SMART cities are becoming a reality rather than a concept, and integrating technology into everyday infrastructure has become a norm.
They present local authorities with a vast number of opportunities, including data-driven decision-making, enhanced engagement between citizens and the government and a reduced environmental footprint.
As with any new technology, there are risks to consider when developing smart cities.
One of the biggest threats is their vulnerability to cyberattacks. This is because using large and connected networks will give cybercriminals more entry points and the perfect opportunity to jump from one exposed system to the next.
While we should not let fear get in the way of innovation, it is essential that we adequately prepare ourselves with robust security protocols.
Challenges facing smart cities
Smart cities face unique challenges when it comes to cyber security. Networks are used by public and private entities, individuals and thousands of IoT (Internet of Things) devices each day.
The massive amount of data exchanged across these networks require a stringent security strategy. Some of the main challenges include:
Connected devices: A multitude of IoT devices that control everything from CCTV and traffic light management to organisations’ personal and financial data can be connected to a network at any one time. In theory, this sounds ideal for seamless communication and management, but in practice, they offer hackers thousands of potential entry points to launch an attack.
Automation of infrastructure operations: Automation offers numerous advantages across various functions within smart cities, reducing the need for direct human control over such operational systems. However, the proliferation of sensors can result in a greater number of connections to oversee and regulate. These connections can become vulnerable points susceptible to compromise.
Sub-standard data management processes: Data is at the heart of any smart city and is critical to everyday operations. However, many lack the correct processes to ensure this information is managed safely and securely. If a database is not policed correctly, it can be simple for hackers to target, which can lead to sensitive data being leaked, stolen or compromised.
Risks from ICT supply chain and vendors: We know the risks posed by supply chains and third parties. These were particularly evident during the recent zero-day vulnerability found in file transfer software MOVEit, which was subsequently exploited as part of a large-scale ransomware attack. Hackers continue to attack the weakest links, making smart infrastructure systems an appealing and lucrative target for them. To combat this, we need to adopt and adhere to secure-by-design and default practices to minimise these risks.
Outdated technology: Many cities have infrastructure and networks built on outdated technology, which leaves them susceptible to cyberattacks. Ensure systems are up to date with the latest software updates and security patches. Technology is central to the success of any smart city, and having resilient systems is a priority.
Inefficient security: Being linked directly to outdated technology, having inefficient security protocols in place can expose smart cities to malicious threats. This can leave individuals and organisations vulnerable to data breaches, identity theft and loss of sensitive information. Protecting existing infrastructure with robust security measures can prevent a potentially disastrous breach.
How do we ensure that the safety, security and privacy of those who live and work in smart cities are not compromised?
Build cyber resilience
Research indicates that by 2024, the number of wide-area network smart city connections is projected to surpass 1.3 billion. The level of complexity within these digital infrastructures is only increasing, which means any digital services implemented by a government or organisation are vulnerable to cyberattacks.
To realise their potential, smart cities need to find an effective balance between managing risk and enabling growth.
Building resilience to protect a smart city against these attacks is key. The starting point should be developing a cyber security strategy that maps out the broader objective of the smart city. This will help mitigate risks arising from the interconnectedness of processes and systems.
Part of any effective strategy should be to assess current data, systems and cyber defences to help give an idea of the current posture and quality of infrastructure.
Creating a formal relationship between cyber security personnel and those in governance of data is also vital. This will create an agreed approach to cyber security between all parties.
This means all stakeholders should work together to ensure that data that is being exchanged is secure across the networks. The policies put in place will mature alongside a city’s cyber strategy and add transparency to processes.
Finally, building strategic partnerships to help address the cyber security skills shortage is key to any successful security strategy. This is a good way to develop skills and increase the knowledge base, which in turn will bolster the overall security posture and resilience.
Get smart and be proactive
Smart city technologies need to adopt a proactive methodology to ensure cyber security risks are at the forefront of the planning and design of technologies.
Being “secure by design” is strongly recommended as a defence-in-depth approach. There may be some legacy infrastructure connecting to the smart infrastructure, and this may require a redesign to make secure connectivity and integration possible.
Hackers will continue to exploit vulnerabilities. An overwhelming number of cyberattacks against businesses can be avoided if supply chains and third-party security are taken seriously.
Attackers are quick to exploit vulnerabilities in well-known products. Invest in resources to help combat the everyday struggle of security patches and updates.
Operational resilience is the cornerstone of smart city technology implementation. To make sure organisations are well prepared, contingencies should be put in place for different types of incidents, which can have operational impact or cause disruption.
Autonomous functionality and isolation tools should exist to help minimise disruption.
Risk, privacy and legality all play an important role in smart cities, making sure data that is collected, stored and processed are in accordance with regulations.
Leaders, developers and business owners think that securing cyber risk within their smart city is a one-time objective. However, it is an ongoing and evolving process that can make a difference between a major breach or major growth.