This 2nd part of Smart Cities cyber security provides case studies to show by concrete example the reality of cyber attacks. This article shows that attacks are most often simple hack that would be feasible for an average teenager (often called “script kiddies”). Those attacks could have been avoided by simple countermeasures but basic principles and best practices are far from being implemented, in particular in public area such as smart cities.
We expect more and more attacks on public infrastructures and public organisational process (industrial sites or private business infrastructure should be less and less vulnerable with signifiant effort to add security layers over the last years) such as:
- National presidential election (see what happened during the US election with mailbox hacking of Hillary Clinton staff)
- Unions election (unions are so powerful in some countries that they might be considered as highly valuable target to destabilize a country)
- Hospital, medical center, healthcare system, …
- University (we have never heard yet massive fake diploma hack but it will happen sooner or later)
- Water, electricity, gas distribution system, …
This 2nd article gives a list of basic principles and rules that should be a first guideline or at least of first insight for better cyber attack risk and countermeasures.
On top priority, it is critical to understand attackers motivations and environment even before identifying where are the system weaknesses. In some countries, you leave your home door opened all day and nothing happens. In other countries, you invest in door secured locks and real-time detection intrusion system in your home, but it does not protect you from home-jacking or car-jacking… Never underestimate or overestimate your enemy, know him !