Smart City Cyber Security & Resilience: Architecture and Best Practices
By Erfan Ibrahim, Ph.D., Center Director, Cyber-Physical Systems Security & Resilience, NREL
The concept of a smart city has largely been taking shape in recent years, in part because of the growing challenges of over populated urban areas around the world as well as the emergence of low-cost, high-speed digital technologies that promise to alleviate these challenges. Traffic congestion, uncomfortable habitats, and poor health-care services are some examples of these challenges.
In the United States, Canada, and several other countries around the world, innovative leaders, governments, and businesses are embarking on bold smart city initiatives that can address urban sprawl and provide better standards of living for their citizens. Such initiatives require a broadband network infrastructure at its core that can support critical information technology (IT) and operational technology (OT) services such as transportation, healthcare, education, and food production. Any smart city IT/OT infrastructure that has this many network nodes—and thus also exposure to potential cyber-attacks from hackers with access to one or more of those nodes—is vulnerable to compromised network security with varying levels of impact on smart city services.
Smart City Cyber Security Truths
Although there are ways to mitigate impacts and prevent cyber-attacks on a smart city’s IT/OT infrastructure, it is important to accept certain premises as truths to address today’s most crucial cyber challenges:
• First, networks can be compromised no matter how high the fence. The impact of a hacker is directly proportional to the number of nodes and application services that the hacker can access from his or her pivot point in the network. If the hacker can access cyber security controls through the production network, for example, the asset owner will lose control of their network.
• If wholesale encryption is used on the data in transit, it is very difficult to detect an intrusion without significantly increasing network latency—causing unwanted interruptions to critical IT/OT applications and sporadic suspensions of critical services to residents.
• Focusing too much on the authentication of users on the network to strengthen cyber security can lead to the loss of major network parts if a trusted node is compromised by a hacker. Signature-based malware tools detect only a small portion of cyber-attacks, and they do not provide any protection for three to four weeks after the discovery of a cyber-vulnerability, until a signature is defined.
By thoroughly acknowledging the implications of these truths, much can be done to limit cyber-attacks on a smart city’s infrastructure to ensure continued delivery of critical services to residents.
• Although it is a good idea not to expose the OT network directly to public networks, air-gapping IT/OT networks can be futile, especially because, to work properly, smart applications in a smart city often require integrated IT/OT networks.
• Adding too many cyber security requirements to end points or protocols will make legacy infrastructure obsolete before the end of its productive life—making it harder to secure critical infrastructure without expensive upgrades and long payback periods, which can be a non-starter.
• Highly centralized IT/OT infrastructure with extensive use of cloud-based services may be good from the perspectives of efficiency and operational costs; however, from the perspective of cyber security, these create a single point of failure. Such systems can allow hackers access to the crown jewels of a smart city—in the same way that an authorized end node has access to a highly centralized architecture.
• Finally, if residents are not cyber security aware, they will inadvertently become the Achilles’ heel of the infrastructure because of unnecessary exposure to risks from social engineering, phishing schemes, or negligence.
Possible Solutions to Smart City Cyber Security Woes
By thoroughly acknowledging the implications of these truths, much can be done to limit cyber-attacks on a smart city’s infrastructure to ensure continued delivery of critical services to residents. The following empirically validated prescriptions, developed at the U.S. Department of Energy’s National Renewable Energy Laboratory’s (NREL’s) Center for Cyber Physical Systems Security and Resilience, can help secure smart city IT/OT infrastructure today:
1. Understand the use cases that will define the transactions of a smart city. A transaction on a network occurs between one node and another node or multiple nodes.
2. Develop an architectural perspective on the smart city’s cyber security posture so that very specific requirements can be defined at all logical layers. Understand that there are nine logical layers that need protection across the smart city IT/OT network, including the seven layers of the Open Systems Interconnection (basic reference) model, the semantic layer, and the business process layer.
3. Whenever possible, establish a universal concept of identity for every transactional node in the network and any human user of the network with two-factor authentication.
4. Segment the network into virtual local area networks (VLANs) based on business functions, and use distributed intelligence and computing as much as possible with summaries to the central site.
5. Strictly enforce role-based access control with access control lists on switches and virtual private network (VPN) login privileges on firewalls. This will limit broadcast storms—or sending large bursts of data to multiple destinations concurrently due to poor network configuration—to quiet down the network as much as possible. Also, provide finely defined privileges to the nodes and human users so their sphere of influence is limited to transactional node partners only. This will prevent access to anything else that requires two levels of third-party authorization and minimize damage in the event of a cyber-attack.
6. Develop a protection scheme using firewalls on the externally facing nodes, intrusion-detection tools on the major data pipes within the infrastructure, and in-line blocking tools in front of the sensitive nodes running critical smart city IT/OT applications.