimacy of the orders they issue.

Another vitally important aspect concerns connected services that use centralized platforms, or even cloud-based ones, which have been developed by the manufacturers or their partners. These platforms represent a significant threat because they can trigger orders for entire fleets of vehicles, and therefore the impact of any problem is multiplied. Manufacturers will need to put in place sufficiently secure solutions to allow such services; they’ll need to combine their own platforms with those of partners and the APIs on the vehicle, as well as ensuring the required level of confidence in the environment.

Lastly, in the medium-term, external objects and the surrounding environment (other vehicles, garages, parking lots, road infrastructure, etc.) will need to communicate and share information. The challenges of ensuring security in real time (in terms of availability, integrity, etc.) will be complex ones.

Cybersecurity issues: from the virtual to the real world

People’s safety, inside and outside vehicles, is a top priority for the automotive industry. We might imagine, then, that the cybersecurity issues raised by connected vehicles will be treated with the same degree of rigor—such that they can guarantee the car’s safety and integrity.

The first issue represents an organizational challenge for all stakeholders, especially manufacturers, because the emergence of this new model brings together two opposing worlds: services and engineering. The first is characterized by agility and speed, and large numbers of short-term projects. The second, with a much longer development cycle, must meet the safety and quality requirements associated with vehicle approval. This dichotomy has impacts on cybersecurity and, in particular, its integration into development projects, as well as the coverage of end-to-end risk. For example, as a result of its position, the backend becomes a nerve center that must be fully protected to avoid any risk of a systemic attack that could have repercussions for the entire fleet. Unfortunately, the true value of this need for security is not currently appreciated, mainly as a result of requirements for very short times to market.

Considering the other issues, it’s clear that the cybersecurity challenges for connected vehicles don’t differ greatly from those in the IS world: identity and access management, detection and response, the security of infrastructures, cryptography, third-party management, patch management, etc. A connected vehicle is a mobile IS, and numerous security standards (ISO2700x, NIST 800, etc.) have already been developed. These set out good practice in various guides and reference documents (SAE J3061, AUTOISAC, NHST, etc.) and the topic will shortly be covered to the ISO/SAE 21434 standard.
However, a number of factors inherent to vehicles and their embedded systems mean that the topic needs to be considered from new and specific angles.

The vehicle’s mobility and connectivity make security more complex: security must be guaranteed where there is a limited connection, or no connection, and in the context of a changing environment. Regulatory aspects must not be ignored either, given that the vehicle may have to move between countries.

The world of on-board systems also places constraints on hardware—in terms of cost, computing power, and size.

Questions about updating components and services arise too, given that a system must be able to function at all times but may also be shut down for long periods.

Lastly, vehicles are designed for a long life cycle, which implies thinking about security from the start, especially when it comes to managing identities and accesses. This long life cycle also means considering evolving standards over time, as well as developing a model for updates that guarantees vehicle security in a way that is sustainable and manageable for constructors.

The road ahead is long, and cybersecurity is approaching a crossroads that was not in view a decade ago. It’s vital that all players involved grasp the importance of what’s required and start to put in the effort now, before it’s too late.

Cet article Saga 1/3: connected car: between cybersecurity and safety est apparu en premier sur RiskInsight.