Recent Research & Whitepapers

The cybersecurity of a smart city involves both strategic planning for future cities and the recognition of issues in cities that already have ’smart’ components. Recent research undertaken by participants and partners of the Securing Smart Cities (SSC) initiative is made freely available to help prevent security errors when implementing and exploiting smart technologies in modern cities. Knowledge is power. To make your city cyber-safe, here you can find articles, whitepapers and other materials prepared by SSC participants and partners that offer a practical approach to the security of smart cities.

 

The Smart Cities Internet of Access Control, opportunities and cybersecurity challenges
The Smart city is a fast advancing zone in urban planning and aged cities of today. This concept is based on the application of connected various systems in managing a city effectively. The smart cities internet of access control is a futuristic concept of connected access control systems distributed over an urban ecosystem, part of its critical infrastructure. Even though highly worrying and controversial concept to look at with current technological standards in addition to cybersecurity and privacy occurrences, if perfected, it could progress some of the current world’s most alarming complications like
traffic jams, crime, terrorism...

AUTHORS: Mohamad Amin Hasbini, Senior Security Researcher, Kaspersky Lab, Martin Tom-Petersen, Client director and partner, Smart City Catalyst
Launch PDF
Smart Cities Cyber Crisis Management
Unlike current cities with independent operators and multiple stand-alone systems, smart cities will be themed by more centralized systems (virtually centralized not physically, e.g. in the cloud), automated tasks, integration of information, and correlation (Data Analytics). There are therefore considerable larger consequences of inadequately protected data, infrastructure and applications as they are used to process, transmit and store critical information. 

AUTHORS: Mohamad Amin Hasbini, Senior Security Researcher, Kaspersky Lab, Raddad Ayoub, Advisory Partner – Africa, India and Middle East (AIM), Martin Tom-Petersen, Client director and partner, Smart City Catalyst, Loïc Falletta, Owner and Principal Security Consultant at Yinkozi, Ltd, David Jordan, CISO, Arlington County Government, Virginia, USA, Alan Seow, Cybersecurity Practitioner, Sandeep Singh, Security Consultant
Launch PDF


Smart cities appeal and 15 things that should not go wrong
Smart cities integrate technologies and innovations such as Big Data, mobile technologies, robotics, artificial intelligence and the Internet of Things (IoT) to change how humans interact, work and prosper. As much as the physical and virtual infrastructure interconnectivity in smart cities render them functional, they also add to their vulnerabilities, creating significant cybersecurity risks. 

AUTHORS: Mohamad Amin Hasbini, Senior Security Researcher, Kaspersky Lab, James Mckinlay, Director, Praetorian Consulting International Limited, Martin Tom-Petersen, Client director and partner, Smart City Catalyst, Aseem Jakhar, Co-Founder – Payatu, hardwear.io, nullcon, null, Amgad Magdy, INVLAB Founder, IS Consultant, David Jordan, CISO, Arlington County Government, Virginia, USA
Launch PDF


Establishing a Safe and Secure Municipal Drone Program 
Whether you are a fan of them or not, it is becoming increasingly evident that drones will in fact play an important and even critical role in the smart city environment. Cities around the world are actively working to implement large-scale drone programs to support various functions ranging from medical, transportation and agricultural to emergency management and infrastructure protection. It is important that these drone systems be safe, stable, resilient and sustainable. 

AUTHORS: Brian Russell, Chief Engineer, Leidos, Mohamad Amin Hasbini Senior Security Researcher, Kaspersky Lab and Martin Tom-Petersen, Client director and partner, Smart City Catalyst 
Launch PDF

Fooling the 'Smart City'  
The concept of a smart city brings together many modern technologies and solutions. Smart city infrastructures develop faster than security tools do, leaving ample room for the activities of both curious researchers and cybercriminals. 

AUTHORS:Denis Makrushin, Security Researcher at Kaspersky Lab, Vladimir Dashchenko, Research Developer, Critical Infrastructure Protection at Kaspersky Lab 
Launch PDF
(Ab)using Smart City  
Since these last few years our world has been getting smarter and smarter. We may ask ourselves: what does smart mean? It is the possibility of building systems which are nodes of a more complex network, digitally connected to the internet and to the nal users. Our cities are becoming one of those networks and over time more and more elements are getting connected to such network: from trac lights to information signs, from trac and surveillance cameras to transport systems. This last element, also called as Smart Mobility is the subject of our analysis.  

AUTHORS: Matteo Beccaro, Founder & CTO at Opposing Force, Matteo Collura, Researcher at Politecnico di Torino
Launch PDF

The Smart City Department Cyber Security role and implications  
Interest in the smart city concept has grown exponentially over the past few years, with top research being done in the Internet of Things (IoT) and urban domains to define, assess, and improve smart city services and offerings. In smart cities, information security plays a major role in protecting the higher levels of confidentiality, availability, and integrity as well as the stability that national services and organizations need to support sustainable and livable smart environments.  

AUTORS: Mohamad Amin Hasbini (Kaspersky Lab), Cesar Cerrudo (IOActive Labs), David Jordan (Arlington County Government, Virginia, USA), Ramzi El-Haddadeh (Qatar University), Alan Seow, (Cyber Security Practitioner), Samir Pawaskar, (Qatar Ministry of Information and Communications Technology Team). 
Launch PDF

Pen Testing a City 
How would you take down a city? How would you prepare for and defend against such an attack? The information security community does a great job of identifying security vulnerabilities in individual technologies and penetration testing teams help secure companies. At the next level of scale, however, things tend to fall apart... Read more in the Pentesting a City whitepaper. 

AUTORS: Gregory Conti (West Point), Tom Cross (Drawbridge Networks), and David Raymond (Virginia Tech) 
Launch PDF
Cyber Security Guidelines for Smart City Technology Adoption 
Interest in the smart city concept has grown continuously over in the past few years, with top research being done in the Internet of Things (IoT) and urban domains to define, assess, and improve smart city services and offerings. In smart cities, information security plays a major role in protecting the higher levels of confidentiality, availability, and integrity as well as the stability that national services and organizations need to support sustainable and livable smart environments.
The purpose of this document is to provide guidelines for public and private organizations when planning and organizing the selection and validation of smart city technologies. It describes the types of testing and assessments to consider in order to select the best and most secure vendors and technologies.

AUTHORS: Cesar Cerrudo, Amin Hasbini, Brian Russell
Launch PDF
Does CCTV put the public at risk of cyberattack?: How Insecure surveillance technology is working against you 
It is no secret that police departments and governments have been monitoring city streets for years, with security cameras proving invaluable in crime investigation and prevention. However, as a result of research conducted by Kaspersky Lab researcher Vasilios Hioureas and his fellow researcher Thomas Kinsey from Exigent Systems Inc., these systems could also be used in a harmful way.

AUTHORS: Vasilios Hioureas, Thomas (TK) Kinsey
Launch PDF
An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks
Cities around the world are becoming increasingly smart, which creates huge attack surfaces for potential cyber attacks. 
In this paper, IOActive Labs CTO Cesar Cerrudo provides an overview of current cyber security problems affecting cities as well real threats and possible cyber attacks that could have a huge impact on cities. Cities must take defensive steps now, and Cesar offers recommendations to help them get started. 

AUTHOR: Cesar Cerrudo
Launch PDF
Transformational ‘smart cities’: cyber security and resilience
This report will explore the requirements and challenges of creating a secure, reliable and resilient smart city. It will consider how administrations and the overall city ecosystems will need to provide innovative, resilient ‘smart’ solutions that leverage digital information while protecting against malicious violations, unintentional damage and natural disasters. 

AUTHOR:Giampiero Nanni
Launch PDF

Videos & Webinars

The Ultimate Tips to Implement a Secure Smart City Municipal Drone Program

 
Smart City Security: Hacking and Securing Smart Cities
Modern cities are becoming smart by making use of new technologies for traffic control, public transport, street lighting, security, city  and resource management, and other improvements. These enhancements are extremely useful for citizens, however they come with inherent risk.
During this presentation from Cesar Cerrudo, CTO for IOActive, you will be shown how these technologies are vulnerable, as well as an overview of current and future threats. Cesar will also provide recommendations on how to improve a smart city’s security posture.

AUTHOR: Cesar Cerrudo
Watch on YouTube
Hacking Traffic Control Systems
Probably many of us have seen that scene from "Live Free or Die Hard" (Die Hard 4) were the "terrorist hackers" manipulate traffic signals by just hitting Enter key or typing a few keys, I wanted to do that! so I started to look around and of course I couldn't get to do the same, that's too Hollywood style! but I got pretty close. I found some interesting devices used by traffic control systems on important cities such as Washington DC, Seattle, New York, San Francisco, Los Angeles, etc. and I could hack them. I also found that these devices are also used in cities from UK, France, Australia, China, etc. making them even more interesting. This presentation will tell the whole story from how the devices were acquired, the research, on site testing demos (at Seattle, New York and Washington DC), vulnerabilities found and how they can be exploited.