31 August 2023
‘Smart city’ is a buzzword that is no doubt overused, yet, it evokes a sense of optimism for how we’ll connect and engage with the world around us in future. And for good reason.
With our cities becoming ‘smarter’ and more connected, we’re entering an era of unprecedented potential for improving the quality of urban life. Smart city systems offer tremendous benefits, such as real-time traffic management, energy conservation, and enhanced public safety. Nevertheless, such strides towards progress also expose our cities – and by extension us, their inhabitants – to an array of possible cyber menaces.
Smart city systems rely on complex networks of interconnected devices and sensors that collect and transmit data in real-time. This creates a large attack surface that can be exploited by cybercriminals. Recent high-profile cyber-attacks, such as the ransomware attack on the City of Oakland, California, pose an important question – how can we protect smart city systems against cybercrime?
Unveiling the cybersecurity risks of smart city systems
Cast your mind back a few years, when information technologies (IT) and operational technologies (OT) operated almost entirely in isolation from each other in our cities. Take the example of public transport. Vehicles ran based on static timetables (not tracked by telemetry), and tickets were sold by exchanging cash for a paper ticket (not the contactless payment options we see today). And you could forget about the idea of free onboard WiFi!
Fast-forward to today, and everything has changed. Thanks to IT/OT convergence, most public services are now highly integrated and rely on an internet connection. Not just transport, but healthcare, traffic management, utilities and more. For this reason, smart cities are highly exposed to potential cyber-attacks, and the threat is only increasing as urban infrastructures become more digitally managed, with savvy hackers able to exploit numerous vulnerabilities and access points.
Another threat we’re seeing is the increased risk of data theft. This is because more and more personal data is now collected through our online activity, as well as traditional surveillance systems. It is essential that proper security measures are in place to prevent unwanted access.
Protecting against malicious attacks is without a doubt a core objective of cybersecurity. It's also critical to shield digital systems from any downtime, whether intentional or not. Device vulnerabilities, as well as accidental system errors can end up causing significant disruption.
How to minimise and defend against these risks
The truth is that smart city systems that lack the appropriate security measures are sitting ducks for opportunistic hackers. Fortifying smart cities against cyberattacks requires a unique, customised security plan that accounts for both short and long-term security needs, as well as budget constraints.
At a minimum, security audits and updates, disaster recovery/business continuity planning, industrial threat detection and monitoring systems should all form part of a robust network protection system. In conjunction with an industrial risk assessment & management platform, a comprehensive OT security system would not only be able to detect and intercept threats, but also identify effective measures to mitigate them, visualise exposures, and optimise OT security by prioritising hardening measures that reduce the most risk.
To prevent attacks from occurring in the first place – or at least from propagating through a system – it’s vital to set up a line of defence that includes a strong authentication process, effective anomaly detection systems and network segmentation. Moreover, smart cities should have backup plans in place, as well as strategies for patching systems without needing to take them offline. This will help ensure the continual uptime of critical systems and applications. Also, to safeguard against cyber threats, cities should allocate budget to training and awareness programs to keep personnel informed of potential and emerging risks.
Now you know: put security first
Smart city systems offer many advantages, but IT/OT convergence can leave them highly vulnerable to cybercrime. It's crucial to bolster these systems with a damage mitigation strategy that includes tailored security plans. Protecting against threats like malware, ransomware and data theft is critical. Anomaly detection systems are also recommended along with full-scale disaster recovery procedures. Ultimately, to realise the true potential of smart cities, we must put security first, before it’s too late.