Binary Analysis in the Age of Smart Cities

Smart cities are the future, but how do we protect them amidst rising cybersecurity threats in the software supply chain?

By some counts, over 140 smart cities already exist today and the United Nations predicts that 68% of the world’s population will live in cities by mid-century. As all cities become increasingly interconnected, and the chasm shrinks between our cities of today and the smart cities of the future, the urgency to build secure infrastructure has never been more critical.

In this rapidly expanding landscape, where the global smart cities market is expected to exceed $2.9 trillion by 2028, the role of binary analysis in cybersecurity becomes paramount. These technologically advanced urban environments, comprising diverse ecosystems of public and private entities, municipal services, and interconnected technologies, face unique security challenges.

This article explores how binary analysis is indispensable in safeguarding the software supply chain, thereby ensuring the operational integrity and safety of essential services in these dynamic urban landscapes.

The Challenge: Cybersecurity for Smart Cities

Along with the certainty that smart cities will both proliferate and continue to evolve with increasingly complex and interconnected technologies, we can be sure that their increasing reliance on information and communication technologies (ICT) for improving urban services and infrastructure will also result in their heightened vulnerability to cyberattacks.

This connectedness, while bringing both efficiency and innovation, also exposes the systems of smart cities to an ever-changing list of cyber threats. As digital technologies increasingly come to critical services like utilities, transportation, and public safety, cyberattacks in these areas can have far-reaching and even devastating consequences.

Specific Vulnerabilities in Smart City Infrastructures

UC Berkeley's Center for Long-Term Cybersecurity asked 76 cybersecurity experts to rank the most likely and most impactful cybersecurity attacks that could target smart cities. Their answers paint a stark picture of what may come, how bad it may be, and who is mostly likely to launch the attack.

Across the board, cybersecurity experts cited the Emergency and Alert Systems within smart cities as being:

• Most vulnerable
• Most impactful in the event of a successful attack
• The area of most interest by national-state attackers

What were the second- and third-most cited vulnerable areas within smart cities?

Street video surveillance systems and street traffic lights and signals. While the targeting of these systems raises questions about public safety, emergency response, privacy violations and more, they also beg questions about how we protect ourselves against cyberthreats launched against us by enemy nation-states, insiders, and terrorist groups.

Real-World Examples of Cyberattacks on Cities

2021 Oldsmar, Florida Water Supply Cyberattack In February 2021, a critical incident occurred when an outsider successfully breached the cybersecurity of a Florida water supply system. This attacker managed to alter the chemical concentrations in the water, posing a direct threat to public health and safety. This cyberattack underscored the vulnerability of essential public services in smart cities to cyber threats. It highlighted the dire need for stringent security measures in protecting critical infrastructure such as water supply systems and others that directly impact the well-being of citizens.

2015 Ukrainian Power Grid Cyberattack The 2015 cyberattack on the Ukrainian power grid was a landmark event, demonstrating the susceptibility of operational technology layers in smart cities to sophisticated cyber threats. This attack led to widespread disruptions in electricity supply, affecting thousands of people and showcasing the potential for significant societal impact through the targeting of critical infrastructure. It served as a stark reminder of the risks that smart city technologies face and the necessity for robust cybersecurity frameworks to safeguard essential services like power grids from malicious interventions.

Dallas Weather Alert Sirens Hack In a startling incident, hackers gained control of the weather alert sirens in Dallas. They triggered the sirens in the middle of the night, causing widespread panic among the city's residents. This hack not only disrupted the city's emergency alert system but also demonstrated how seemingly benign components of a smart city's infrastructure, like alert sirens, can be manipulated to create chaos and fear. The incident highlighted the importance of securing all facets of smart city technology against unauthorized access and tampering.

University of Michigan Streetlight Takeover A notable experiment conducted by researchers from the University of Michigan involved taking over the control of streetlights in a city. This controlled cyberattack resulted in significant traffic problems, illuminating the potential consequences of compromised smart city infrastructure. Although conducted as a test, this takeover illustrated how essential everyday services, such as street lighting, can be vulnerable to cyberattacks, leading to substantial disruptions in urban life. This case exemplified the need for comprehensive cybersecurity measures that encompass all aspects of a smart city's functioning.

Securing Smart Cities with Binary Analysis: A Strategic Approach

The Need for Agile Security in Heterogeneous Environments

Smart cities, characterized by their diverse and interconnected technological ecosystems, require an agile, and comprehensive security posture. This involves evaluating a wide range of capable security solutions, with a focus on those that prioritize integrations and sourcing vulnerability and threat data from a wide range of sources. In these environments, detection trumps prevention and the flexibility needed to adapt to the evolving landscape of threats becomes essential, especially in a field as dynamic and varied as smart city infrastructure and its complex software supply chain.

The Role of Binary Analysis

The value of binary analysis cannot be ignored here. This technique utilizes automated reverse engineering to provide rapid risk insights without impacting operational technology (OT) operations or uptime.

Binary analysis involves deep scanning of device firmware to unearth vulnerabilities that might otherwise remain hidden. By dissecting and examining the binary code—the fundamental DNA of software—security experts can identify weak spots in the complex mesh of software supply chains that runs smart city infrastructures.

SBOMs and Vulnerability Management

Supplementing binary analysis is the generation and enrichment of Software Bill of Materials (SBOMs). An SBOM is essentially an inventory list for software components. When enriched with vulnerability data, it becomes a powerful tool to prioritize remediation actions based on threat intelligence. This level of detail is crucial for effective vulnerability management, especially in the context of IoT and OT security, where devices and their software supply chains often operate as mysterious black boxes with opaque internal workings.

Endpoint Security: A Comparison

To understand the value of binary analysis and SBOMs, consider the analogy of endpoint security in a Security Operations Center (SOC). Endpoint security solutions offer visibility into assets, revealing not just the make and model of devices like laptops, but also their firmware, installed software, and network behavior. This visibility is crucial for managing security. However, in the realm of IoT and OT, such visibility is often lacking. Binary analysis and SBOMs bridge this gap, providing the SOC with the much-needed insight into what exactly is inside these connected devices.

The Challenge of IoT and OT Security

In smart cities, IoT and OT devices are ubiquitous, yet their inner workings remain largely unknown. Current methods like network monitoring can reveal which devices are connecting to certain IP addresses, but they fall short of showing what's inside the devices and in providing transparency into their software supply chains. Without this knowledge, security teams are often left in the dark about potential vulnerabilities or the behavior of these devices on the network.

The Power of Visibility and Intelligence

Binary analysis and comprehensive SBOMs transform this scenario. They start to offer a level of visibility akin to that found in endpoint security, but for IoT and OT devices. This visibility is key to understanding and mitigating product security and software supply chain threats. It enables organizations to not just identify vulnerabilities but also understand how these could be exploited by attackers, potentially impacting critical processes within smart city infrastructure.

The Need for a New Approach

Research from the Ponemon Institute indicates that 56% of security practitioners see the rise in supply chain and IoT attacks as a call for new approaches to product security strategy. Almost half of these professionals have little confidence in their organization's ability to fully identify all vendors in their device supply chains. This lack of confidence underscores the need for solutions like binary analysis and SBOMs, which offer a more granular and actionable view of the security landscape within smart cities.

For smart cities to thrive securely amidst a landscape of increasing cyber threats, adopting tools like binary analysis and comprehensive SBOMs is not just beneficial but essential. These tools provide the detailed insights needed to manage and mitigate risks in the complex, multi-faceted environments of smart cities.