Smart cities are now moving beyond concept and becoming reality, and the integration of technology into everyday infrastructure is now the norm. Local authorities now find themselves with a huge number of opportunities on their agenda, including data-driven decision-making, enhanced engagement between citizens and government and a reduced environmental footprint. Of course, as with any new technology, there are many risks to consider when creating a smart city.
Undoubtedly one of the biggest threats they face is their vulnerability to cyber attacks. This is because the use of large, connected networks gives cybercriminals more entry points than ever before and the perfect opportunity to jump from one exposed system to another. Now, as we should never let fear get in the way of innovation, it is important to be adequately prepared with strong security protocols.
What are the challenges facing smart cities in 2023?
Smart cities face unique challenges when it comes to cyber security. Networks are used by public and private entities, people and thousands of IoT devices every day. The sheer volume of data exchanged on these networks requires a rigorous security strategy. Some of the main challenges include:
Connected devices: A multitude of IoT devices controlling everything from CCTV and traffic light management to organizations' personal and financial data can be connected to a network at any time. In theory this sounds ideal for seamless communication and management, but in practice it gives hackers thousands of potential entry points to launch an attack.
Automation of infrastructure operations: Automation brings many benefits to all kinds of smart city operations, reducing the need for direct human control of these operating systems. An increase in sensors means more connections to monitor and manage. These could be seen as more targets for breaching via vulnerabilities.
Sub- standard date management Processes: Data is at the heart of every smart city and is vital to day-to-day operations. However, many do not have the right processes in place to ensure the safety and secure management of this information. If a database is not properly policed, it can be easy for hackers to target and breach it, leading to leakage or theft of sensitive data.
ICT supply chain risks and suppliers: We know the risks involved in the supply chain and third parties. This was particularly evident during the recent one zero-day vulnerability found in MOVEit file transfer software, which was then exploited as part of a large-scale ransomware attack. Threat actors continue to target the weakest links and therefore attacking smart infrastructure systems is inevitably a lucrative target for any cybercriminal. To combat this, it is essential to adopt and adhere to safe and default practices to minimize these risks.
Outdated technology: Many cities have infrastructure and networks based on outdated technology, which makes them vulnerable to cyber-attacks. Ensuring systems are up to date with the latest software updates and security patches is of the utmost importance. Technology is central to the success of any smart city, and having resilient systems in place must be a priority.
Ineffective security: Η ύπαρξη αναποτελεσματικών πρωτοκόλλων ασφαλείας εκθέτει τις έξυπνες πόλεις σε κακόβουλες απειλές. Αυτό αφήνει τους πολίτες και τους οργανισμούς ευάλωτους σε παραβιάσεις δεδομένων, κλοπή ταυτοτήτων και απώλεια ευαίσθητων πληροφοριών. Η protection των υφιστάμενων υποδομών με ισχυρά μέτρα ασφαλείας θα μπορούσε να αποτρέψει μια δυνητικά καταστροφική παραβίαση. Πώς λοιπόν διασφαλίζουμε ότι δεν τίθεται σε κίνδυνο η ασφάλεια, η προστασία και η privacy of those who live and work in smart cities?
Building Cyber Resilience (cyber resilience) in smart cities
According to research, up to 2024 there will be over 1,3 billion smart city network broadband connections. The level of sophistication of these digital infrastructures is constantly increasing, which means that every digital service implemented by a government or organization is vulnerable to cyber-attacks. To realize their potential, smart cities need to find an effective balance between managing risks and enabling growth.
Building up the city's defenses against such attacks is key, but how is this achieved? The starting point should be the development of a cyber security strategy that is linked to the broader goal of the smart city. This will help mitigate risks arising from the interconnection of its processes and systems. Part of any effective strategy should be a requirement to carry out an assessment of existing data, systems and cyber defences, as this will help give an idea of the current attitudeand the quality of the infrastructure.
Establishing a formal relationship between cyber security and data governance will also be extremely beneficial. This essentially creates an agreed approach to cyber security between all parties in a smart city, meaning that all stakeholders work together to ensure that data is secure on the networks being shared. Policies put in place will mature alongside a city's cyber strategy and add transparency to processes.
Finally, building strategic partnerships to address the cybersecurity skills gap is key to any successful security strategy. This is a good way to develop skills and increase the knowledge base, which in turn strengthens the overall security posture and resilience. For example, recently CISA, NSA, FBI, NCSC-UK, ACSC, CCCS and NCSC-NZ published a paper with instructions on best practices for smart cities. The goal is not only to protect these connected spaces from malicious threats, but also to share expertise and educate about the importance of cyber security within smart cities.
Be smart and proactive
Hackers will continue to exploit vulnerabilities. An overwhelming number of cyber-attacks against businesses could be prevented if supply chain and third-party security were taken seriously. Attackers are extremely quick to exploit vulnerabilities in known products. Invest in the resources to help you fight the daily battle of security patches and updates. You don't want to be faced with the very thing you expect to protect your business.
The foundation of smart city technology implementation is operational resilience. To ensure that organizations are well prepared, contingencies are created for various types of incidents, which could have an operational impact or disruption. Standalone functions and isolation tools should be in place to help minimize these types of disruptions.
Risk, privacy and legality play an important role in smart cities, ensuring that the data collected, stored and processed are compliant with regulations. It is critical that city leaders, developers and business owners do not see securing cyber risk within their smart city as a one-time goal. It's an ongoing, evolving process that could be the difference between a major breach or major development.
- Muhammad Yahya Patel, Lead Security Engineer in check point software Technologies