The concept of a "smart city" can hardly be considered the city of the future anymore. Instead, it's the new normal.
With rapid advances in the Internet of Things (IoT), local governments are investing in and implementing the means to improve efficiencies and convenience for its citizens. But all of this spending on smart cities comes with its fair share of challenges. As cities become more advanced, so do the cyber attacks that threaten them.
Everything in a city—from street lights, traffic signals and cameras, electric and gas meters and sewers can all feed into the digital infrastructure, so it’s important to understand that these endpoints require network-related security services in the middle.
What does a smart city look like?
- Smart grids, or the use of technology to improve the communication, automation and connectivity of an electric power network.
- Autonomous vehicles and self-driving transport.
- 5G and IoT-enabled technologies to bring innovations to the management of waste, energy, water and intelligent transport systems.
- Traffic Data Services, using wireless data to help traffic planners improve how people move through the city.
- Using smart lighting in streets to make cities feel safer and make lights more efficient.
- Using AI and AR to make a city more people-focused, bringing immersive technologies to improve residents' self-reliance, self-service and decision-making.
What are the cyber security challenges faced in a smart city?
The more connected we get, the more risk we take on by increasing the attack surface. A smart city must remain vigilant against the threat actors that are increasingly targeting municipalities, using a vector that is getting bigger and less visible.
Three key factors influence cyber risk in cities: the blurring lines between the physical and digital worlds; the interoperability between old and new platforms; and the integration of services leading to weak points in the network. Smart cities and cyber security must be considered hand-in-hand.
The smart city is at risk of threats on multiple vectors, and there are plenty of real-world examples to learn from.
DDoS Attacks
We've seen a rise in the number of hackers actively searching the internet to hijack smart systems. Hackers use these smart devices to download and install malware, and then launch DDoS attacks on other targets. These devices, though, can also provide an entry point to internal systems. The US Department of Energy reported in April 2019 that grid operators in Los Angeles County, California, and Salt Lake County, Utah, suffered a DDoS attack that disrupted operations but did not cause any outages.
Ransomware
The 2020 Verizon Data Breach Investigations Report found that ransomware is a large problem for the public administration sector, with persistent misdelivery and misconfiguration errors—75% of actor motives were financial, with 19% for espionage and 3% for "fun." The report details a few city attacks in 2019, including the City of Baltimore being paralyzed by the RobbinHood ransomware in May. In addition, 22 Texas towns were infected with Trickbot, followed by Sodinokibi ransomware in August, after attackers breached their managed service provider and used its remote management tool to distribute the malware.
Lack of cryptographic measures
The weakest point in any system is often human error—phishing is still one of the top threat action varieties, according to the 2020 Verizon Data Breach Investigations Report. Smart cities should not just focus on the big issues; they need to also pay close attention to identity governance and encrypting data and access.
How can we protect the city of the future?
In an increasingly connected landscape, a smart city is only as secure as its weakest link. Infrastructure needs to be future-proofed, but it needs to be done so in a "smart" way.
First and foremost, smart cities must invest in cyber security. ABI Research found the energy, health care, public security, transport, and water and waste sectors are "woefully underfunded and incredibly vulnerable to cyberattacks."
More than that, though, is the necessary education to shift culture and behavior for both workers and residents. Municipal governments should implement a security awareness and training program, install perimeter defenses and ensure secure configurations. Additionally, city planners should consult with experts in smart cities and cyber security who can help to ensure the right measures are taken, the right training is in place and the right recovery plans are ready for action. Because it's not a matter of if the city is attacked—but when.
Learn more about cyber security in the 2020 Verizon Data Breach Investigations Report.
The author of this content is a paid contributor for Verizon.