Written By: Muhammad Yahya Patel, Lead Security Engineer at Check Point Software Technologies
Smart cities are becoming a reality rather than a concept and integrating technology into everyday infrastructure has become the norm. They present local authorities with a vast number of opportunities, including data-driven decision-making, enhanced engagement between citizens and government, and a reduced environmental footprint. Though, as with any new technologies, there are many risks to consider when becoming a smart city.
Arguably one of the biggest threats is their vulnerability to cyberattacks. This is because using large, connected networks gives cybercriminals more entry points than ever before and the perfect opportunity to jump from one exposed system to the next. Now, while we should never let fear get in the way of innovation, it is essential that we adequately prepare ourselves with robust security protocols.
What are the challenges facing smart cities in 2023?
Smart cities face unique challenges when it comes to cybersecurity. Networks are used by public and private entities, people and thousands of IoT devices each day. The massive amount of data exchanged across these networks requires a stringent security strategy. Some of the main challenges include:
Connected Devices
A multitude of IoT devices that control everything from CCTV and traffic light management to organisations personal and financial data could be connected to a network at any one time. In theory this sounds ideal for seamless communication and management, but in practice it offers hackers thousands of potential entry points to launch an attack.
Automation of Infrastructure Operations
Automation brings many benefits for all kinds of operations for smart cities, reducing the need for direct human control over such operational systems. The increase of sensors means more connections to monitor and manage. These could be seen as more targets to compromise through vulnerabilities.
Substandard Data Management Processes
Data is at the heart of any smart city and is critical to everyday operations. However, many lack the correct processes to ensure this information is managed safely and securely. If a database is not policed correctly, it can be simple for hackers to target and compromise, which leads to sensitive data being leaked or stolen.
Risks from the ICT Supply Chain and Vendors
We know the risks posed by the supply chain and third parties. This was particularly evident during the recent zero-day vulnerability found in file transfer software MOVEit, which was subsequently exploited as part of a large-scale ransomware attack. Threat actors continue to target the weakest links and therefore attacking smart infrastructure systems are bound to be a lucrative target for any cybercriminal. To combat this, it is key that we adopt and adhere to secure-by-design and default practices to minimise these risks.
“Smart cities face unique challenges when it comes to cybersecurity. Networks are used by public and private entities, people and thousands of IoT devices each day.”
Outdated Technology
Many cities have infrastructure and networks built on outdated technology which leaves them susceptible to cyberattacks. Ensuring systems are up to date with the latest software updates and security patches is paramount. Technology is central to the success of any smart city and having resilient systems should be a priority.
Inefficient Security
Linked directly to outdated technology, having inefficient security protocols in place exposes smart cities to malicious threats. This leaves citizens and organisations vulnerable to data breaches, identify theft and loss of sensitive information. Protecting existing infrastructure with robust security measures could prevent a potentially disastrous breach. So, how do we ensure that the safety, security and privacy of those who live and work in smart cities is not compromised?
Building Cyber Resilience within Smart Cities
Research suggests that by 2024 there will be over 1.3 billion wide-area network smart city connections. The level of complexity within these digital infrastructures is only increasing which means any digital services implemented by a government or organisation are vulnerable to cyberattacks. To realise their potential, smart cities need to find an effective balance between managing risk and enabling growth.
Building resilience to protect your city against these attacks is key, but how is this achieved? The starting point should be developing a cybersecurity strategy that maps on to the broader objective of your smart city. This will help mitigate risks arising from the interconnectedness of city processes and systems. Part of any effective strategy should be the requirement to carry out an assessment of current data, systems and cyber defences as this will help to give an idea of current posture and quality of infrastructure.
Creating a formal relationship between cybersecurity and the governance of data will also be extremely beneficial. This essentially creates an agreed approach to cybersecurity between all parties within a smart city, meaning all stakeholders work together to ensure data is secure across the networks it is being exchanged. The policies put in place will mature alongside a city’s cyber strategy and add transparency to processes.
Finally, building strategic partnerships to help address the cybersecurity skills shortage is key. This is a good way to develop skills and increase your knowledge base which in turn bolsters overall security posture and resilience. For example, recently the CISA, NSA, FBI, NCSC-UK, ACSC, CCCS and NCSC-NZ released a document with guidance on best practices for smart cities. The aim is not only to protect these connected spaces from malicious threats but also to share expertise and educate us on the importance of cybersecurity within smart cities.
Get Smart and Be Proactive
It goes without saying, smart city technologies need to adopt a proactive methodology to ensure cyber security risks are the forefront of planning and design of technologies. Being ‘secure by design’ is strongly recommended in conjunction with a defense in depth approach. There may be some legacy infrastructure connecting to the smart infrastructure, and this may require a redesign to make sure secure connectivity and integration is possible.
Hackers will continue to exploit vulnerabilities. An overwhelming number of cyberattacks against businesses could be avoided if supply chain and third-party security is taken seriously. Attackers are exceptionally quick to start exploiting vulnerabilities in well-known products. Invest in the resources to help combat the everyday struggle of security patches and updates. You don’t want to get caught out by the very thing you expect to protect your business.
“Creating a formal relationship between cybersecurity and the governance of data will also be extremely beneficial. This essentially creates an agreed approach to cybersecurity between all parties within a smart city, meaning all stakeholders work together to ensure data is secure across the networks it is being exchanged.”
Underpinning the implementation of smart city technology is operational resilience. To make sure organisations are well prepared, contingencies are put in place for different types of incidents, which could have operational impact or disruption. Autonomous functionality and isolation tools should exist to help minimise these types of disruption.
Risk, privacy and legality all play an important role in smart cities, making sure data being collected, stored and processed is in accordance with regulations. It’s critical that city leaders, developers and business owners don’t see securing cyber risk within their smart city as a one-time objective. It’s an ongoing, evolving process that could be the difference between a major breach or major growth.
(0)
(0)Archive
- October 2024(44)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)
