SlideShare a Scribd company logo

Cyber Security Challenges in Building Smartcity (Presented in 2016)

A
AvinantaTarigan

Security of Smart City presented in 2016

Technology
1 of 23
Download to read offline
Cyber Security Challenges in Building Smart City Avinanta Tarigan Research Center for Cryptography and Information Security - Pusat Studi Kriptografi dan Keamanan Sistem - Gunadarma University http://ps-sekuriti.gunadarma.ac.id
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart City, What is all about ? An urban development vision to integrate multiple information and communication technology (ICT) and Internet of Things (IoT) solutions in a secure fashion to manage a city’s assets.
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart City : Hope 1. Convinience Public Services 2. Safety and Security of Citizen 3. Enhanced Livability of the City 4. Smartness in every aspects of City Life 5. Long Term Effectiveness Establishing Trust → Make System Dependable → Really3 Difficult
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart city components •Intelligent buildings •Public Safety & Security •Connected Healthcare, Telemedicine •Connected Education, Distant Learning •Free WiFi hotspots •Emergency services •Intelligent transportation •Smart Grid Logical & Virtual Level •Governance, Risk, Compliance •Connectivity •Big Data •Disaster recovery •Privacy, Identity •Service continuity Technology platform and components •Cyber Security solutions •Backup and recovery solutions •RFID, M2M, Sensors •SCADA, Smart meters, AMI •Mobile devices •Wireless •Cloud, Virtualised DC
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart City is not a Product ● Integration of Well Established Systems ● City InfoSys, Firefighter, Hospitals, Financial, Payment Systems, Schools, etc. ● Interoperability & Governance ● Protocols, Rules, Standards, Vendors, Compliance, Audit, Legal ● Technological Enabler ● IoT, Social Media, Wireless-NG, SmartPhone, Artificial Intelligence, Big Data, Data Mining, ● People ● Authorities, Citizen (end users), Developers
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Security Breaches / Incidents
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Cyber-Security
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Vulnerability ● (A)uthentication ● Proving ID of accessing entity ● (I)ntegrity ● Maintain integrity of system ● (C)onfidentiality ● No rights for wrong person ● (A)vailability ● Services are available when needed ● AICA ● Attack ● Established by exploiting vulnerabilty of the system ● Vulnerability ● A weakness in design, implementation, operation or internal control, that may breaks AICA ● Difficult to detect ● Easy to exploit when you have exploit tools
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Vulnerabilities
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Bugs Disasters ● Simple bugs can cause big problems : ● May 2012 Califonia : system accidentaly summoned 1200 people to jury duty on the same morning causing traffic jam ● November 2013 : Bay Area Rapid Transmit (BART) major software glitch, affected 19 trains ● August 2003 Northeast, total blackout, primary cause software bugs in the alarm system at a control room of an Energy Company, affected 55 million people
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Proven Known Attack on Smart City ● Proven Attack on Traffic Light Systems ● Michigan Univ → 100.000 intersections in the US ● Wireless encryption problems on street lighting → firmware replacement ● Manipulate information in City Management Systems by attacking web apps and phising ● Etc. → Single Vulnerability affects many → Vendors often do not care about security
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Complexity adds Vulnerability ● Attacker needs only a weakest chain to break security → end users ● Adding more chains doubles likelihood of the present of vulnerability ● Smart City is constructed as complex system
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Attacks on Sensors ● Sensors ● Communication between wireless sensors and the host are not secure ( some not encrypted or encrypted with bugs in the protocol ) ● Anti tempered sensors are rare. One can replace firmware. ● Authentication are poor → fake / spoofed sensors ● Fake seismic detection, Fake flood detection ● Fake signals → wrong decision → disasters
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Malware ● Infected many devices ● Various types and infection technique ● BotNet, Ransonware, Spyware, AdWare ● Man – In – The - Middle ● StuxNet → attack on critical infrastructure ● Estonia Incidents
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart City Systems Other Stakeholder
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Social Engineering
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Problems ● Building Dependable System is very hard ● Tampered Hardware & Unsecure Software ● Vendors Dependency ● Unsecure System Development ● Lack of Cybersecurity Knowledge and Skills of ICT persons ● Security through Obscurity ● Lack of Security awareness of end users ● Improper ICT Governance ● etc
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Building Secure Smart City ● Top level management awareness and commitment ● City-wide Vulnerability Management Periodic PenTest and Audit ● Good ICT Governance → Continous Security ● CERT (Computer Emergency Response Team) at Municipality Level or even RTRW-CERT ● Disaster Recovery Plan (DRP) & Security Breaches Recovery Plan (SBRP) ● Security and Risk Analysis for every Smart-City Apps and new Devices
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Building Secure ….. (continued) ● Security Compliance – Vendor Certification ● Forensic Ready Products ● Sec-LA (Security Level Agreement) from Vendors ● Secure System Development Cycle ● Skillfull and yet “secure” system developer ● Continous Security Testing against all chains in the system ● Cyberthreat Intelligence
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Continues Security Process
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Manajemen Aset & Konfigurasi IT Asset TI IDS Vulnerability Scanner Profile Nasional Aset TI Honey Pot Analisis & Reporting (Lokal) Respon & Analisis Serangan Simulasi & Analisis Penangkalan Analisis Ancaman & Resiko Basis Data Pola Serangan, Mitigasi Pusat Komando Analisis Situasi Siber Nasional Koordinasi Mitigasi & Tindakan Pencegahan & Pemulihan (Lokal) Pemutahiran Basis Data Pola Serangan B A D A N R I S E T S E K U R I T I S I B E R Organisasi 1 .. N Firewall, Reactive IDS SOP
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Concluding Remarks ● Smart City is a very complex socio-technical system constructed from interconnected independence system ● If a chain in the system breaks, it could break the security of entire system. To make system dependable is hard. ● Comprehensive secure framework in building system for Smart City is badly needed ● CyberSecurity Awareness for Authorities, De ● Continous Security Process
Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Thank You

Recommended

Towards Security Software Engineering the Smart Grid as a System of Systems
Towards Security Software Engineering the Smart Grid as a System of SystemsTowards Security Software Engineering the Smart Grid as a System of Systems
Towards Security Software Engineering the Smart Grid as a System of Systems
Vanea Chiprianov
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & Hygine
Amit Arya
 
IRJET- Internet of Things based Emergency System
IRJET- Internet of Things based Emergency SystemIRJET- Internet of Things based Emergency System
IRJET- Internet of Things based Emergency System
IRJET Journal
 
Io t platform-infotech_arpanpal
Io t platform-infotech_arpanpalIo t platform-infotech_arpanpal
Io t platform-infotech_arpanpal
Arpan Pal
 
CV
CVCV
CV
MohammedAbuhamad1
 
Security analysis of emerging smart home applications 11.2016
Security analysis of emerging smart home applications 11.2016Security analysis of emerging smart home applications 11.2016
Security analysis of emerging smart home applications 11.2016
단국-삼성 모바일연구소 Samsung Mobile Institute
 
IRJET- A Survey on Vehicle Security System using IoT
IRJET- A Survey on Vehicle Security System using IoTIRJET- A Survey on Vehicle Security System using IoT
IRJET- A Survey on Vehicle Security System using IoT
IRJET Journal
 
ICT Innovation @UM
ICT Innovation @UMICT Innovation @UM
ICT Innovation @UM
David Asirvatham
 

Recommended

Towards Security Software Engineering the Smart Grid as a System of Systems
Towards Security Software Engineering the Smart Grid as a System of SystemsTowards Security Software Engineering the Smart Grid as a System of Systems
Towards Security Software Engineering the Smart Grid as a System of Systems
Vanea Chiprianov
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & Hygine
Amit Arya
 
IRJET- Internet of Things based Emergency System
IRJET- Internet of Things based Emergency SystemIRJET- Internet of Things based Emergency System
IRJET- Internet of Things based Emergency System
IRJET Journal
 
Io t platform-infotech_arpanpal
Io t platform-infotech_arpanpalIo t platform-infotech_arpanpal
Io t platform-infotech_arpanpal
Arpan Pal
 
CV
CVCV
CV
MohammedAbuhamad1
 
Security analysis of emerging smart home applications 11.2016
Security analysis of emerging smart home applications 11.2016Security analysis of emerging smart home applications 11.2016
Security analysis of emerging smart home applications 11.2016
단국-삼성 모바일연구소 Samsung Mobile Institute
 
IRJET- A Survey on Vehicle Security System using IoT
IRJET- A Survey on Vehicle Security System using IoTIRJET- A Survey on Vehicle Security System using IoT
IRJET- A Survey on Vehicle Security System using IoT
IRJET Journal
 
ICT Innovation @UM
ICT Innovation @UMICT Innovation @UM
ICT Innovation @UM
David Asirvatham
 
IRJET-An Experimental Study on Concrete by Partial Replacement of Cement with...
IRJET-An Experimental Study on Concrete by Partial Replacement of Cement with...IRJET-An Experimental Study on Concrete by Partial Replacement of Cement with...
IRJET-An Experimental Study on Concrete by Partial Replacement of Cement with...
IRJET Journal
 
Nishant Kumar Maini CV(060116)
Nishant Kumar Maini CV(060116)Nishant Kumar Maini CV(060116)
Nishant Kumar Maini CV(060116)
Nishant Maini
 
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
NECST Lab @ Politecnico di Milano
 
Security in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical SystemsSecurity in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical Systems
FAST-Lab. Factory Automation Systems and Technologies Laboratory, Tampere University of Technology
 
A3.ppt
A3.pptA3.ppt
A3.ppt
Preethi Ars
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016
OMNETRIC
 
FinalResearch_95752_oliver
FinalResearch_95752_oliverFinalResearch_95752_oliver
FinalResearch_95752_oliver
Madison Oliver
 
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
Estu Fardani
 
Personal Presentation
Personal PresentationPersonal Presentation
Personal Presentation
Antonio Di Maio
 
Io t of actuating things
Io t of actuating thingsIo t of actuating things
Io t of actuating things
Arpan Pal
 
Protecting the Energy Supply Chain - Dubai
Protecting the Energy Supply Chain - Dubai Protecting the Energy Supply Chain - Dubai
Protecting the Energy Supply Chain - Dubai
Thomas Zakrzewski (Tom Z.,)
 
Automatic Railway Gate Control System Using Android
Automatic Railway Gate Control System Using AndroidAutomatic Railway Gate Control System Using Android
Automatic Railway Gate Control System Using Android
ijtsrd
 
IRJET- Advance ATM Security Solution
IRJET- Advance ATM Security SolutionIRJET- Advance ATM Security Solution
IRJET- Advance ATM Security Solution
IRJET Journal
 
Smart Cities in the IoT Era
Smart Cities in the IoT EraSmart Cities in the IoT Era
Smart Cities in the IoT Era
Opposing Force S.r.l.
 
IoT Smart keychain finder project
IoT Smart keychain finder project IoT Smart keychain finder project
IoT Smart keychain finder project
RShkShrm
 
Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application
Iliyas Khan
 
Digital Trends - Redefining the Insurance Industry (2016)
Digital Trends - Redefining the Insurance Industry (2016)Digital Trends - Redefining the Insurance Industry (2016)
Digital Trends - Redefining the Insurance Industry (2016)
Chulalongkorn University
 
Application Security: Last Line of Defense
Application Security: Last Line of DefenseApplication Security: Last Line of Defense
Application Security: Last Line of Defense
Narudom Roongsiriwong, CISSP
 
2015 android project
2015 android project2015 android project
2015 android project
Hari Krishnan
 
Nagaraju_curriculum vitae
Nagaraju_curriculum vitaeNagaraju_curriculum vitae
Nagaraju_curriculum vitae
U. Nagaraju
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
 

More Related Content

Similar to Cyber Security Challenges in Building Smartcity (Presented in 2016)

Nishant Kumar Maini CV(060116)
Nishant Kumar Maini CV(060116)Nishant Kumar Maini CV(060116)
Nishant Kumar Maini CV(060116)
Nishant Maini
 
FinalResearch_95752_oliver
FinalResearch_95752_oliverFinalResearch_95752_oliver
FinalResearch_95752_oliver
Madison Oliver
 
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
Estu Fardani
 
Automatic Railway Gate Control System Using Android
Automatic Railway Gate Control System Using AndroidAutomatic Railway Gate Control System Using Android
Automatic Railway Gate Control System Using Android
ijtsrd
 
Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application
Iliyas Khan
 
Application Security: Last Line of Defense
Application Security: Last Line of DefenseApplication Security: Last Line of Defense
Application Security: Last Line of Defense
Narudom Roongsiriwong, CISSP
 

Similar to Cyber Security Challenges in Building Smartcity (Presented in 2016) (20)

IRJET-An Experimental Study on Concrete by Partial Replacement of Cement with...
IRJET-An Experimental Study on Concrete by Partial Replacement of Cement with...IRJET-An Experimental Study on Concrete by Partial Replacement of Cement with...
IRJET-An Experimental Study on Concrete by Partial Replacement of Cement with...
 
Nishant Kumar Maini CV(060116)
Nishant Kumar Maini CV(060116)Nishant Kumar Maini CV(060116)
Nishant Kumar Maini CV(060116)
 
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Indus...
 
Security in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical SystemsSecurity in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical Systems
 
A3.ppt
A3.pptA3.ppt
A3.ppt
 
Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016Grid Analytics Europe 2016: "Defend the Grid", April 2016
Grid Analytics Europe 2016: "Defend the Grid", April 2016
 
FinalResearch_95752_oliver
FinalResearch_95752_oliverFinalResearch_95752_oliver
FinalResearch_95752_oliver
 
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
Towards Universitas Indonesia Next Generation Firewall Service - Tonny | GNOM...
 
Personal Presentation
Personal PresentationPersonal Presentation
Personal Presentation
 
Io t of actuating things
Io t of actuating thingsIo t of actuating things
Io t of actuating things
 
Protecting the Energy Supply Chain - Dubai
Protecting the Energy Supply Chain - Dubai Protecting the Energy Supply Chain - Dubai
Protecting the Energy Supply Chain - Dubai
 
Automatic Railway Gate Control System Using Android
Automatic Railway Gate Control System Using AndroidAutomatic Railway Gate Control System Using Android
Automatic Railway Gate Control System Using Android
 
IRJET- Advance ATM Security Solution
IRJET- Advance ATM Security SolutionIRJET- Advance ATM Security Solution
IRJET- Advance ATM Security Solution
 
Smart Cities in the IoT Era
Smart Cities in the IoT EraSmart Cities in the IoT Era
Smart Cities in the IoT Era
 
IoT Smart keychain finder project
IoT Smart keychain finder project IoT Smart keychain finder project
IoT Smart keychain finder project
 
Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application Secured home with 3 factor authentication using android application
Secured home with 3 factor authentication using android application
 
Digital Trends - Redefining the Insurance Industry (2016)
Digital Trends - Redefining the Insurance Industry (2016)Digital Trends - Redefining the Insurance Industry (2016)
Digital Trends - Redefining the Insurance Industry (2016)
 
Application Security: Last Line of Defense
Application Security: Last Line of DefenseApplication Security: Last Line of Defense
Application Security: Last Line of Defense
 
2015 android project
2015 android project2015 android project
2015 android project
 
Nagaraju_curriculum vitae
Nagaraju_curriculum vitaeNagaraju_curriculum vitae
Nagaraju_curriculum vitae
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Cyber Security Challenges in Building Smartcity (Presented in 2016)

  • 1. Cyber Security Challenges in Building Smart City Avinanta Tarigan Research Center for Cryptography and Information Security - Pusat Studi Kriptografi dan Keamanan Sistem - Gunadarma University http://ps-sekuriti.gunadarma.ac.id
  • 2. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart City, What is all about ? An urban development vision to integrate multiple information and communication technology (ICT) and Internet of Things (IoT) solutions in a secure fashion to manage a city’s assets.
  • 3. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart City : Hope 1. Convinience Public Services 2. Safety and Security of Citizen 3. Enhanced Livability of the City 4. Smartness in every aspects of City Life 5. Long Term Effectiveness Establishing Trust → Make System Dependable → Really3 Difficult
  • 4. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart city components •Intelligent buildings •Public Safety & Security •Connected Healthcare, Telemedicine •Connected Education, Distant Learning •Free WiFi hotspots •Emergency services •Intelligent transportation •Smart Grid Logical & Virtual Level •Governance, Risk, Compliance •Connectivity •Big Data •Disaster recovery •Privacy, Identity •Service continuity Technology platform and components •Cyber Security solutions •Backup and recovery solutions •RFID, M2M, Sensors •SCADA, Smart meters, AMI •Mobile devices •Wireless •Cloud, Virtualised DC
  • 5. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart City is not a Product ● Integration of Well Established Systems ● City InfoSys, Firefighter, Hospitals, Financial, Payment Systems, Schools, etc. ● Interoperability & Governance ● Protocols, Rules, Standards, Vendors, Compliance, Audit, Legal ● Technological Enabler ● IoT, Social Media, Wireless-NG, SmartPhone, Artificial Intelligence, Big Data, Data Mining, ● People ● Authorities, Citizen (end users), Developers
  • 6. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Security Breaches / Incidents
  • 7. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Cyber-Security
  • 8. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Vulnerability ● (A)uthentication ● Proving ID of accessing entity ● (I)ntegrity ● Maintain integrity of system ● (C)onfidentiality ● No rights for wrong person ● (A)vailability ● Services are available when needed ● AICA ● Attack ● Established by exploiting vulnerabilty of the system ● Vulnerability ● A weakness in design, implementation, operation or internal control, that may breaks AICA ● Difficult to detect ● Easy to exploit when you have exploit tools
  • 9. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Vulnerabilities
  • 10. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Bugs Disasters ● Simple bugs can cause big problems : ● May 2012 Califonia : system accidentaly summoned 1200 people to jury duty on the same morning causing traffic jam ● November 2013 : Bay Area Rapid Transmit (BART) major software glitch, affected 19 trains ● August 2003 Northeast, total blackout, primary cause software bugs in the alarm system at a control room of an Energy Company, affected 55 million people
  • 11. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Proven Known Attack on Smart City ● Proven Attack on Traffic Light Systems ● Michigan Univ → 100.000 intersections in the US ● Wireless encryption problems on street lighting → firmware replacement ● Manipulate information in City Management Systems by attacking web apps and phising ● Etc. → Single Vulnerability affects many → Vendors often do not care about security
  • 12. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Complexity adds Vulnerability ● Attacker needs only a weakest chain to break security → end users ● Adding more chains doubles likelihood of the present of vulnerability ● Smart City is constructed as complex system
  • 13. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Attacks on Sensors ● Sensors ● Communication between wireless sensors and the host are not secure ( some not encrypted or encrypted with bugs in the protocol ) ● Anti tempered sensors are rare. One can replace firmware. ● Authentication are poor → fake / spoofed sensors ● Fake seismic detection, Fake flood detection ● Fake signals → wrong decision → disasters
  • 14. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Malware ● Infected many devices ● Various types and infection technique ● BotNet, Ransonware, Spyware, AdWare ● Man – In – The - Middle ● StuxNet → attack on critical infrastructure ● Estonia Incidents
  • 15. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Smart City Systems Other Stakeholder
  • 16. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Social Engineering
  • 17. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Problems ● Building Dependable System is very hard ● Tampered Hardware & Unsecure Software ● Vendors Dependency ● Unsecure System Development ● Lack of Cybersecurity Knowledge and Skills of ICT persons ● Security through Obscurity ● Lack of Security awareness of end users ● Improper ICT Governance ● etc
  • 18. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Building Secure Smart City ● Top level management awareness and commitment ● City-wide Vulnerability Management Periodic PenTest and Audit ● Good ICT Governance → Continous Security ● CERT (Computer Emergency Response Team) at Municipality Level or even RTRW-CERT ● Disaster Recovery Plan (DRP) & Security Breaches Recovery Plan (SBRP) ● Security and Risk Analysis for every Smart-City Apps and new Devices
  • 19. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Building Secure ….. (continued) ● Security Compliance – Vendor Certification ● Forensic Ready Products ● Sec-LA (Security Level Agreement) from Vendors ● Secure System Development Cycle ● Skillfull and yet “secure” system developer ● Continous Security Testing against all chains in the system ● Cyberthreat Intelligence
  • 20. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Continues Security Process
  • 21. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Manajemen Aset & Konfigurasi IT Asset TI IDS Vulnerability Scanner Profile Nasional Aset TI Honey Pot Analisis & Reporting (Lokal) Respon & Analisis Serangan Simulasi & Analisis Penangkalan Analisis Ancaman & Resiko Basis Data Pola Serangan, Mitigasi Pusat Komando Analisis Situasi Siber Nasional Koordinasi Mitigasi & Tindakan Pencegahan & Pemulihan (Lokal) Pemutahiran Basis Data Pola Serangan B A D A N R I S E T S E K U R I T I S I B E R Organisasi 1 .. N Firewall, Reactive IDS SOP
  • 22. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Concluding Remarks ● Smart City is a very complex socio-technical system constructed from interconnected independence system ● If a chain in the system breaks, it could break the security of entire system. To make system dependable is hard. ● Comprehensive secure framework in building system for Smart City is badly needed ● CyberSecurity Awareness for Authorities, De ● Continous Security Process
  • 23. Tangerang, Aug 11 2016 Seminar on Smart City, Gunadarma University Thank You