In 2018, cybersecurity researchers at the Ben-Gurion University of the Negev in Israel prevented an attack on commercial smart irrigation systems. The security researchers discovered vulnerabilities that could allow attackers to turn watering systems off and on. This is just one example of how smart city technologies can turn into an easy target for cyber attacks.
According to IDC's worldwide semiannual smart cities spending guide, investments in smart city innitiatives will reach $135 billion by 2021. A large portion of these funds is allocated for addressing security challenges. In this article, we’ll cover the main cybersecurity challenges smart cities face, and how to tackle them.
Why Information Security Is a Problem For Smart Cities
The inherent interconnectivity and transparency of smart cities make them highly vulnerable to security attacks. The city uses systems to collect data from users and sensors. A dedicated platform analyzes and processes this data. The city then uses this data to improve the services for its residents. At every step, at any connected point, there’s an opportunity for attackers.
The technology infrastructure of a smart ecosystem consists of three layers:
- Edge—The front end of the smart city. Consists of connected devices such as sensors, actuators, smartphones, smart lights, and smart trash collection. This layer gathers the data from IoT devices, then sends it through the communication layer to the core.
- Communication—connects the core and the edge by a network system, such as WiFi, Bluetooth, or LAN. The components of the ecosystem connect through this layer.
- Core—a cloud or IoT data platform that processes data and generates outputs that make sense of the data streaming from the edge.
Most smart cities add IoT solutions into their existing infrastructure. For example, water companies might deploy smart water meters while keeping the existing pipes. These meters usually have minimal security protocols, which makes them highly vulnerable to attacks.
Smart cities can’t function without IoT devices, which rely on information security. Unfortunately, IoTs are notoriously vulnerable. Today’s threat actors can launch sophisticated attacks, such as advanced persistent threats (APTs), to breach smart cities and cause critical damage.
Top Security Challenges in Smart Cities
Integration of the digital and the physical environment
Smart city technologies permeate all aspects of city life, blurring the lines between physical and digital. Residents, choice locales, and devices are connected via information technology (IT) systems and operational technology (OT) systems. These systems monitor events, devices and processes, and then compute the data to adjust city operations. This level of interconnectedness presents a heightened level of risk.
Every endpoint presents a potential gate for attackers. The more connected endpoints your network collects, the more vulnerabilities attackers can exploit. Such attacks can disrupt operations and compromise a city’s critical systems.
Convergence of legacy and new technologies
Cities taking the smart city route often need to integrate new technologies with legacy systems. This kind of integration creates significant challenges. Most legacy systems don’t allow for live updates or data encryption.
Merging disparate technology platforms can create “holes” in the security perimeter. That’s how actors attack wastewater treatment plants in Australia. The attackers discovered a vulnerability and used it to disrupt the Supervisory Control and Data Acquisition system (SCADA).
Learn more about smart city initiatives in our guide: Smart City Challenges: What Stands in the Way of Smart Cities?
Security Risks That Threaten Smart Cities
Smart city networks are especially vulnerable to advanced persistent threats (APTs), which are complex attacks involving a combination of techniques. For example, an APT campaign can combine involve zero-day exploits and malware with multiple access points.
Attacks on IoT devices sometimes cause damage to the point of non-recovery. For example, an attack on street lights can be used to mask a criminal operation, leaving the area unserviceable. The city then needs to replace or reinstall the hardware.
Some common attacks smart cities face are:
Data and identity theft—involves stealing personally identifiable information (PII) from unprotected smart city infrastructure. For example, an attacker can extract personal information from EV charging stations and use it for fraudulent transactions.
Device hijacking—the attacker assumes control of a device. In a smart city, an attacker can hijack smart meters to siphon energy from a municipality.
Man-in-the-middle (MitM)—when an attacker interrupts or redirects communications between two systems. For example, attacking a smart wastewater system valve to disrupt operations.
Distributed Denial of Service (DDoS)—floods the target with superfluous requests, disrupting services. As a result, users cannot gain access. An attacker can breach into the net of interconnected devices and overwhelm a city system.
Credential theft -an attacker can get credentials to critical systems, and use them to conduct a ransomware attack.
Making a Smart City Secure
There are a number of measures cities can take to minimize cybersecurity risks. A common method to test for vulnerabilities is penetration testing. This involves hiring a third-party security firm to simulate a break-in attack. The process involves assessing the situation, and then presenting findings and recommended attack prevention measures.
Another security measure involves protecting connected devices. Implementing an IoT security solution (endpoint solution) can prevent attackers from using them to disrupt operations. A smart city should implement a comprehensive security solution which includes the following features:
- Data encryption—data should be encrypted both at rest and in transit. Encryption scrambles the data until it’s unrecognizable. To decode it, you need to use an encryption password or key. This is critical because city-systems usually handle sensitive data such as PII. Encrypting prevents attackers from misusing the data in case of a breach. Any systems that enable access must use two-factor authentication to prevent unauthorized access.
- Security monitoring and analysis—a security platform that captures data across the system it protects, including endpoint devices and connectivity traffic. The platform analyzes the data, searching for potential indicators of compromise (IOC), which signal potential threats. If detected, the platform then can implement security measures such as isolating affected devices.
- Multi-environment support—a security platform should be deployable across the many disparate systems that compose the smart city environment. It should support on-premises, IaaS, SaaS, and hybrid cloud environments, to ensure that no device or server remains unconnected.
Learn more about smart city initiatives in our guide: Smart City New York: Cooperation to Innovation
Smart cities are investing in more projects every year. As the number of smart city projects increases, so does the number of security risks they face. You can secure smart cities by implementing a comprehensive security solution.
Here are some implementation best practices to help you get started:
- Integrating city and cybersecurity strategy—cities should align their cybersecurity strategy with the overall smart city strategy. This includes assessing their data and systems to identify and mitigate risks. A cybersecurity strategy should be a part of the broader city plan. For example, Singapore launched a cybersecurity bill as part of its smart nation strategy.
- Capture tech talent—attracting innovators can provide fresh solutions for security challenges. Cities can use alternative efforts such as city challenges or prizes. An example of that is the London City Challenge.
- Engage stakeholders and city governance—to create a culture of cybersecurity across the city. The city can implement an ecosystem involving private and public sector organizations. For example, the city of Hague implemented the Hague Security Delta, with more than 200 organizations working together for the city’s security.
You can use these best practices to secure smart cities from potential threats, and add more as your project changes and adapts. Treat your smart city as you would a bank- with care and as many security measures as possible. The consequences of not making cybersecurity a central point of a smart city strategy can be too dire to overlook.
Learn More About Smart City Initiatives
There’s a lot more to learn about smart city initiatives. To continue your research, take a look at the rest of our blogs on this topic:
Los Angeles Smart City: Data And Sustainability
Los Angeles is facing challenges to urban functionality, such as congestion, climate change, pollution, and the threat of natural disasters like earthquakes. To deal with these challenges, the city has adopted smart city solutions and is a testing ground for urban technology. The city is teaming up with universities and tech companies to improve services and help clean up the environment by facilitating recycling and waste disposal.
Barcelona Smart City: By The People, For The People
Barcelona was one of the first European cities to implement data-driven, smart city technologies to improve its services. The city invested heavily in infrastructure, including smart transport solutions, environment, and sustainable energy, and sensor networks.
Amsterdam’s Smart City: Ambitious Goals, Collaborative Innovation
Amsterdam’s smart city promotes partnerships between authorities, businesses, research bodies, and citizens, who jointly initiate and lead smart city projects—this model has come to be known as Smart City 3.0. Amsterdam manages over 70 smart city projects with more than 100 partners.
Columbus Smart City: Technology In Support Of Social Opportunity
Columbus, Ohio has a vision for a healthy, prosperous, beautiful city for everyone. The foundational plans of Columbus smart city address, data, investments, and innovative solutions that address the needs of its citizens. Columbus’s smart city projects include connected vehicle environment, multimodal trip planning system, smart mobility hubs, prenatal trip assistance, parking management, and connected electric autonomous vehicles.
Chicago Smart City: Shaping The Future With Data
Chicago is implementing a data-focused strategy to create smarter infrastructure and resources for both government and citizens. Chicago is using initiatives like World Business Chicago, Array of Things, and smart mobility, which will make Chicago smarter and greener and will provide a better quality of life for its citizens.
London Smart City: Tackling Challenges With 20 Initiatives
The growing population of London, estimated to reach 10 million by 2030, is putting pressure on transport, energy, healthcare, and pollution management. To address this issue, the mayor of London is turning to smart city solutions and is developing projects in collaboration with startups, academics, and residents.
Singapore Smart City: A Holistic Transformation
The Singapore Smart City initiative also known as “Smart Nation” is a nationwide approach that encourages the use of digital technology to drive sustainability and liveability. The government promotes innovation in the private and public sectors, including legislation and assistance for co-creation and research to drive growth across the board, including the public sector, so to ensure that all levels of society can use and benefit from these technologies and innovations.
Smart City New York: Cooperation To Innovation
New York City is using smart city solutions to help solve issues like water quality and conservation, waste management, and public safety. The city strives to be an equitable city, where all residents have access to facilities, like free wi-fi coverage, clean water, and the waste management system. The city government has developed smart city projects, in collaboration with residents and companies, to achieve this aim.
Dubai Smart City: Paving The Way With Innovation And Technology
The city of Dubai launched the Dubai Smart City project in 2013 to transform Dubai into a leading hub of innovation and sustainability. Dubai Smart City covers a range of initiatives to integrate advanced communication and internet of things (IoT) technologies into the physical infrastructure and services of the city.
Smart City Challenges: What Stands in the Way of Smart Cities?
Smart city projects are enormously complex, and suffer from numerous challenges, at the implementation level, at the governance and administration level, and at the level of cooperation between citizens, private organizations, and city governments. This article explains why smart cities are so compelling, what challenges stand in the way, and the key element that will define smart city success or failure.