SECURING THE CYBER CITY OF THE FUTURE [Futurist, The]
(Futurist, The Via Acquire Media NewsEdge) Our urban infrastructure is now under constant threat of cyberattack and a growing range of disasters-both natural and man-made. Our privacy is under threat from overzealous response. Real places and city services are vulnerable to hackers, but we can protect our water, power, transportation, and other vital systems.
On October 11, 2012, on board the USS Intrepid aircraftcarrier, then- Secretary of Defense Leon Panetta warned Americans that the nation faces the prospect of a "cyber Pearl Harbor"-an attack that could come with devastating losses.
"An aggressor nation or extremist group could use ... cyber tools to gain control of critical switches to ... derail passenger trains or-even more dangerous-derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities or shut down the power grid across large parts of the country," he said, pulling no punches. Panetta's challenge to Congress was primarily aimed at passage of new legislation to impose new cyber-security standards, but a number of experts confirmed his warnings to be far from hyperbole.
We think of cyberterrorism as a threat that affects only national governments or perhaps large corporations- a problem of "zeroes and ones" of concern only to IT departments- not as something that could affect the neighborhoods where we live and work. A wide range of databases and command centers control smart electrical grids, water purification and sewage processing plants, and nuclear power plant cooling systems. Unless these critical systems are sealed offfrom electronic networks, they are all vulnerable to cyberattack.
One of the biggest cyber vulnerabilities to urban infrastructure comes from the many supervisory control and data acquisition (SCADA) systems that play a critical role in infrastructure functioning around the world. These systems are used almost ubiquitously to control pipeline flows and to command power substations and electrical power flow through the grid. SCADA even performs such mundane tasks as traffic-signal timing.
Many SCADA systems operate with their original security codes, unchanged from those created by the manufacturer, and thus can be wirelessly controlled by a hacker to do pranks-or much, much worse. Recently in a mid-sized city in the United States, when a citizen advisory group asked for a review of the security on all the SCADA systems, it was found that the systems that controlled the flow of water and sewers and the timing of traffic lights were all operated via wireless SCADA equipment with rudimentary security in place.
These systems were operated by different divisions of the local government, with no independent oversight or security review. Today, all of the SCADA systems in that city are reequipped with sophisticated new security codes. An independent consultant, under the supervision of a single technology-savvy agency, reviews security on new and existing SCADA systems. The problem is that numerous other cities have not yet conducted this type of security review.
The striking point of this particular case study is that the city in question is one of the most educated communities in America and has even dealt with terrorist attacks. Its advisory commissions are loaded with PhDs and experts with many years of industry expertise. If any city administrators should have had the know-how to avoid these problems, it should have been these!
There are a number of security-review services that focus almost exclusively on SCADA systems that control power substations, oil, gas, sewer and water pipeline flows, traffic signals, and even operations within large factories, power plants, and military bases. In some cases, these ubiquitous systems still lack rigorous security oversight. When Secretary Panetta issued his warning about the United States being potentially vulnerable to cyberattack, he had these systems in mind.
The good news is that this is a cyberthreat that can be fixed. It's important for city officials to inventory all of the SCADA systems within their city and ensure that they are protected. Their security codes should be routinely updated, and the entire SCADA networks for the city should be independently reviewed by a third-party security auditor at least every two years. When employees involved with security codes for SCADA systems retire or leave their positions, security codes should be immediately changed, and there should be specific security regulations backed by penalties for noncompliance. Again, these procedures should be audited by an independent third party.
Taking these simple steps may cost money. The cost of protection is ultimately small when compared to results of a disastrous attack on a city's water supply, sewage treatment plant, or perhaps even a regional electrical energy grid system. The cyberthreat is real and inevitable, with potentially high consequences.
VULNERABILITY OF TELECOM SWITCHES
Another type of cyberthreat to urban centers can be found as nearby as the closest telecommunications switch, of which there are thousands across the United States and other populated regions. An electronic telecom switch is a remarkably effective and cost-efficient way to interconnect callers all over the world. There are smaller switches that service cellular towers and even smaller ones that allow a number of teleconference participants to interconnect. There are also larger switches that serve enormous population areas or international calling connections in support of the fiber-optic cables buried beneath the seafloor that allow for immediate digital information exchange around the world.
There are today a very large number of telecommunications switches serving the world community, and a great many of them are vulnerable. The back-door security access codes for these devices are often unchanged from the time they are shipped from the manufacturing plant. Even if they are altered, the switch's security code may not be updated more frequently than once a year. A hacker, a disgruntled employee, or even an employee who unwittingly provides the code can make telecommunications and IT network exchanges vulnerable.
The possible danger is, unfortunately, much worse than a potential eavesdropper or a misrouted call. Unauthorized access to telecommunications links could result in the derailing of trains, back pumping of raw sewage into drinking water systems, or shutting down of power plants, 911 emergency systems, elevators, or critical services to hospitals and airports. In fact, these types of attacks could be launched all at the same time without warning.
POSITIVE IMPACTS OF SMART SYSTEMS AND SOCIAL NETWORKS
The Great Recession that hit the United States and European economies between 2008 and 2012 has actually had some positive spin-offeffects. The financial stimulus bill helped to launch a multibillion-dollar effort to create a smart grid system in America, which will share energy not only much more efficiently, but also with much more security against terrorist attack.
These networks will also be more resilient against natural events, such as highly destructive coronal mass ejections from the sun. Pike Research has reported that spending on smart grid cyber security may rise to $1.3 billion by 2015. With the creation of smart digital controls, SCADA systems and controls, telecommunications switches, and electronic grids will operate with much greater efficiency and security.
These upgrades to electric grids will have a number of other benefits, as well. In many jurisdictions, homes and businesses will add smart meters that can be read remotely and more accurately. They will enable power companies to provide discounts to users who decrease their use during peak load hours. And they will even allow users to sell user-produced energy (from solar, wind, etc.) back to the grid.
We will be able to create urban district energy systems more efficiently and at lower net cost. Such district energy systems, which will mostly operate in commercial building districts, should make urban energy systems more resilient and less vulnerable to attacks on the grid.
One of the key challenges of today's cyber world is for federal legislation in the United States to set standards for private and industry networks and the degree to which surveillance is allowable and under what judicial authority.
One approach to dealing with the problem is network analysis. The U.S. Department of Homeland Security has created 77 Data Fusion Centers, distributed across the country. Some are organized by cities, such as San Francisco and Philadelphia, and others are organized at the state level.
These intelligence-gathering centers are supposed to capture information acquired by local law enforcement agencies and data mining operations and to fuse it with information from federal law enforcement and the Department of Homeland Security to identify threats of various types. These threats might be of detected or suspected criminal activity, money laundering, espionage, terrorist activity, threats to the public safety, and various types of threats to private or business interests.
The concept of trying to make urban security systems multipurpose and cost-efficient works in theory, but an October 2012 report from the U.S. Senate Oversight Subcommittee on Investigations was filled with rebukes about wastes, inefficiencies, inconsistencies, and outright failures when assessing performance during 2009 and 2010.
The report documented a lack of precise accounting of federal grants to the fusion centers that indicated that expenditures might have been as low as a quarter of a billion dollars to as high as $1.4 billion. As much as $2 million went to a center that never opened. Defenders of the system respond that bugs still have to be worked out of the data fusion process but that performance is greatly improving. The official figures from the centers indicate that they have produced 22,000 "suspicious activity" reports, triggered 1,000 federal inquiries, and produced 200 "pieces of data" that provided "actionable intelligence."
The question that remains is whether those 200 pieces of data were worth an investment of $1.4 billion. Security personnel in Australia, Sweden, and Germany have found simpler methods of data fusion that, if adopted in the United States, could potentially produce much more useful results-and at a fraction of the cost. Social networks provide another potential treasure trove of cheap data that could be used to thwart cyberattacks. The question is, at what cost to privacy?
USING SOCIAL MEDIA TO FIGHT CRIME AND TERRORISM
Social media is an increasingly useful investigative tool for identifying breaking events and potential threats, as well as for surveillance to counter cybercrime and terrorism. Experts in the field of information technology and energy systems, as well as law enforcement officers, have indicated some of the effective ways to move forward toward a hacker-protected city.
But law enforcement officers should get advice from legal counsel about how best to fight crime and terrorism with the latest in information technology tools. Those lines between what is appropriate data gathering for public security and how far it should reach into private networks are a moving target.
The Electronic Privacy Information Center (EPIC), which acts as a privacy protection watchdog, has had an ongoing concern about the extent to which the Department of Homeland Security and other intelligence agencies in the United States were invading individual privacy by aggressive monitoring of citizens and their increasing tracking of social media messages. EPIC, under the Freedom of Information Act, obtained the 2011 Department of Homeland Security's manual that instructs analysts as what to look for in their monitoring activities. This manual-known as the "Analyst's Desktop Binder"-features a list of hundreds of specific words that DHS analysts are using to try to detect possible terrorist activities or to help monitor unfolding natural disasters or public-health threats.
This 39-page manual used by the department's National Operations Center (NOC) includes words that should be tracked, like attack, epidemic, al-Qaeda, jihad, and the names of airports. But it also includes a number of innocuous and almost inexplicable words, like exercise, drill, wave, initiative, relief, and organization. It also includes words that can be misconstrued, such as target. What about someone who innocently tweets, "I went to Target to get some shoes," or perhaps, "I feel like the telemarketers must have been targeting me this month"? Such innocent tweeters could find themselves briefly "targeted" by DHS.
The NOC is a very busy place. The last available list of the social media it is currently monitoring is fairly daunting. When one considers that a billion new files are being created each day on Facebook alone, the size of the task becomes apparent. Clearly, human analysts are not able to cope with this huge mass of data, so computers provide the first line of such analytics.
BUILDING BIG BROTHER NETWORKS?
How can this intensive, computerbased analysis of all these social media sites and billions of files a day be effectively controlled, so it does not become excessively intrusive and lead to a Big Brother type police state? Can computers or computers plus analysts see trend lines and intensity of "chat" on critical subjects that are in fact peaking at a particular time? Can they sound effective alarms? Can this be done without being overly invasive?
The process currently in play is carried out via something that is actually called social-network change detection (SNCD). This is an analytical process that allows the NOC to focus in on "individuals of interest."
SNCD is a process of monitoring the most-popular social networks- plus others-to see if mass computer analysis via various algorithms can enable them to identify a credible criminal or terrorist threat.
The SNCD process is geared to determine when significant changes occur within a network's organizational structure; perhaps more importantly, this process also seeks to identify what caused these changes. This artificial intelligent/expert systems approach combines analytical techniques already used by corporations to detect consumer trends seen within social networks with socalled "statistical process control" to "target" individuals of interest and potentially credible threat.
The question arises as to whether market trends among consumers, and tracking ways that popular topics go viral on social media, is an effective way of identifying and monitoring the behavior of terrorists. There are many assumptions in the SNCD process that seem questionable, both as to effectiveness and as to acceptable levels of invasiveness. The bottom line is that those who assume some personal privacy in the use of social media may be assuming too much.
Social-network change detection is, in theory, used to detect when significant changes occur in a network. It requires the use of statistical process control charts to detect changes in a number of observable and quantifiable network measures. By taking measures of a network over time, a control chart is developed with the objective of alerting analysts as to "trending changes" as they presumably occur in the network.
This approach is useful when applied to many different social networks over time, according to some key experiments. A test social network was first created for a group of 24 Army officers going through a one-year graduate program, as documented by Major Ian McCulloh and his colleagues at the U.S. Military Academy's Network Science Center in 2006. An open-source social network of the al-Qaeda terrorist organization was monitored using SNCD, and it signaled a change in the organization prior to the September 11 terrorist attacks on the Pentagon and the World Trade Center.
Since then, social-network change detection has been presented in a number of public forums and is considered by the U.S. Department of Homeland Security to be a useful expert system for interpretative analysis of trends on various social media networks. When the threat level at airports or in particular cities goes up, this type of analysis may indeed be the reason. Clearly other resources- such as surveillance satellites, FBI or CIA agents, or intercepted e-mails of individuals of interest- combine to trigger governmental alerts or changes in alert levels at airports or transit centers.
These types of analytic techniques can also be used for other purposes, from minor applications such as alerts to traffic tie-ups or a high-rise fire, to more major events such as an industrial accident, train derailment, volcanic eruption, meteor strike, or earthquake.
One of the applications in data mining from social media that has been sponsored by the U.S. Centers for Disease Control and Prevention and researchers at the George Washington University is a program to monitor instances of specific disease outbreaks as tracked through social media-as well as hospital and clinic records-to alert to the possibility of a pandemic of something like a new strain of flu or SARS-like disease or a biological attack.
The bottom line is that there is certainly no guarantee of privacy on social networks. The use of SNCD-like techniques, whether by commercial interests tracking market trends or security agencies trying to detect criminal or terrorist activity, has continued apace and has not been challenged in the courts to date. The future of such techniques and their impingement on privacy remains an open area of concern. Let's look at it now..
PROVIDING FUTURE URBAN SERVICES
Urban security and the Internet, telecommunications, and IT are undoubtedly going to be closely interlinked in the future. Instead of megacities, we need to think in terms of metacities that are organized on the basis of their intellectual infrastructure.
In the fast-approaching future, digital sensors and processors are incredibly cheap. Some of the ramifications of that include:
* A terabyte of information will be sensed, transmitted, processed, stored, and retrieved at a very low cost-about a dollar a terabyte.
* It will be possible to telecommute to work at virtually no cost.
* It will be possible to protect buildings, transportation corridors, public places, and lodgings with myriad video sensors connected to digital storage retrieval on demand.
* Online instructors will be able to provide education and just-in-time training based on the latest information with certified teachers.
* In-home or in-office health monitors will check blood pressure and heart rate, and likely even support routine blood and urine sample tests.
Future metacities will use these low-cost electronic capabilities to provide or augment services at a small fraction of the cost associated with human service providers. Smart electronic devices or systems, properly designed and programmed, could make our schools, universities, hospitals, health-care clinics, doctors, police and fire forces, and so on much more effective and economically efficient.
PRIVACY VERSUS COUNTERTERRORISM
No one wants to endure a major cyberattack as crippling as the " cyber Pearl Harbor" that Panetta described, but we also want to preserve civil liberties, freedom of expression, and protection from a "Big Brother" presence that monitors everyone's communications. This is one of the great urban challenges and dilemmas of the twenty-first century: freedom from debilitating cyberattacks on one hand versus preservation of each citizen's personal liberties on the other.
Nor is this dilemma with regard to protection of conflicting core values unique to the United States. Since the 9/11 attacks and the rise of twenty-first-century terrorism, democracies have now tightened the screws of security at the sacrifice of personal privacy.
One of the true challenges to the safe city of the future is to find a way to protect citizens against cyberattacks and terrorism and still allow law-abiding citizens to preserve a right to privacy. This has now become one of the greatest challenges to our urban future. How much targeted surveillance-as authorized by a free and independent judiciary- should be allowed in order to avoid terrorist attack? Who gets to decide, and who has the right of appeal if they believe reasonable bounds have been overstepped?
Overreliance on electronic surveillance can in some instances create more problems than it can ultimately solve. We know that freedom and liberty must remain as a core value in the safe cities of the future, even at the expense of some lapses in security ultimately slipping through. It is better to recover from an attack on people or assets than to lose all one's core values.
But the advent of the Internet, social media, and the new electronic technologies promise us change at an incredible pace. We are being jerked into the world of tomorrow, where societal change is not measured in centuries or generations or even decades.
It is time not just for policy makers but also for citizens to think seriously about new models of urban development and new ways to leverage the power of the Internet to solve a number of today's urban problems. The most important of these problems is ensuring the safety of life and property while also safeguarding privacy.
As we enter a new age of megacities (i.e., cities of more than 10 million) and more and more ultradensity in our urban cores, security will become increasingly impossible. We need totally new approaches to urban planning and creation of new types of satellite metacities that are connected by broadband to urban cores.
The Home Minister of India, Sushikumar Shinde, has said that runaway growth in today's megacities makes it increasingly impossible for first responders to cope with disasters and terrorist attacks. Indeed, this book calls not only for reform in urban security, but also for a whole new approach to urban planning.
SCADA systems, such as the one on display in this picture from Hawaii-based AAA Controls, enable different infrastructure facilities to be controlled remotely. Many of the SCADA systems in place now in cities around the United States are vulnerable to hackers, according to authors Singh and Pelton.
It isn't just power plants that are vulnerable to cyberattack. Facilities like the Automated Traffic Surveillance and Control Center (ATSAC) in Los Angeles, California, can also potentially be hacked to create havoc.
About the Authors
Indu B. Singh is executive director of Los Alamos Technical Associates Global Institute for Security Training, www.latagist.com. He is considered a pioneer in designing and implementing smart cities and safe cities around the world.
Joseph N. Pelton received the 2013 Sir Arthur Clarke International Award for his contribution as creator of the Clarke Foundation and the International Space University, of which he is a former dean. He also recently helped set up the Arthur C. Clarke Center for Human Imagination at the University of California, San Diego. He serves as THE FUTURIST's contributing editor for Telecommunications. His previous article for the magazine, "The New Age of Space Business," was published in September-October 2012.
This article was adapted from their book, The Safe City: New Ways to Urban and Cyber Security (The Emerald Planet, 2013). www.wfs.org * THE FUTURIST November-December 2013 27
(c) 2013 World Future Society
[ Back To TMCnet.com's Homepage ]