A Review of Cyber Threats and Defence Approaches in Emergency Management

George Loukas, Diane Gan, Tuan Vuong
2013 Future Internet  
Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or because of malicious action, can have severe implications for emergency management. Accidental failures have been extensively documented in the past and significant effort has been put into the development and introduction of
more » ... more resilient technologies. At the same time researchers have been raising concerns about the potential of cyber attacks to cause physical disasters or to maximise the impact of one by intentionally impeding the work of the emergency services. Here, we provide a review of current research on the cyber threats to communication, sensing, information management and vehicular technologies used in emergency management. We emphasise on open issues for research, which are the cyber threats that have the potential to affect emergency management severely and for which solutions have not yet been proposed in the literature. Keywords: survey; pervasive computing; network-level security and protection; physical security; emergency management sensor networks can contribute towards early detection of emergency events [1, 2] , as well as improved situational awareness during a search and rescue operation, at the level of individual buildings [3] or larger geographical areas [4] . Autonomous systems and particularly autonomous vehicles are also commonly proposed in the EM context. Situational awareness and coordination may be improved with live aerial imagery provided by unmanned aerial vehicles [5] or with an ad hoc infrastructure of wireless robots that reach locations otherwise inaccessible to the first responders [6] . The Internet also plays a significant role, with several web-based EM systems, as well as with the widespread use of social media for the dissemination of information during an emergency, both by the authorities and the public [7, 8] . This increased use of computational and communication systems introduces cyber threats in EM. Cyber attacks can directly cause physical damage or indirectly aggravate a physical incident by impeding the work of first responders. As EM makes use of several private and public communication systems, from satellite communications to wireless sensor networks, cellular networks and the Internet, a security breach in one communication medium can have an impact on all other ones. In fact, the prevalent use of cyber-physical systems means that a cyber attack can even affect the operation of physical devices, such as flood control equipment or safety sensors. At the same time, decisions during an emergency need to be taken and communicated quickly. A cyber attack that would target the integrity of the information could have an immediate effect on the decision making that relies on that information, while a denial of service attack could cut off communication between commanders and first responders. The various EM interdependencies have been categorised by Dudenhoeffer et al. into physical, informational, geospatial, policy/procedural and societal ones [9,10]. Our aim is to illustrate the landscape of the EM-related information security research and identify areas of priority where further work is needed. We have previously discussed the security threats to EM networks and their unique challenges in terms of time-criticality, system interdependencies and the human element [11] . Here, we attempt to cover the broader spectrum of computational and communication threats in relation to the technologies used in the mitigation, preparedness, response and recovery phases. The four phases comprise what is known in EM as the Comprehensive approach, originally proposed in 1978 and, although challenged over the years [12] , still in use in the United States, the UK and Commonwealth, and several other countries. By following the widely used Comprehensive approach terminology, our aim is to facilitate communication between information security and EM practitioners and researchers. Mitigation Mitigation refers to actions taken to decrease the likelihood that an emergency will occur and reduce its impact should it occur. Geographical Information Systems (GIS) are often used to identify geographical areas of high risk that would need to be prioritised during an emergency, and disaster databases are used for research and risk analysis, informing policy making and emergency planning. Preparedness Preparedness refers to the development of policies and protocols, incident command systems, training, planning, coordination, and public awareness for potential emergencies. Simulation software may be Wireless Communication Networks Rogue nodes [33,34] Unauthorised use Pre-shared keys [33,35] list of approved devices [36], IDS [37], RFID [38], Hardware Security [39] Eavesdropping [33] Breach of confidentiality IPSec tunnel [33] Poor physical security [40] Access to crypto credentials/Insider threat Message-based content verification [41] Availability attacks (DoS, Jellyfish, grayhole, blackhole etc.) [40,42] Loss of availability Redundancy, traffic shaping and IDS [43], Oppcomms [44] World Wide Web Web-based attacks [45,46] EM websites and web-based information systems affected Web Security literature [46] Sybil attack [59] Multiple fake identities used to collaboratively overcome cryptographic techniques Collaborative detection [60] Rogue nodes in EM medical body sensor network [61] Unauthorised use Light-weight cryptography [62] Denial of service in EM medical body sensor network Loss of availability Body sensor network IDS [63]
doi:10.3390/fi5020205 fatcat:6rvut4jdgfemzawvsvuu6hprsi