Skip to main content

Critical Urban Infrastructure

 


Urban Infrastructure is at a critical stage from a cybersecurity perspective.

When we mostly talk about cybersecurity, we take computers into play, mobile devices, IOT’s but the infrastructure well unfortunately no we never even think that the infrastructure is at a potential risk. As Infrastructure is also a tempting place for adversaries. Not just the infrastructure but the Urban-Infrastructure, as living in the digital age just how everything seems to be so easily available and accomplished it is even for those sneaky adversaries whose only intention is to compromise the system in any way possible and just for information every single system infrastructure that we use in our day-to-day commute including communications, money dispensers, banks, waste management, cabs, traffic signals, vehicles, electricity, water, health care and well everything is controlled digitally one way or the other. And in an Urban Infrastructure everything will be as easy as a push of a button (not even a push but a touch ðŸ˜‰) from anywhere and Walla it's happening. So, what makes us believe it is safe:
   

Who are these adversaries and why the do what they do?

Basically, the attackers who are tyring to attack the urban infrastructure can be nation states with a prime goal of surveillance or disable the core of the infrastructure their goal is not money not fame but the power of control in case of war to create chaos (#death by a 1000 cuts), else can be rebels who just want to make a statement or create revolution prove a point, and well there are many who do it just for the sake of doing it the rush for some, some do it for money.

 

A Bit of Historical context,

An average data breach is not discoverable within 200 days of the breach (eg: the massive security breach that was taking place since march and was recently discoverable in various government departments of the USA) well that said it’s vey often that we are under ongoing attack and we don’t even know about it. The very WannaCry ransomware attack of 2017 which basically targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. The attack let to around 200,000 computers infected across 150 countries. One of the largest agencies struck by the attack was the National Health Service hospitals in England and Scotland, and up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators and theatre equipment – may have been affected. This was a typical example of the kind of attack we are talking about although the scale of the attack being much smaller than the kind of attacks that can happen today.

 

Lines of attack,     

·         People (weakest link): or what we call as social engineering as one article portrays “Hackers prey on humans’ psychological flaws, targeting them as the “weakest link” in the cyber chain. There are increasingly sophisticated ways of abusing trusted employees and, in today’s turbo-charged world, our quest for “cognitive efficiency" makes us particularly vulnerable”.

·         Supplies: supplies can be of many forms be a software, Api, product or resources that the infrastructure uses, as they often say "Criminals don't just give up, they look for easier ways in" well that is the case today being in the digital age every product we use is a combination of one or more product that the organisation itself uses what it means is that even if a single product in the supply chain is vulnerable or malicious the whole system get compromised.

·          Technology itself: wherever we go wherever we are whatever we do all in some form is a part of technology and with the massive amount of research and day to day analysis of technology there are certain bug or we call loop holes being discovered and fixed some bug don’t really do much but there are certain ones that are devastating in-order to prevent for these loop holes the technology updates itself regularly and there are different patches done. And with all these patches the biggest problem is that for a large corporation or infrastructure updating its technology means updating itself which is a daunting task and this is where they fall prey into the hands of the adversaries (being the sole reason for the WannaCry attack).

Line of Defence,

Well, there are many defensive measures being taken (depends nation to nation organisation to organisation) which are different everywhere. For some nations it is a must to consult the cybersecurity agencies for inspection before approval for some nations there are certain standards set to meet for infrastructural approval, private organisations now have a specific department dealing with the cybersecurity aspect of the organisation they have certain priorities and have set some procedures to withstand a cyber-attack. Government agencies have started cyber awareness camps for the organisations as well as general public to make them aware of the cyber ethics and how to defend themselves.

 
With all this said there is nothing such as a safe-haven, but what we can do as an organisation is to be more and more secure so that we act fast enough before an adversary counters it.
      

  

Labels:

Comments

Post a Comment

Popular posts from this blog

Privacy and Confidentiality

Differences Privacy : Basically the term privacy refers to keeping your information yours or limiting it to close family or your friends or your contacts,  Whereas on the other hand,  Confidentiality: talks about that a subjects information will stay a secret but this time from the perspective of the person receiving that information.  For example : on any social media platform we tend to share our information to limited or specific people or groups that is a matter of privacy concerns, but the same when it is about our passwords, our biometrics, our messages ,ATM pins, CVV these are all confidential information. These are some basic terms but play a vital role in our everyday lives , we all need privacy we don't want anyone sniffing our day to day activities we all want our space and that's the reason why being secure not just online but offline too is needed. Because privacy is not just  what we demand for its a right we all have. #RightToPrivacy ...
Post a Comment
Read more

CyberAwareness

Cyber Security One of the most fundamental terms used by many practiced by none. We often use this heavy term to designate ourselves with the modern growing digital world.  Every single device in today's world is related to our lives one way or the other each of these devices know our day to day activities as they make our lives simpler as for example we often use Google Maps to find our way around day to day ,we use certain apps that manage our daily activities as they keep a track of our activities on daily basis. Now comes a bitter part if an intruder or maybe someone else get a hand on these apps identifying them as you gets to know everything that app knows about you everything from morning to evening, where we stay ,what we watch , what we do, our credit card details and many more.  In this digital age things have been a bit easier no doubt but at a big risk . Being secure in the digital age is very essential .Being a part of this day to day digital age we ha...
1 comment
Read more