How to Secure Smart Cities Future
The future of the world’s population is urban. In 2050, about two thirds of the people will live in urban areas – especially in Asia and Africa, urbanization will be rapidly promoted. In plain language, this means that an additional 2.5 billion people are expected to live in our cities in the next three decades. In addition to the procurement of the necessary living space, the provision of critical infrastructures and urban services lead to major challenges.
Technology can build a crucial bridge here and create better, safer and more efficient cities. In the areas of supply, transport, traffic, waste management, pollution, sustainable living, security, health care and governance, intelligent cities are emerging in response to the ever-growing urban agglomerations.
Smart city initiatives are real game changers. Heating from renewable sources in Yokohama, digitized waste management systems in Barcelona, intelligent parking solutions in Canberra, real-time monitoring of public transport in Groningen or a decentralized air quality network in Nijmegen – to name just a few examples.
Interconnectivity is a double-sided sword
Smart cities are based on numerous networked sensors and Internet of Things (IoT) devices. These are networked with each other via the Internet and cloud computing architectures and control internal and external systems. In addition, personal and trustworthy data is transmitted via insecure channels – the end devices are often not patched and do not support data encryption. This interconnectivity, which keeps a smart city running, also creates substantial risks in terms of cyber security. Each access point increases the vulnerability to sensitive data – and digital attacks have already started.
In 2018, for example, Atlanta was hit by a ransomware cyber attack . The attack paralyzed numerous devices for five days, hampered law enforcement and business license issuance, and even stopped operating the main US airport. Ransomware attacks also destroyed much of the Baltimore server and shut down the 911 911 in the same year, causing $ 18 million in damage.
These attacks don’t just affect cities in the United States. For example, the Dublin road system was affected by a ransomware attack, as was the Stockholm air traffic control and rail ticket system. In addition, the power supply in Johannesburg and Hyderabad disrupted after a ransomware attack. In addition to ransomware, cybercriminals use numerous other techniques, including remote attacks, signal interference, but also known measures such as malware, data manipulation and distributed denial-of-service attacks. The cybercriminals’ digital arsenals come from the deep web, and their weapons are fully automated, enabling attacks that can be carried out around the clock, seven days a week.
Easy targets or avoidable crimes?
Cities are an easy target for cyber criminals because they often lag behind in technology use, and the underlying technology – which supports cities’ critical infrastructure – is at best out of date. The technological acceleration that is transforming existing cities into smarter cities increases complexity. Smart cities are not built in one train, but evolve over time. Since technologies that are initially experimental in nature are often used, the beta versions remain in use in the long term, which also increases the likelihood of breakdowns.
Cities currently generate 70 percent of the world’s gross domestic product. Cybercriminals who find a way to break through the defense of a smart city have a good chance of being financially rich. For this reason, smart cities have to be “secure by design” and not simply to be docked after the systems have already been set up. Right from the start, the systems should be based on solid, intuitive and automated security protocols and guidelines. It is important to involve citizens at every stage, as this will make it easier for them to learn to take responsibility for compliance with data protection requirements.
Cyber risk defined by the convergence of old and new
The security risk of a smart city ecosystem is influenced by several factors. The convergence of cyber and operating systems places devices and sensors on the “edge” – these in turn can become entry points for cyber criminals. Harmless devices such as energy-saving, automatic lighting or energy meters quickly become potential entry points. As soon as they are hacked and infected with malware, they open further networked devices and cause cascading damage in the entire infrastructure.
Due to the necessary interoperability between legacy systems and new digital technologies, different technology platforms have to be adapted for collaboration. Without consistent security policies and procedures to regulate the operational framework, they expose the entire ecosystem to hidden vulnerabilities. This challenge is exacerbated by the lack of generally accepted standards for the functioning of IoT-enabled devices at the “edge”. Basically, interoperability affects security.
Another influencing factor is the integration and networking of different services and departments within a Smart City ecosystem. The services and departments often work independently in silos and the combination of services and system integration, networking and data exchange creates common weaknesses. A problem in one service area can quickly infect other areas.
Integrated frameworks and comprehensive governance models
A cyber risk framework is required to address cyber security threats posed by convergence, interoperability, and connectivity. Such frameworks must provide cities with management principles in order to integrate industry-wide cyber security standards into the design and to ensure that confidentiality, integrity and availability requirements are met. The frameworks should also include legal and regulatory requirements that assess the impact of cyber risks on all parties to the ecosystem, services, infrastructure, and processes. This framework must be developed and integrated into all planning, design, implementation and transformation designs and be in line with the broader Smart City strategy.
IoT end devices and networks are protected against attacks through device authentication, patching, data encryption and security monitoring. The establishment of secure channels and a secure chain of trust between the networked devices is of crucial importance. And physical security measures that protect IoT devices from unauthorized access and cyber attacks should not be neglected either.
Smart cities also need a comprehensive, formal governance model that defines the roles and responsibilities for each critical component in the ecosystem. The model underpins the ongoing alignment of policies, legislation and technology with a view to striking the right balance between data protection, transparency and benefits.
Finally, smart cities have to expand their network and, for example, connect with the city administration of other smart cities as well as with science, the private sector and start-ups in order to represent their interests and further advance the smart city. Even if their immense potential still exists, effective management of the associated cyber risks is crucial to achieve the promise of the smart city.