Smart Cities – Cybersecurity Challenges
Published on : Tuesday 17-03-2020
There are many attendant risks lurking beneath the technologies that enable a smart city says Shekhar Ashok Pawar.
Smart city is a big upcoming dream which will soon come true for many countries, even including India. A smart city uses different types of electronic Internet of Things (IoT) sensors to collect data and then use insights gained from that data to manage assets, resources and services
efficiently. That data source might be citizens, devices, and assets. It will be processed and analysed to monitor and manage traffic and transportation systems, power plants, utilities, water supply networks, waste management, crime detection, information systems, schools, libraries,
hospitals, and other community services. Moving deeper into this concept actually integrates information and communication technology (ICT), and various physical devices connected to the IoT network to optimise the efficiency of city operations and services and connect to citizens. How useful it will be for our lives!
Wait, there is lot to be considered before moving ahead with smart cities. It has may cause risks in few areas if not mitigated. For example, connected cameras, intelligent road systems and public safety monitoring systems can provide an added layer of protection and emergency support to aide citizens when needed. It looks very good for all, but with rising threat of cyber- attacks across the globe, we need to question and ponder upon the points mentioned below.
- Last month, security experts from Check Point discovered a high-severity flaw (CVE-2020- 6007) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted Wi-Fi network. These kinds of cyber threats are going to increase in smart cities. How to protect smart cities themselves from the vulnerabilities which are linked to cybersecurity risks?
- Do our smart cities have defensive mechanism planned, up-to date and running against cyber-attacks and data theft – in simple words from being hacked?
- There will be many participants or parties who are involved in smart city ecosystem who are actually receiving or passing information through their channels – how to build policies, compliance and trust for increased privacy or confidentiality? Also, it is important to knew that information passing in the form of data is true, accurate and safe to process.
Top 3 cybersecurity risk areas for smart cities
1. Wider attack surface: As smart cities have connected websites, mobile apps, IoT, even connected homes, connected cars and services like connected logistics as well, it gives a very
Smart Cities – Cybersecurity Challenges
wide attack surface for hackers. Hackers need to break any of weak link to enter into system, it is very difficult or even tricky to not expose large surface area for them. For example, say if financial data is being transferred through connected network – it is risk if any vulnerability in causing leakage of that data or even altering of that data by hacker or malware designed to do so. Also, check the impact of latest news of coronavirus spreading at many places. As the coronavirus generates top headlines around the international news channels, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud. Such things are also making wider attack surface in smart cities as it is easy for attacker to spread such messages with hidden intensions of hacking.
2. Lack of awareness & skills: In smart cities every participant starting from person having simple smart phone with helpful mobile apps needs to be aware of latest patches, updates and cybersecurity awareness. It is sometimes challenging to make everyone in sync with defensive mechanism against cyber-attacks. Even internal attacker threat is more when we talk about city which includes more participants in entire ecosystem.
3. Cybersecurity consideration if not factored from beginning, is biggest risk: In smart cities conducting cybersecurity audit once at start of deployment and running services for lifetime is not an ideal secured solution. Cybersecurity should be incorporated right from the design,
planning and development stages. There should be periodic or automated cybersecurity assessment along with fixation of open issues on time. Also, there should be proper cyber laws and mandatory compliance should be in place this.
Summarising 4 must-do core cybersecurity objectives for smart cities
Smart cities are having quite many ecosystem partners which includes governments, software or IT vendors, enterprises, device manufacturers, various external service providers and energy providers. There should be strict guidelines and adherences for below four core cybersecurity objectives (CIAA) which are relevant to even smart cities:
Confidentiality: In cybersecurity terms, confidentiality is the property that information is no made available or disclosed to unauthorised individuals, entities, or processes. In case of smart cities lot of data which is collected, stored and analysed will include sensitive details about people or consumers in that smart city. Steps should be planned and must be active in place to prevent unauthorised disclosure of sensitive information.
Integrity: Integrity is the property of safeguarding the accuracy and completeness of assets. Smart cities depend on reliable and accurate data. Measures must be taken to ensure that data is accurate and free from manipulation.
Availability: In simple words availability is the property referring to being accessible and usable upon demand by an authorised entity. Without actionable, real-time, and reliable access to data, the smart city can’t be smart city for sure. How information is collected, analysed and shared is crucial process.
Smart Cities – Cybersecurity Challenges
Accountability: Users of a system must be accountable rather than just being responsible for their actions during interactions with various connected entities. Their interactions with sensitive systems should be logged, and monitored on real time.
As a summary, instead of “Smart City”, “a Cyber-Secured Smart City” should be dream and reality in future.
Shekhar Ashok Pawar is CEO of GrassDew IT Solutions Pvt Ltd which is primarily focused on Cybersecurity, IT Consulting & Software Solutions Development Services. With more than 15 years of international experience, he is CISA, CEH, CHFI, MCP, Blockchain Developer, Dip Cyber Laws, CMMi Level 5 ATM & ISO 27001 LA. He did Executive Management (SJMSOM, IIT-Bombay), after Engineering in Electronics & Telecommunications, Mumbai. He is lead contributor to GrassDewPanther @ LinkedIn which is focused on sharing global cyber threats and related news.