Hackers' motivations can range from a criminal intent aimed at financial gain, through to industrial
            espionage, cyber sabotage, cyber warfare, and political activism, among others. Any of these can be
            conceived, take place, and have damaging repercussions in SSC.
            Numerous episodes of city‐infrastructure sabotage have been recorded in recent times, suggesting
            that  ICT  vulnerabilities  can  jeopardize  the  safe  delivery  of  services  to  citizens,  and/or  their
            continuity.

            Vulnerabilities can involve data "in transit" (i.e. being transmitted between devices) or "at rest" (i.e.
            while stored). Malicious attackers will assess the vulnerability of the different systems and engineer
            the most effective and damaging approach according to their objectives.

            The following are examples of SSC services that are vulnerable to the above‐mentioned threats:

                   Smart grid, intelligent buildings and other critical infrastructure
            It is generally estimated that cities are responsible for between 60% and 80% of the world's energy
            use. Therefore, optimizing energy delivery and consumption is vital.

            Smart grid technology aims to tailor the generation and supply of energy to user consumption, thus
            increasing  efficiency,  reducing  costs  and  environmental  impact.  In  particular,  consumer  “smart
            meters”  and  sensors,  equipped  with  IP  addresses,  can  communicate  information  about  energy
            utilization patterns to the supplier, while allowing end‐user control. This can help manage real‐time
            demand, and even provide advice to consumers about their use habits.

            Buildings, both residential and commercial, provide an important opportunity to optimize energy
            consumption and enhance the well‐being of residents and workers. Intelligent buildings, particularly
            office environments, are able to leverage smart grid technologies to influence energy supply and
            consumption by controlling lighting, climate control and IT. They can even provide electric plug‐in
            stations for employees to recharge their cars while at work.

            Smart  grids  and  related  infrastructure  need  protection  from  attacks  that  could  cause  severe
            stoppages to cities, community sites, industrial sites and essential services.

            Attackers exploiting vulnerabilities in SCADA systems, based on traditional software platforms, can
            lead to intrusions with the potential to disrupt data exchange between utility control centers and
            end users, and severely compromise the delivery of energy services. Whitelisting techniques, used
            to ensure that only specified system applications and processes are active at any one time, are
            particularly effective against zero‐day vulnerabilities and attacks in SCADA environments. Zero‐day
            vulnerabilities are still unknown on the day of the attack, hence vulnerabilities against which no
            vendor has released a patch.

            Intruders can also install malware designed to obtain sensitive information, to control the networks
            that operate the service and cause a denial‐of‐service situation. This can be countered through
            intrusion  prevention  techniques,  coupled  with  robust  policies  in  areas  such  as  network  usage,
            browser patches, e‐mail usage, as well as users' awareness of the issue and their education and
            preparedness on the subject.
            At  the  end‐user  level,  smart  meters  may  simply  be  hacked  and  compromised  for  fraudulent
            purposes: to alter proof of consumption or to 'steal' energy from other users, while preventing the
            provider from detecting service flaws.








            434                                                      ITU‐T's Technical Reports and Specifications