MIT Libraries logoDSpace@MIT

MIT
View Item 
  • DSpace@MIT Home
  • MIT Libraries
  • MIT Theses
  • Doctoral Theses
  • View Item
  • DSpace@MIT Home
  • MIT Libraries
  • MIT Theses
  • Doctoral Theses
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Cybersecurity for urban critical infrastructure

Author(s)
Falco, Gregory J
Thumbnail
DownloadFull printable version (10.24Mb)
Other Contributors
Massachusetts Institute of Technology. Department of Urban Studies and Planning.
Advisor
Lawrence Susskind.
Terms of use
MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582
Metadata
Show full item record
Abstract
Our cities are under attack. Urban critical infrastructure which includes the electric grid, water networks, transportation systems and public health and safety services are constantly being targeted by cyberattacks. Urban critical infrastructure has been increasingly connected to the internet for the purpose of operational convenience and efficiency as part of the growing Industrial Internet of Things (HoT). Unfortunately, when deciding to connect these systems, their cybersecurity was not taken seriously. A hacker can monitor, access and change these systems at their discretion because of the infrastructure's lack of security. This is not only a matter of potential inconvenience. Digital manipulation of these devices can have devastating physical consequences. This dissertation describes three steps cities should take to prepare for cyberattacks and defend themselves accordingly. First, cities must understand how an attacker might compromise its critical infrastructure. In the first chapter, I describe and demonstrate a methodology for enumerating attack vectors across a citys CCTV security system. The attack methodology uses established cybersecurity typologies to develop an attack ruleset for an Al planner that was programmed to perform attack generation. With this, cities can automatically determine all possible approaches hackers can take to compromise their critical infrastructure. Second, cities need to prioritize their cyber risks. There are hundreds of attack permutations for a given system and thousands for a city. In the second chapter, I develop a risk model for urban critical infrastructure. The model helps prioritize vulnerabilities that are frequently exploited for HoT Supervisory Control and Data Acquisition (SCADA) systems. Finally, cities need tools to defend themselves. In the third chapter, I present a nontechnical approach to defending against attacks called cyber negotiation. Cyber negotiation is one of several non-technical cyberdefense tools I call Defensive Social Engineering, where victims can use social engineering against the hacker. Cyber negotiation involves using a negotiation framework to defend against attacks with steps urban critical infrastructure operators can take before, during and after an attack. This study combines computer science and urban planning (Urban Science) to provide a starting point for cities to prepare for and protect themselves against cyberattacks.
Description
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Urban Studies and Planning, 2018.
 
Cataloged from PDF version of thesis.
 
Includes bibliographical references (pages 110-116).
 
Date issued
2018
URI
http://hdl.handle.net/1721.1/118226
Department
Massachusetts Institute of Technology. Department of Urban Studies and Planning
Publisher
Massachusetts Institute of Technology
Keywords
Urban Studies and Planning.

Collections
  • Doctoral Theses

Browse

All of DSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

My Account

Login

Statistics

OA StatisticsStatistics by CountryStatistics by Department
MIT Libraries
PrivacyPermissionsAccessibilityContact us
MIT
Content created by the MIT Libraries, CC BY-NC unless otherwise noted. Notify us about copyright concerns.