The increasing development of cyber-physical technology in a smart city means an equal increase in the threat landscape and risk of cyber attack. The UK Government has recently published an interesting paper on the vision of cyber-physical infrastructure. This PDF covers the diverse range of capabilities offered by cyber-physical technologies including some interesting semantic topics such as Semantic Maps in section 2.1.5
This vast new landscape will generate a huge amount of data and events, and a major job for City Security is to determine if security events and incidents that occur in apparent isolation or randomness may have something in common and a related objective. This challenge is made more difficult by the diversity of events and incidents in the different city domains and by the fact the domains are now so interconnected. Cloud services and communications technologies are increasingly bridging Industrial Control, Building Control, Edge and IOT devices.
Smart City technologies will generate vast amounts of data as they go about processing the tasks they are developed to do. At the local level or edge domain, technologies will interact with physical environments supporting citizens, vehicles, infrastructure etc through sensors or connectivity. In the Cloud domain, technologies will collect and process events and transactions and then share output and outcomes back the edge or across multiple Cloud service platforms.
So how do we begin to process and analyse all of this data and these disparate events? Well, one starting point is to use threat scenarios and threat models, that work across a Mitre Kill Chain process, to help to identify common characteristics and associations.
This new Proof of Concept (POC) I am developing will use a range of smart city ontologies, standards and cyber security ontologies to help analyse a series of threat scenarios and threat models for the diverse set of smart city technology domains. The POC will build up the means to use semantic decision support techniques to help situational awareness and threat qualification. This decision support will use machine learning and reasoning engines to make projections and inferences about outcomes and courses of action.
The POC will be developed using Protege and Stardog so that new or existing ontologies can be tailored or prepared to be structured as RDFS and then uploaded into the Stardog platform so that they can integrate with a variety of data sets and virtual graphs. The Stardog platform allows the development of specific and virtual knowledge graphs, machine learning through the training of data sets and a reasoning engine to infer new knowledge outcomes.
During the development of the POC, I aim to deliver on 3 objectives:-
1] Build the necessary collection of semantic capabilities to support knowledge graph development, property graph integration and analysis methods of cyber security data.
2] Identify the right data sets to train with machine learning and integrate those results with ontological models to make associations and inferences to support situation awareness and risk management.
3] Integrate virtual graphs developed from associated reference data to extend the ontological meaning and reasoning of threat scenarios, events and anomalies.
If you are interested in looking at other semantic technologies and their capabilities i recommend a fantastic resource on Youtube – IsA Data Thing by Ashleigh Faith, where she reviews a range of applications and offers very good advice.
Smart City Cyber Security 