cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alexpan
Newcomer I

Understanding the risks of smart city technologies

Hi everyone!

I'm Alex Pan, a PhD student in Transportation Engineering at the University of California, Berkeley. I am working on a project about the cybersecurity of smart city technologies run by Professors Alison Post and Karen Trapenberg Frick. The aim of the project is to understand variation in the vulnerabilities of different smart city technologies to cyberattack, as well as the variation in the extent to which different technologies are likely to be targeted and the potential impacts of successful cyberattacks. The project is funded by the Center for Long-Term Cybersecurity at Berkeley.

 

As part of this project, we have developed a 15-minute survey for IT professionals and security experts to learn more about your assessment of the vulnerabilities, threats, and consequences of cyberattacks to technologies such as smart traffic lights, street video surveillance, and smart meters. Many new technologies are currently being considered for adoption by local government agencies, so we want to provide insights drawing on the expertise of security professionals and disseminate these findings to policy-makers, professionals, and researchers.

 

We are very grateful for your time and help! The survey will close August 14th, 2020 and for every completed response, we will be donating $10 to Feeding America's COVID-19 Response Fund. Our findings will be summarized in a report and distributed to the (ISC)2 community.

 

Thank you!

Alex

4 Replies
Caute_cautim
Community Champion

@alexpan    Well I missed the survery, but there is plenty of material available with examples:

 

https://www.comparitech.com/blog/vpn-privacy/smart-cities-privacy-risks/

 

Regards

 

Caute_cautim

alexpan
Newcomer I

Thanks for the resource @Caute_cautim ! The survey is still open and we are extending the responses to the end of next week (August 21).

CraginS
Defender I


@alexpan wrote:

Hi everyone!

I'm Alex Pan, a PhD student in Transportation Engineering at the University of California, Berkeley. I am working on a project about the cybersecurity of smart city technologies run by Professors Alison Post and Karen Trapenberg Frick. The aim of the project is to understand variation in the vulnerabilities of different smart city technologies to cyberattack, as well as the variation in the extent to which different technologies are likely to be targeted and the potential impacts of successful cyberattacks. The project is funded by the Center for Long-Term Cybersecurity at Berkeley.

...

 

Thank you!

Alex


Alex, 

I started the survey, but abandoned it on the first full question, asking me to rank-order nine technologies based on relative vulnerability. I did so because my evaluation of vulnerability on many of them has to do with the method of data transmittal, as opposed to the nature of the sensors. For others in the list, my evaluation of vulnerability is based on the nature of sensor unique identifier technology. This means I need to group the technologies into groups of equivalently vulnerable technologies, rather than rank order several in an arbitrary order which would be meaningless. If you had asked me to score each technology as to level of vulnerability on a Likert scale (e.g. 1-5 or 1-7) I would have proceeded with the survey.

I realize it is too late to modify your survey structure, so good luck on obtaining  analysis from respondents.

 

As your UC research team works further on this project (which I applaud) I hope you take into account the difference between perceived vulnerability  and perceived impact level of successful attack. I found myself conflating the two concerns when I began the vulnerability evaluation, and had to work to separate the two concerns in my mind. For instance, the impact of gaining control of the priority traffic light controls is much higher than the impact of changing how often garbage cans are collected. Gaining control of the ShotSpotter technology has even higher impact, either by flooding the system with false reports to scatter law enforcement to the wrong part of the city, or suppressing true reports to hide the action of a real shooter.

 

I do look forward to the results of this and future efforts of your team, because this is a very important area of research, with a lot of potential to help cities prioritize security spending wisely.

 

Best wishes,

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
alexpan
Newcomer I

Hi Craig,

Thanks for the feedback! In the survey, we do ask for both a vulnerability and an impacts ranking - the vulnerability question comes first, then the next page of the survey is the impacts ranking. Hope that helps!