The Importance of Cyber Security & Data Protection for Smart Cities

In 2012, Austrian author Marc Elsberg released his best-selling novel Blackout: Tomorrow Will Be Too Late. It’s a disaster thriller that focuses on cyber-terrorism. A group of disenfranchised hackers manipulates a network of European power stations, destabilizing the grid, and plunging Europe into chaos.

The loss of power is a catalyst that leads to a domino effect of disasters, from food shortages and the devaluation of money to nuclear catastrophes and societal collapse. Elsberg was praised for his meticulous research and realism. Of course, Blackout takes the dangers of a cyber-attack to the extreme, but it’s all within the bounds of possibility.

Though the events that take place in Blackout are a work of fiction, as more cities embrace inter-connectivity and smart technology, the threat of serious cyber-attacks on digital infrastructure is very real. In 2015, a cyber-attack compromised Ukraine’s power grid, compromising corporate date, denying the distribution of energy, disabling IT infrastructure, and destroying countless data files.

As cities get smarter, it begs the question: if a power station can be hacked, what else can be?

The State Of CYBER SECURITY

According to research from ABI Research, there will be an estimated 1.3 billion wide-area network smart city connections by 2024. The same report provided an investment forecast for cyber security infrastructure that valued $135 billion for the same year. While it seems like an immense amount of money, it’s expected that only 44% of that figure will be used to protect the energy, public security, healthcare, water, waste, and transport industries. That’s only $59.4 billion.

While it’s only an estimate, that sum is insufficient given the importance of those sectors. In fact, the ABI Research report went as far as to declare state that the future of municipal cyber security was “woefully underfunded.”

As smart cities become more interconnected, and the level of digital infrastructure becomes more complex, these services will become more vulnerable to cyber-attacks. Even the smallest vulnerability can be exploited to great effect, and smart cities are only as strong as their weakest link.

That’s why governments need to pay more attention to cyber security and focus investment into threat prevention. Otherwise, governments will always be on the back foot, as hackers take advantage of security lapses.

A Reliance on Inter-connectivity

Smart cities are evolving fast. Currently, many cities in the world rely on a wide network of sensors, technologies, and interconnected data-gathering portals to operate smoothly. In the future, the number of connected technologies in use will skyrocket.

More city governments are warming to smart city technologies to improve the quality of life for the residents of their cities. This modern technology can provide easily-implemented solutions to a multitude of problems. For example, this next-generation infrastructure can help to improve traffic flow, streamline waste collections, boost energy efficiency, and more.

Unfortunately, these Internet of Things (IoT) technologies can easily be hacked if they’re implemented too soon, and without a proper security evaluation.

While the most talked-about threat is from hackers and other bad actors, wide networks of sensors and infrastructure areas also vulnerable to physical damage from inclement weather, natural disasters, and vandalism. For urban services that rely on digitized systems, a thunderstorm or a flash flood could be just as disruptive as a malicious hacker.

Cyber Vulnerabilities

Smart cities are vulnerable to cyber attacks in many ways. Advanced Persistent Threats (APTs) are some of the most dangerous. These threats rely on several different attacks working in unison to disrupt urban services, often using malware and “zero-day” software vulnerabilities.

Internet of Things technologies are particularly vulnerable, and while it’s possible to patch any exposed areas, hackers can do lasting damage. This damage may leave vast swaths of infrastructure, both physical and digital, in need of replacement. Here are some of the many attacks that could damage smart city infrastructure:

• Asset, data, and identity theft – Data theft is arguably the most well-known cyber crime. Hackers can infiltrate data banks and steal personally identifiable information (PII). Smart city infrastructure is particularly vulnerable to this, and hackers have been known to extract personal data from public payment infrastructure with serious consequences.
• Hijacking devices – Device hijacking is one of the more frightening aspects of cyber crime. Using security vulnerabilities, attackers can take control of a device and use it to disrupt a process. Traffic lights and road signals are particularly vulnerable.
• Man-In-The-Middle attacks – An MitM is when a hacker can interrupt communication between two devices and pose as the sender, sending false information to cause trouble. For example, a hacker may gain access to a mobility platform and report public transport delays, which could lead to more people taking a car to work, causing an influx in traffic that brings a city to a standstill.
• Distributed Denial of Service – DDoS attacks are simple. A hacker can overwhelm a system by bombarding it with requests, blocking the service for those who need it. With real-life users unable to access a service, city systems will fail to support their citizens.
• Ransomware – All of the above could be used to hold a city to ransom. Hackers, or hacktivists, use these to compromise a process or release confidential data unless certain demands are met. Paying a ransom would set a dangerous precedent.
•  Physical disruption – Old-fashioned physical force can also be used to compromise a complex connected network. As many systems rely on intricate processes and feedback from networks of sensors, physical damage to any component could cause a chain-reaction of damage.

These are just some of the many ways that bad actors can attack smart cities. When the Harvard Business Review reported that “smart cities are going to be a security nightmare,” they weren’t wrong. However, it’s not all doom and gloom. If the right steps are taken, and city leaders act cautiously, cities can keep security threats to the minimum. Here’s how.

Smart City Security Solutions

Cities can minimize cyber security risks by taking several precautions and by enlisting the right kind of help. There are two ways of doing this.

The first involves hiring a third-party security company to try and infiltrate and find flaws in a network. Essentially, third-party firms will simulate attacks and try to exploit any weaknesses. After an attack, the security company will explain any vulnerabilities, and suggest realistic protection measures. This kind of penetration testing is excellent, though it’s better to develop infrastructure that’s impregnable from day one.

The second security measure that cities can do is ensure that their connected infrastructure is safe from hackers even if they manage to gain entry. To keep smart cities protected, it’s advised that the following features should be a regular part of a city’s cyber security program:

• Encrypted data – Data should always be encrypted. Encryption is a method of scrambling data so that it’s useless and unreadable, except for those with an encryption key that can decipher it. Two-factor authentication should also be used with the encryption key too. As smart city infrastructure deals with very sensitive data, encryption should be used as standard. This way, if hackers gain access to sensitive PII data, they have no way of using it.
• Constant security monitoring – Security monitoring requires a dedicated team that can keep an eye on traffic and searches for any anomalies. This can be automated with security software that can analyze bulk data and scout for indicators of compromise. Upon detection, potential risk areas can be isolated, preventing any data breaches.
• A far-reaching support platform – Any new support platform should be able to provide security to a wide range of connected environments and devices. As smart cities are made up of disparate networks, SaaS, IaaS, and cloud environments, one over-arching security system should be deployed to ensure that all aspects of an interconnected city are protected.

These simple security measures can help protect a smart city. However, services like these aren’t free. Cost is an issue, and many cities and governments currently operate without any kind of dedicated cyber security budget.

A 2018 survey from Deloitte-NASCIO found that almost half of the states in the USA lacked a cyber security budget and that most states allocate less than 3% of their IT budgets to cyber security. In the age of inter-connectivity, cyber security needs to be a bigger priority. This is especially alarming as the USA has seen several small-scale ransomware attacks recently, such as this one in Atlanta, and this one in Texas.

The cost of adequate cyber security may seem expensive, but when compared to the damage that can be done by compromised systems, it’s a small price to pay.

Cyber Security: Best Practices

Investing in expensive security systems is one way to keep smart city services safe, but there are a few cheaper practices available to help nurture safer inter-connectivity. Here are some ideas to keep in mind:

• Learn everything about new technology before implementing it – Rather than rush to roll out a new and innovative system, take time to study it and troubleshoot any potential weaknesses.
• Start small – Before deploying a large-scale system, start with a smaller proof-of-concept and see if it can withstand a simulated cyber attack. If it doesn’t hold up, it’s not ready for city-wide implementation.
• Create a dedicated security team – Hire IT professionals with a background in security. The right team will be able to check encryption integrity, identify vulnerabilities, develop fail-safe and override tools, and run penetration tests.
• Avoid over-reliance on smart technology – It’s easy to fall into the trap of depending solely on one way of doing things.
• Always prepare for the worst – Luck favors the prepared. Always prepare for the worst-case scenario to ensure that you’re ready if your city falls victim to a cyber attack.

In summary, a smart city can only be as smart as those who are in charge of it. By protecting a city’s smart systems, you’re protecting yourself and your fellow citizens. It’s time we all took cyber security a little more seriously.

Explore more solutions to increase cyber security in smart cities in the world's largest smart city solution network and community, and connect with thousands of members and potential partners on bee smart city.