Cybersecurity for urban critical infrastructure
Author(s)Falco, Gregory J
Massachusetts Institute of Technology. Department of Urban Studies and Planning.
MetadataShow full item record
Our cities are under attack. Urban critical infrastructure which includes the electric grid, water networks, transportation systems and public health and safety services are constantly being targeted by cyberattacks. Urban critical infrastructure has been increasingly connected to the internet for the purpose of operational convenience and efficiency as part of the growing Industrial Internet of Things (HoT). Unfortunately, when deciding to connect these systems, their cybersecurity was not taken seriously. A hacker can monitor, access and change these systems at their discretion because of the infrastructure's lack of security. This is not only a matter of potential inconvenience. Digital manipulation of these devices can have devastating physical consequences. This dissertation describes three steps cities should take to prepare for cyberattacks and defend themselves accordingly. First, cities must understand how an attacker might compromise its critical infrastructure. In the first chapter, I describe and demonstrate a methodology for enumerating attack vectors across a citys CCTV security system. The attack methodology uses established cybersecurity typologies to develop an attack ruleset for an Al planner that was programmed to perform attack generation. With this, cities can automatically determine all possible approaches hackers can take to compromise their critical infrastructure. Second, cities need to prioritize their cyber risks. There are hundreds of attack permutations for a given system and thousands for a city. In the second chapter, I develop a risk model for urban critical infrastructure. The model helps prioritize vulnerabilities that are frequently exploited for HoT Supervisory Control and Data Acquisition (SCADA) systems. Finally, cities need tools to defend themselves. In the third chapter, I present a nontechnical approach to defending against attacks called cyber negotiation. Cyber negotiation is one of several non-technical cyberdefense tools I call Defensive Social Engineering, where victims can use social engineering against the hacker. Cyber negotiation involves using a negotiation framework to defend against attacks with steps urban critical infrastructure operators can take before, during and after an attack. This study combines computer science and urban planning (Urban Science) to provide a starting point for cities to prepare for and protect themselves against cyberattacks.
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Urban Studies and Planning, 2018.Cataloged from PDF version of thesis.Includes bibliographical references (pages 110-116).
DepartmentMassachusetts Institute of Technology. Department of Urban Studies and Planning.
Massachusetts Institute of Technology
Urban Studies and Planning.