Smart Cities in need of cybersecurity

Technologies are expected to help citizens make better informed decisions. But, the adoption of new technologies which are connected to the network, always comes with inherent risks. Moreover, with the increasing risk of cybercrime and data theft, smart cities should be prepared to deal with any potential threat.

Safety and security are two of the main concerns in any city, and with the incorporation of digital technologies, the concern becomes greater. Therefore the Cybersecurity is a key enabling technology for our cities.

Cities need to integrate solutions that provide strong authentication and ID management solutions to ensure a safe and secure urban environment. In fact, the inclusion of smart technologies has the potential to reduce fatalities and improve emergency response times.

Smart City Vulnerabilities

Because a threat could be introduced into a smart city's infrastructure at any compromised location, the risk can escalate rapidly as one system can compromise the next. When a seemingly harmless connected device is hacked and injected with malware, that attack could affect other devices, causing cascading damage throughout the whole infrastructure.

For example, a breach of street lighting systems could lead to control of lights, which could lead to servers, which in turn would generate data on individual customer behavior and ultimately end up with access to financial and other personal information about citizens, possibly even their health records.

It's not unlike a recent major distributed denial of service (DDOS) attack, in which everyday IoT devices such as baby monitors were hacked and turned into a botnet to take over some of the world's largest websites. Cities could be equally susceptible as they rapidly deploy connected devices in municipal domains.

In addition, customer-centric information aimed at citizen convenience may also be quite vulnerable. Unfortunately, the development of cybersecurity credentials, security and prevention systems for smart cities has not kept pace with the growing adoption of digital capabilities. Some European cities, anticipating the potential downside of digital transformation without controls, have already implemented safeguards. With the European Union's General Data Protection Regulation, residents in European cities can opt in rather than having to actively opt in to multiple systems.

Meanwhile, many cities have employed certified biometric systems, cryptography and digital privacy policies, establishing a culture of cybersecurity. Recognizing the need to start and then budgeting for cybersecurity as part of an overall smart city initiative can help avoid additional expenses once the system is already in place. As with IoT in consumer products, connected systems throughout the city also need security protocols.

There are an unknown number of potential vulnerabilities and methodologies, some of the most common attacks include:

• Man-in-the-middle
• Data leak and identify theft
• Devices hijacked
• Distributed denial of service

Security Measures

In order to avoid these problems and to avoid new vulnerabilities, there are some best practices that should be taken into account until there are some concrete standards and ways of acting are established[1]:

• Creation of IoT and data usage policies
• Protecting individual identities by eliminating weak points and synchronizing access credentials
• Secure information at the source encrypting data form the start
• Standardize on a need-to-know basis controlling access and adding limitations
• Implement appropriate deterrents such as fines, penalties and even prison sentences
• Mutual and secure authentication systems
• Security monitoring and analysis
• Security Lifecycle Management

​
An interconnected smart city sounds great and is a trendy: drivers avoid traffic jams; citizens' needs are predicted in advance by city services; utilities provide real-time information, allowing residents to adjust usage, etc. However, a cyber-secure interconnected utopia includes the right controls with proper implementation to ensure that connected infrastructure is accessible only to the right people at the right time for the right reasons.


Author
Jon Mitxelena
@GAIA


Resources: [1] https://ciberseguridad.com/guias/smart-cities/