A balance between the hyperconnected and vulnerable and overly cautious, developmentally moribund poles of the smart-city spectrum must be sought to support and protect smart cities, says networking multinational F5 Networks major channel account manager Simon McCullough.
As smart cities expand, the opportunistic attack surface available to cybercriminals also expands and places the public’s data and infrastructure at an unprecedented risk.
Many devices, systems and technologies powering today’s smart city dream are being developed without appropriate security architectures or threat mitigation solutions, he warns.
“This short-sightedness can cause a raft of vulnerabilities leading to serious issues threatening livelihoods and, in some cases, life itself. A hacker commandeering a smart parking meter may be a nuisance, but a cybercriminal infiltrating a power plant could cause massive repercussions.”
However, there are many economic benefits associated with this technological shift. According to a recent White Paper by ABI Research, worldwide smart city technologies could unlock more than $20-trillion in additional economic benefits in the next decade, he highlights.
“A future of symbiotic, connected communities, services and processes is undeniably an admirable vision. However, with all the pressures to move at pace, there are growing concerns that cybersecurity risks are inadequately anticipated or managed.”
European Parliament research in 2017 claims that the region has 240 cities with more than 100 000 people each that have some smart city features in place, such as technology to improve energy use, transport systems or other infrastructure.
By the end of 2019, the Smart Cities and Communities European Innovation Partnership predicts there will be 300 smart cities in play.
One of smart cities’ most compelling promises is the capacity to address the traditional city problem of a paucity of data-driven processes by producing insights from countless sensors, interactions and behaviours, says McCullough.
“Existing infrastructure is incapable of pre-empting and adapting to changes – much less supporting optimal, equitable living environments in the long term,” he says.
However, vulnerabilities that expose city infrastructure are also present in commonly used devices. IBM’s X-Force Red Team researchers, who also participated in the cybersecurity Black Hat Conference, focused on four common devices and indentified 17 vulnerabilities, of which nine were deemed critical.
One European country was using a vulnerable device to detect radiation. In the US, it was a system monitoring traffic control. The vulnerabilities in question on both occasions were not complex – the vendors simply failed to implement basic security measures.
However, IBM’s researchers simulated an attack on devices that monitor water levels in dams. In less than a minute, they were able to flood surrounding areas. The simulated hack was on a commonly used piece of smart city technology that was easy to hijack, causing widespread mayhem.
The United Nations predicts that two-thirds of the world’s population will reside in densely packed megacities by 2030. This means a mass of technology coming online fast, especially with the advent of fifth-generation technology, and this could potentially fuel boundless Internet of Things fantasies and realities.
Businesses, developers, service providers and planners need to urgently ramp up collaboration with industry regulators and ecosystem partners to ensure appropriate roll-outs of secure, seamless networks and devices.
“The technology industry at large should also ensure the principle of ‘secure by design’ is embraced throughout the entire infrastructure development ecosystem. End-to-end security has to improve, and must include tighter authentication of users, as well as enforced policies for all communication paths.
Simultaneously, service providers must enhance their privacy-focused data encryption capabilities with the latest advanced software.
“We need governments, city planners and business leaders to start heeding the warnings signs of growing cybercrime and include cybersecurity experts at all stages of smart city development – from design and construction to infrastructure management and beyond,” concludes McCullough.