How to secure smart cities from cyber vulnerabilities
Smart cities are paraded as technological utopias where everything, from traffic management to air quality control, is automated. Although the booming internet of things (IoT) offers a wealth of applications to improve city services, its success is not guaranteed. One of the great worries about smart cities is the sensors in the devices can hacked, enabling cyber criminals to take down the backbone of a community’s infrastructure.
A hacker’s paradise
Smart cities rely on interconnected devices to power energy, transportation, communications and the government. More than half of the world’s population resides in urban areas, which is expected to swell to 66% by 2050. Accompanying the surge of urban dwellers is the need to manage social, economic and environmental challenges with smart city technologies. Consequently, most or all cities are anticipated to become smart cities.
Many cities are already becoming smart cities. Barcelona, for instance, saved $58 million annually with smart water meters. Another city in South Korea slashed building operating costs by 30% by regulating water and electricity usage with smart sensors. The sensors that power smart cities rely on reliable data in order to function properly. As more cities evolve into smart cities, urban communities will need to fortify cybersecurity protocols to combat potential hackers. According to a report by Cybersecurity Ventures, cybercrime damages are projected to cost the globe $6 trillion by 2021.
The financial repercussions of cyber attacks are already being felt. Last month, for example, India’s largest container port JNPT was disrupted by a global cyber attack, which dropped operational capacity to one-third of one of its terminals. During the Christmas holiday in 2015, approximately 80,000 Ukrainians lost power in wake of multiple cyber attacks on three local energy companies. And eight days prior to President Trump’s inauguration, hackers infected 123 of 187 police surveillance cameras in Washington D.C. As a result, the infected cameras could not record from Jan. 12 to Jan. 15.
A checklist for cybersecurity
These incidences underscore the importance of securing smart cities. According to a research paper by Trend Micro, the security of smart cities hinges on two key variables — the limitations of the technologies used and how they are executed.
In regards to the former, several devices for smart cities are made lightweight, which limits their computing power and makes encryption difficult. In regards to the latter, the way systems and devices are configured in smart cities determines whether they are vulnerable to attacks. To aid the transition to smart cities, Trend Micro researchers developed a 10-step cybersecurity checklist for implementing smart technologies including:
- Perform quality inspection and penetrating testing
- Prioritize security in service-level agreements (SLAs) for all vendors and service providers.
- Establish a municipal computer emergency response team (CERT) or computer security incident response team (CSIRT).
- Ensure the consistency and security of software updates.
- Plan around the life cycle of smart infrastructure.
- Process data with privacy in mind.
- Encrypt, authenticate and regulate public communication channels.
- Always allow manual override.
- Design a fault-tolerant system.
- Ensure the continuity of basic services.
Cyber attacks have shifted from targeting computers to targeting cars, airplanes, power grids, smart phones and hospitals. As smart cities crystalize into concrete realities, cybersecurity experts are challenged to find a golden mean between what is smart versus what is safe.