The Smart City is an urban area that uses technology to source data which is then used by city officials to manage assets. Citizen participation is a major strength of the concept. There is meant to be a more involved participation of citizens as in modern organization theory System 4 rather than System 1 the old top-down structure. This is the dream city of the future. Potentially billions of people worldwide can live in a Smart City. As so often happens when we map out influences on a system there are strengths and weaknesses. The opportunity for the command structure to use technology exposes the system to the threat of Bad Actors who might hack the system to lie, cheat, deceive, misbehave and make trouble. The purpose of this manuscript is to survey the threat landscape as applies to typical Smart City operations and to report what appropriate defensive measures others have tried with success. There is a balance between major defensive actions the city personnel can take to maximize the opportunity for technology to make life better for the citizens while mitigating the threat of such Bad Actors. The Smart City will be attacked. It is not a matter of if, but when. A thrust of the manuscript is how to prepare for the attack, delay it, then to handle the response after an incident assuming the best practices are in place to delay such attack.
A cyber attack is like any other threat as from a natural weather disaster and also its response is similar. It can be dealt with as any other problem in data science we deal with all the time in operations research, operations management, logistics/supply chain management, and information systems/technology. With experience over time emergency management have developed materials related to the implementation of the Incident Command System (ICS) which had its origination in fire science. The expression of “putting out fires” was very real then. The primary role of ICS was to establish management functions for responding in a coordinated and systematic approach. These functions include coordinating the responses performed by different people and units within the organization especially maintaining communication and performing tactical operations during the response, evaluating information for feedback as it is made available, and accounting for funds used during the response and recovery.
The technology of Smart devices presents both an opportunity and a threat. The speed of communication can also be the speed of miscommunication. The potential of disruption to technology is the focus here. As technology has allowed more sophisticated use of resources it has also exposed those resources to threats by Bad Actors. The opportunity and convenience of electronic voting rather than paper ballot voting also allows the exposure to hacking of those systems. Current thinking is that all known electronic voting systems are hackable. The only valid system would include a physical ballot that can be rerun to verify results if they are challenged like we did 50 years ago with Hollerith punch cards. The move to paperless exposes us to terrible dangers. If no one trusts the vote because it cannot be verified you have a dangerous threat to modern ideas of full citizenship participation in fair voting. It is not a good thing where one hacker can reverse the votes cast by thousands of citizens.
The modern urban Smart City environment depends upon a system operating in a quasi-stationary equilibrium of variables exhibiting their forces on each other. Any threat to the balance of the system has multiple outcomes. For example, the electricity and water systems running during normal operations provide the needed basic resources for the people to live. That is a major feature of living in a settled community. The city that is supplying the resources is staffed for those normal operations. If an incident occurs that is disruptive an emergency staff may not be available to handle the overload because of budget constraints. Citizens do not want to and maybe cannot afford to pay more taxes to support the extra personnel. When even a small fault occurs the whole system becomes vulnerable because the resources are just not there to handle a threat response. Even common transportation systems like using a school bus for student delivery pick up and drop off is vulnerable if the driver does not show up to work. If the driver shows up but no one refueled the bus it may not go very far. If it has been refueled but a tire is flat the children will have to walk. We have substituted a bus delivery for people so they do not walk to school but the bus system is dependent upon many features working exactly like they are supposed to work. A single fault in a dependent system stops everything. Bad Actors are aware of this and search for vulnerabilities. A characteristic of people buying the new Smart cars is that they buy them with a loan from a financial institution. The institution often installs an electronic tracker on the vehicle to know where it is in case a payment is missed the vehicle may be recovered. The recovery specialist knows exactly where it is and may be able to disable it to prevent it being moved. It is a situation of a good person doing an honorable job. If ten percent of the vehicles in city center have such a device and it is actioned by a Bad Actor everything would come to a halt and emergency responders would be unable to assist those in need of help. Water systems are vulnerable either by a Bad Actor shutting off all electricity to the pumps or by running the pumps at so high a rate they burn out.
In the last forty years there has been a new Ransomware threat to anyone running a computer especially one linked to the internet. There have been over 200 Ransomware attacks out of approximately 600 hacks in the last few years that are generally acknowledged by experts. There is no central clearing of such data. Some of these are nation/state attacks and some are individual. The Ransomware incidence is directly correlated with the opportunity for criminals to collect cyber payments that avoid tracking.
Typically what happens is that an employee at a vulnerable city, county, state, or other organization boots up the computers one day and the screen says the data have been encrypted and a ransom in Bitcoin or other untraceable and unrecoverable currency must be paid to release the files. Such an attack can be a major tragedy as Atlanta and Baltimore found out, or it can be an opportunity to respond capably as New Brunswick did. A year after the Atlanta incident and after a lot of expense in time and treasure Atlanta had still not recovered fully. New Brunswick had the insurance company try to negotiate a lower ransom. The negotiation failed and New Brunswick decided not to pay. Most entities refuse to pay with varying results. New Brunswick was fully up just a few days later because they were prepared for the threat.
They did not have to reset to zero. They lost only a little data. It was only an inconvenience and not a calamity. They are the current textbook example of how to handle the threat correctly.
Changes in the cyber threat landscape occur daily and certainly weekly. This would not have been the same manuscript a year ago. The number of companies selling Red Team service for penetration testing has saturated the marketplace. By now every city knows it is vulnerable. The best practices discussed in podcasts are as up to date as you are going to get. For example, the Resoundingly Human: Smart cities and the future of the workforce, Sep 12, 2019. Host, Ashley Kilgore joined by Ramayya Krishnan, INFORMS President. Table 1 lists some of the podcasts most commonly listened to by professionals in the cyber security field. Search engines on keyword such as “Ransomware” will turn up newspaper articles such as the special section recently in the Wall Street Journal, Wednesday September 17 2019.
All of the podcasts shown in Table 1 will tell you that the danger of malware attack is real and immediate. Go to any one of the websites and type “Ransomware” in the search bar. Every one of these sites had at least one episode on the topic and several have had multiple. Changes occur so fast you should check each of these at least on a weekly basis.
Cybersecurity is now a major field of study. There are certification courses for operating personnel often taught on-line. There are several notable larger college programs in alphabetical order: Georgia Institute of Technology, Purdue University, Rochester Institute of Technology, Texas A&M University, University of Illinois at Urbana-Champaign, University of Maryland, University of Pittsburgh.
Supply Chain Industrial Espionage
Cities have suppliers and they may have subcontractors. If there is internet communication between them that can be a source of malware. Twenty years ago the thinking was to build a moat around the computers and have a security guard at the front door. Set up a firewall. Instruct personnel to be careful opening emails especially from people they did not know. Never click on “enable macro”. Keep at least one of the antivirus programs current and operating. Make sure everyone uses it. The focus was on who had administrative privileges. Today hackers realize it is easier to attack the lowest level human operator with phishing and once in the system it is easier to move past that target to get to the C-suite. Once in the system it is possible to remain hidden. There are over a dozen antivirus software packages and many professionals use at least two but it is still possible for a cleaver attacker to evade discovery. The supply chain espionage may be carried out by a nation/state who has very smart people and cleverly continuously attacks wherever they see a vulnerability. They may remain hidden for years until a day comes when they want to shut down the whole system. While in the system they may spy on board minutes and even change critical data.
Effective Defensive Measures
There are defensive actions that Smart Cities can take. The city should have separate routers for internal data and outside use of internet, partitioned drives so somebody in the library cannot access court documents, a daily backup system so the reset is not to zero but just to yesterday’s data, two factor authentication required for sensitive or even all files, never allowing unencrypted thumb drives to be inserted into any computers, and other preliminary precautions such as not opening emails from someone you don’t know, then you are better able to recover from a threat incident. Ideally all passwords should be 20 or more characters and not regular words. Also change passwords every few months. Maybe everyone uses a password manager. The city may also choose to sanitize files with codes. The QR code is a type of matrix barcode. A barcode is a machine-readable optical label that contains information about the item to which it is attached. If there is a breach the identity of persons is protected.
The professionals typically have their original and three daily backup copies. The backups are physically removed from the computer unless the backup is being created. The copies are kept in different physical locations and maybe even one is in a Faraday bag. These essential precautions are not expensive yet they are critical if in place before an attack. It is like locking your house or automobile. It may not stop the aggressive professional but it delays and discourages the less sophisticated. There are 100 malicious actors out there for every one trying to defend. The attacker only has to be successful once to get into the system. It is probably prudent for a Smart City to budget some five figure amount for attack insurance. You may consider multiple bidders as with any other city expenditure. Lloyd’s of London, the world’s largest specialty insurance market, said it pioneered the first cyber liability policy in 1999. Today there are many choices. The company writing the policy will do penetration testing, and examination of software and hardware to assure compliance with their minimum standards. The results of their overview will determine premium payments. Just as a person who wants term life insurance has to pass a physical. It is politically more feasible to budget for insurance on a yearly basis than to have to pay the millions it may cost to rebuild the system. In the private sector a small business that gets hacked will likely go out of business within a year of the hack.
Legacy Computer Systems
Many cities have legacy computer systems and information systems personnel with obsolete skill sets, which are vulnerable because they have outmoded software and equipment. Typically the major, city council, board of supervisors put off new purchases because there is not enough money to buy everything that security personnel may want. It is a risk/reward tradeoff. It is a matter of setting priorities. The authorities know to lock the doors to City Hall at night because someone will walk right in if they do not. If there is a ransomware attack the rebuilding of files can be laborious and costly. Atlanta and Baltimore spent millions. Those in authority are reluctant to pay ransom maybe because they don’t have the money or because they do not want the negative publicity. Even if they pay the ransom once the money is gone there is no assurance the data will actually be released. Everyone in the business will tell you that defensive preparations are really better than hoping it will not happen or depending upon heroic response to attack.
Better Live Reason
Forty years ago not many would have imagined how dominant electronic technology would be in our lives. People today live better because of technology than kings and emperors lived a hundred years ago. Our transportation, medical, nutrition, education opportunities, every part of our lives has improved. Our nutrition and sanitation standards are now so high it may be difficult to think of ourselves as richer than emperors in the past but look historically to compare and see how good we have it. Could your grandparents when they were your age have imagined the quality of your life today? The young people today are voluntarily bonded to their Smart phones. That means they are the most informed citizens in history. It also means communication and response can be immediate and more effective to those prepared for response to threats. If a team within the city is prepared for incident response it is like first responders to medical emergencies. I don’t know of any city that would want to do away with their emergency first response teams. Those are the ones seen as most important to citizen needs when it really counts. So too those in authority over city operations have to have reaction procedures and personnel in place before a threat actuates. If there is an incident you need only reset to yesterday to get operations normal again. That means citizens can electronically pay their bills to the city and the city treasury not experience a cash flow problem.
The experts would probably agree that the most vulnerable critical areas in a Smart City are electricity and water systems. Think what would happen in your own city if all drinking water and electricity were off indefinitely. It is similar to the situation after a major weather event has passed through. But with a Smart City it may be a calm day with nothing special occurring except that all electricity and water are off. Our very civilized and tolerant populations may resort to very negative behavior after three days of no water or electricity, no food in the stores, and no fuel at the fill up stations to allow residents to leave. It could become a very dangerous place. From civilization to barbarism in three days.
Cyber Threats From Nature
Smart Cities which are prepared for hacking and a Ransonware incident are also prepared for a catastrophic natural event. The podcast “What’s Up With Water – Circle of Blue” shows there is so much going on that is related to water, but often it is hidden behind the very things that it influences agriculture, energy, or health. For example, the Hindu Kush Himalaya region, a high-altitude tabletop from which nearly all of Asia’s rivers spring, is at the front lines of climate change. A heat-driven shift will change the timing and availability of water for nearly two billion people from Afghanistan to China. In the event of a nuclear war in the area things are much more grim. All eight major rivers could wash away the work of two billion people. Many would be killed immediately and many more to suffer until normalcy restored.
The Economist recent issue (https://www.economist.com/leaders/2019/09/19/the-climate-issue) covers many of the changes to be expected. A new report from the Intergovernmental Panel on Climate Change (IPCC) warns that extreme sea level events could strike global coastlines annually by 2050, regardless of whether fossil fuel emissions are slowed. Scientists say sea level rise is likely to impact the nearly 2 billion people living on coasts around the world. It is not going to be enough to build some sea walls.
New York city may have three of its boroughs under water. Where the city officials could relocate 10 million residents will be a challenge. Perhaps we can learn from the challenge posed by hurricane Katrina wherein many flooded out residents were relocated from Louisiana to Texas. Many of these people were on public assistance so the check from the government was the same. They did not have to commute to make a living so they just lived in a new setting. Many of those relocated never moved back to Louisiana after the danger passed.
The Internet Stories
The internet has many stories of other threats including but not limited to solar flares, volcanoes, cyclones and hurricanes, fires, and even asteroids striking from space. The asteroids are not immediately in the public’s perception on the evening news but they are a threat. This past year quite a few have passed between the Moon and Earth which is one lunar distance (LD) the moon is 384,472 Kilometers away, and are sufficient in size and traveling sufficient in speed to cause a disruption in operations especially if there is a direct hit at surface. Astronomers have calculated the Apophis asteroid will speed past Earth on April 13, 2029, at just 29,933 Kilometers away. A giant city-killer asteroid that just whizzed past Earth seemingly appeared out of nowhere days before it flew within around 72,420 Kilometers from Earth or less than 20% of the distance to the Moon. We currently have no means to stop asteroids. Astronomers at a mountaintop observatory in Hawaii spotted an 800-foot-wide asteroid, dubbed 2019 PDC, when it was 56 million Kilometers away. This asteroid was traveling at 49,889 Kilometers an hour. If it hit Earth the impact could release the equivalent of 500 megatons of TNT about 10 times more powerful than the largest nuclear weapon ever built. It was an asteroid that was believed to have wiped out the dinosaurs 65 million years ago. Still, there is great comfort in knowing the city records are safe in event of such a disaster as a strike from space. Currently about 2,000 asteroids are monitored as possible threats. There are currently 878 asteroids at risk of hitting the Earth in the next 100 years according to the European Space Agency.
Solar events may include an Electro-Magnetic Pulse (EMP) also sometimes called a transient electromagnetic disturbance. This is a short burst of electromagnetic energy. Such a pulse’s origin may be a natural occurrence (Sun) or man-made (weapon) and can occur as a radiated, electric, or magnetic field or a conducted electric current depending on the source. It is not something people think about but an EMP attack on the nation’s electric grid would shut things down. Several countries have or are perfecting this strategic weapon. The Northeast blackout that left 30 million people without power occurred because a transmission line relay was improperly set. Another Northeast blackout affecting 50 million people was reportedly tripped by a single point of failure when a tree branch touched a power line. The New York City blackout was caused by two circuit breakers tripping when lightning struck a substation. There are many similar examples. A nuclear-triggered EMP would cause millions of critical failure points across the system. As the EMP Commission concluded even low-yield nuclear weapons detonated at an altitude of 200 miles could affect the entire continental U.S. and have a catastrophic impact on the nation. A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. A Faraday shield may be formed by a continuous covering of conductive material or in the case of a Faraday cage by a mesh of such materials. These devices have become more common with many people traveling with devices that require shielding from security devices. At least one of the backup copies should be in such a shielded enclosure.
The dream of the fully functioning Smart City is going to be a reality. We have seen the growth of Smart methods and apparatus over the past forty years. Will the next forty years experience the same growth in people and technology? I suspect population will experience little growth. I think we are at a population asymptote. I do not see how the population can grow much more. We are already over- fishing the oceans, changing weather patterns are destroying many crops in settings where they had been successful for generations, yields are down from exhausting the soil of minerals, we have terribly polluted our fresh water sources. We are in a Malthusian world with twenty percent of the current population underfed.
Food experts say we cannot possibly grow more than two percent more food under current conditions. Don’t look for world population growth like the rate of the last 100 years which has been unprecedented going from about 1 billion to over 7 billion now. Assume the problem is recast to relocate the existing population somewhere but not into more big cities similar to those that exist today on the sea level.
We can expect more extensive implementation of technology from the hundreds of Smart apparatus and methods being implemented in individual settings being expanded to all settings. The technology is there for many advances. Now we have to implement them everywhere. New Smart Cities developed from the start will have more efficiencies than retrofitting from legacy settings with decaying infrastructure based on primitive 19th century ideas of amorphous growth.
Smart City will be More Green
What will likely happen is a removal of populations from the current water’s edge to areas higher and more inland and more suitable for future expansion. At least one country has already made that decision to move its capitol and has been in the news recently. That will mean reconsideration of how we do things. Cities can be laid out better ask any civil engineer. The new Smart City will be more green. The Smart City will be socially responsible. Transportation efficiencies will be maximized. People will live closer to where they work and school.
New towns and villages with more Smart devices will require more security and with that there is the ever present threat to privacy. However, it seems that not many people are concerned about their privacy at least not yet. Witness the explosion of social media where so much is given away willingly. But, there is maybe one in seven who cares about their privacy and are getting off the social media. They need to be accommodated. For example, there may be a domestic situation and a dispute where one party is required to stay a distance away from the other party. You need data to do that. Maybe the data are not volunteered but the authorities need it to maintain the rules. Privacy issues become important as more information is collected. The Smart City will also be a safer city.
Critical fresh water pollution issues will take on a new character in the Smart City. Currently, sewage if collected centrally is often dumped into the water supply and the neighbor downstream is tasked with cleaning it up to make it potable. They never really succeed completely. You can bring a water scientist to a high arousal state by having him or her describe the sins of omission and commission when it comes to how we treat our drinking water. Eventually we will give up on the flush- and- forget mentality of the 19th century. The technology for better use of fresh water resources already exists. Urine will be separately processed to recover the water and nutrients especially critical phosphorus for growing food. Eighty percent of the nutrients needed to grow the food to feed the people are right in their urine. It is a resource to be collected and returned to the food cycle not a waste product. The solid waste will be separately delivered to methane digesters for the production of fuel for cooking and heating, and running sour- gas generators for electricity. That is already done many places. In Smart Cities of the future there are only two pipes to the residence, one for water, the other for electricity. In the new Smart City there may be no central collection of anything. Solid waste for the methane digester would be locally collected in storage units right in the neighborhoods and nothing sent to a land fill. The methane gas from the decentralized digesters could be used locally to run the sour-gas compression ignition engines to produce electricity which is added to the local grid. These tasks will all be accomplished on a very local level. In the future there will be many more independent spaced out residential entities perhaps based on ethnic or religious lines for homogeneity which makes the location of educational and religious facilities easier.
There are places on this planet where thousands of people live in settings where there are more religious facilities than automobiles. It does not seem to be a problem if that is how the people want to live their lives. I suspect the total population will be scattered into settlements rather than vertically arranged in city centers as is often the case today. There would probably not be any of these alternative energy villages that needs more than a four story building to do its work. There are college campuses that have that rule so everybody can get around without needing elevators except for special needs. Food will be grown locally and by the local workforce. There is no reason for people to be located close together in a large city center to conduct business anymore. Many years ago a runner had to take a physical message from a sender to a receiver correspondent. Now you pick up a Smart phone and communicate world- wide perhaps by text message and it is immediate.
The growth of new Smart Cities into new geographical locations will require even more use of Smart technologies. More attention will be given to physical security and protection systems, including the allocation of human agents, the use of sensors and detection systems, and the deployment of barriers. The calm, logical, and optimistic defensive posture is required to protect the Smart City. More will likely take out hacking and ransomware insurance. There will be more liaison relationships between like minded cities of comparable size to share defensive strategies. The cost of these defensive measures will be paid by the taxpayer so it is important that such cost be justified by keeping them informed. Those in financial resource budgeting will have to set proper priorities to be sure there is adequate coverage. Adequate preparation before an incident of hacking or ransomware will reduce downtime for recovery. A properly organized response means less disruption in Smart City operations regardless of cause. The Smart City will handle the worst that may come along, while hoping for the best environment such a technologically advanced city can provide for its citizens. The future is very bright and we would all want to live there.