SINGAPORE – In a rapidly evolving digital landscape, the integration of smart city infrastructure (SCI) is emerging as a pivotal strategy for cities striving to meet the United Nations (UN) Sustainable Development Goals (SDGs). These interconnected systems not only capture real-time data reflecting crucial SDGs but also present new challenges, as they become prime targets for cyber adversaries and criminals.
“Digital forensic investigators have faced significant challenges due to tight timelines and the vast amounts of data they must analyze during investigations. Collaboration on unique platforms like SCI necessitates a common reference point for investigations, making it critical to identify threats and the corresponding sources of digital evidence. This process can be both time-consuming and labor-intensive,” stated a representative from the Automated Systems Security (ASSET) Research Group.
In response to these challenges, a collaboration involving researchers has led to the development of the Smart City Ontological Paradigm Expression (SCOPE), a comprehensive ontology designed to address threats, cybercrime, and digital investigations within SCI. The research paper on SCOPE outlines its potential impact and has garnered attention in scientific circles.
Ontologies serve as structured representations of concepts and data in specific domains, allowing for a clearer understanding of complex topics. SCOPE aims to be an invaluable tool for digital forensic investigators, adhering to international standards while maintaining a technology-agnostic approach suitable for diverse sectors such as energy, home, and oil and gas.
During the research phase, the ASSET group evaluated existing ontologies like the Unified Cyber Ontology (UCO) and Cyber-investigation Analysis Standard Expression (CASE), ultimately discovering limitations in their representation of SCI. This realization sparked the design and development of SCOPE to better meet the needs of investigators.
Building upon previous research, the project integrates insights into SCI threats, cybercrime, and evidence sources, incorporating critical information from reliable frameworks. SCOPE is versatile, catering to various applications, including analysis of cybercrime incidents and evidence sharing.
To ensure SCOPE’s applicability in real-world scenarios, the research team tested its usability through scenarios mimicking activities by Advanced Persistent Threats (APTs). Evaluations included ontological representations, investigative techniques, and recovery strategies, proving essential for understanding how users can effectively apply SCOPE during cyber incidents.
The assessment indicated that SCOPE enhances investigation quality by providing granular details on malicious software effects, thus improving efficiency and enabling prompt remediation. Investigators gain access to vital technical information, fostering a more effective response to cyber threats.
ASSET research group has made SCOPE available to the digital forensic community, facilitating future investigations into SCI-related cybercrime. Plans for further tooling support and upcoming user studies with digital forensic professionals are underway, aimed at refining SCOPE for industry-wide application. The group also envisions future enhancements that could integrate SCOPE into digital forensics tools, empowering investigators in their workflows.
