This article was written by a guest contributor. For guest contribution guidelines, please visit this page. Ben Hartwig is a Web Operations Executive at InfoTracer and takes a wide view of the whole system. He creates guides on the entire security posture, both physical and cyber.
As technology becomes more advanced and the world population steadily rises, humans need to start looking at more innovative ways to deal with increasing challenges.
Smart, novel and cost-effective solutions are required to deal with the rising wave of urbanization. One day, most cities will surely be “smart cities.” But this doesn’t come without its share of problems and risks. Cybersecurity is important at an individual level and a company level, but when we’re talking about whole cities, governments and public services, there is even more risk to consider.
Smart City: Meaning and Benefits
There are six main sectors that form a Smart City:
- Building infrastructure
Each sector works to improve the quality and benefits of a Smart City. This includes the following:
Structured Urban Services
These improve transport conditions, access to information, and reduction of CO2 emissions.
Smart Building Services
Results in reduced living expenses, real-time feedback on tenants’ water and electricity usage, buildings making use of renewable energy and automation of building functions such as lighting, security, heating, and cooling.
These supply high-quality information to citizens and allows them to access and store data via cloud computing.
However, these benefits are not without risks, namely cyberattacks which result in identity theft and/or leaking of banking details. Failure to control the risk will cause a much larger impairment to the well-being and safety of citizens rather than enhance the overall quality of life for all. It can also mean that citizens have legal recourse against whichever agency lost the data.
What are the Factors that Determine Risk in Smart Cities?
When one looks at risk, there is a culmination of three things that influences it: vulnerability, threat and consequence. Furthermore, there is a direct correlation between risk and these factors. This means that when one of the factors increases, so will risk.
Cybersecurity is a model example of risk as there are multiple possibilities for vulnerability, threat, and consequence. With the rise in connectivity, privacy risk and cybersecurity are major considerations that should be considered in all contexts.
There are huge risks involved for human safety and privacy in the Smart City environment. As a very recent example, in January 2021, a cyberattack resulted in the deadly level of the chemical concentration of a town’s local water supply. This might have proven detrimental to the locals’ health if it was not detected in time.
Risks and Vulnerabilities within a Smart City Environment
- Lack of authorized and unauthorized device control. With so many devices connecting to networks and being given access to data, it is possible for one device with access to a server to cause a big data leak.
- Improper encryption or lack of encrypted information. At a city level, the correct encryption is a big undertaking.
- Inadequate security assessment and software testing and education. A lot of the vulnerabilities come from people being ignorant of potential threats.
- Prevalent usage of default administrator passwords. People need to be encouraged to change their passwords regularly and use secure passwords.
- Inefficient supply chain risk management.
- Lack of critical control points in the data collection system.
- Possibility of a distributed denial of service (DDoS) attack – this is when a server is maliciously targeted with overwhelming internet traffic to disrupt normal service.
- State-sponsored actors – these are hackers who are contracted by governments or organizations. In recent years, there have been accusations of this sort of hacking going on at a government level.
- Insiders/employees either with malicious intent or negligent errors. Every employee you trust with data and cybersecurity is another potential threat.
- External service providers (supply chain management risk, you might have to provide another company or individual with access, which can lead to security breaches).
- Hacktivists. This is civil disobedience, usually for the purposes of filling a political agenda or making a point against the government.
- Organized crime and terrorist groups. Hackers might even target data or cause breaches in “ransomware” attacks, where they demand money not to leak the data they have found.
- Random individual hackers or groups of hackers.
- Natural or manmade disasters
- Leakage of citizens’ personal information.
- Disturbance of government services, financial services, and more.
- Breakdown of trust in government services.
- Danger to public health. Say if something went wrong with a water system or traffic management, there could be a real danger for people living in the city.
- Financial ramifications (it is possible that there could be lawsuits and penalties incurred as a result of lost data)
Types and Prevention of Cybersecurity Risks
Now that we have covered what risk is and the factors that influence it within a Smart City, let’s take a look at a few of the most common types of cybersecurity risks and how to prevent them.
Since the age of data began, malware has been the most prevalent issue where unwanted software installs itself into a target system and denies user access, deletes files and steals information.
Prevention – Keep anti-virus programs up to date. Be wary of any suspicious links and websites and educate employees about what malware might look like. Install adequate spam filters on email accounts.
- Hijacking devices
Hacking is a well-known issue for any digital device user. Hackers either guess profile passwords or use ‘brute force’ programming to decipher the password. This gives hackers total control over devices and/or applications.
Prevention – the best way to tackle this issue is to make the login process as complicated as possible. This means using a complex password with special characters and two-factor identification, which requires a login from two separate devices. Educating everyone within the organization to have this kind of outlook and protect their devices is essential. Just one weak link can cause huge issues.
- Man-in-the-Middle (MitM) attacks
This type of attack occurs when a third party intercepts a session between host and client. For instance, when a client logs onto their internet banking, a MitM attack will allow the hacker to obtain the client’s banking details.
Prevention – Make use of encryption and HTML5 to ward off MitM attacks.
- Phishing attacks
This is an older method used to acquire sensitive information from end-users. A message or email is received which asks for banking details or other private data.
Prevention – Use reverse lookup tools to detect the Domain Name System (DNS) of the attacker.
Cybersecurity risks truly vary among different “smart city” technologies. There’s also a need to strike a balance between risks vs. benefits, even at a local policy-making level. The best way to defend against the risks is to understand them. Like a growing company, growing smart cities get so much out of using technology to their advantage, but another parallel exists; the more growth there is, the more likely cybersecurity will be breached if precautions aren’t taken. Every new server, new digital service launched, or employee that is given access to data is a potential risk.
We all need an efficient risk management system to deal with any threats that should arise. In addition, anyone involved with the running of a smart city should be able to educate employees and practice good online habits to ensure that they aren’t leaving back doors or opportunities for hackers. Reverse lookup tools, encryptions, complex passwords, and updating anti-virus programs are critical elements that can help achieve this.
You might also be interested in: The 17 Best Battery Packs When You Need A Charge