We know that Cities need to increase the efficiency in which they operate and use their resources. Major efficiency improvements can be achieved by horizontally interconnecting individual systems such as electricity, water, sanitation and waste management, transportation, security, environmental monitoring, or weather intelligence.
Researchers predict that by 2050, 66% of the world’s population is expected to live in urban areas. The challenge, here, will be to supply these populations with all these basic resources while ensuring overall economic, social, and environmental sustainability.
Digital Transformation with its intent of making the citizen’s lives better, is accelerating the process of transformation of urban centers to the smart cities. These urban areas make extensive use of ICT (Information and Communication Technology), digital services like cloud computing, Fog computing, and many different physical devices like IoT, sensors, devices in order of collecting a large amount of data and then use insights gained from that data to manage assets, resources and services efficiently.
In this way, smart cities improve the quality of the lives of citizens, which often employ a mobile app to give fast access to traffic information, road conditions, and more.
The cities of the future may be smart – but will they be cyber safe?
While cities are looking to use a fusion of technologies that best suits a large city-scale. Innovations such as mobile, Big Data, artificial intelligence, robotics and the Internet of Things are all transforming a huge array of human interactions, including how we work, cooperate and govern the cities in which we live.
All these advanced technologies enable the integration of the physical and cyber worlds into a cyber-physical system, in which data and information from the physical world are analyzed and learned in the cyber world, and in which we can create the right models that describes behaviors in the physical world.
But the interconnectivity across the virtual and physical infrastructure that makes a smart city work also creates new and considerable cybersecurity risks.
Just a little consideration, if we think to small-medium metropolitan areas such as Italian cities, we already have millions of devices connected. Let’s imagine the chaos that a hacker could cause if they targeted a city’s power grid or the implications caused by a breach of a city’s security system such as the network of cameras, again, what happens if the network of intelligent transport systems gets compromised? Every endpoint presents a potential gate for hackers. The more connected endpoints the network collects, the more vulnerabilities attackers can exploit
Such attacks can disrupt operations and compromise a city’s critical systems. For example, an attack on streetlights can be used to mask a criminal operation, leaving the area unserviceable.
In general, the consequence of an attack conducted by a hacker on IoT devices can be highly destructive and can cause damage to the point of non-recovery.
Let us take a look at what are the Security Risks that threaten Smart Cities
For what reason or purpose attackers target a smart city?
- Data and identity theft—the purpose is to steal personal data and identifiable information from unprotected smart city infrastructure and use it for fraudulent transactions.
- Device hijacking – it represents the situation where the hacker assumes control of a device. In a smart city, an attacker can hijack smart meters to steal energy from a municipality.
- Man-in-the-middle (MitM) – it happens when an attacker interrupts or redirects communications between two systems. For example, attacking a smart wastewater system valve to disrupt operations.
- Distributed Denial of Service (DDoS) – this attack has the purpose to flood the target with superfluous requests, disrupting services. As a result, users cannot gain access. An attacker can breach into the net of interconnected devices and overcome the defenses of city system.
- Credential theft – the hacker intends to get credentials to critical systems, and use them to conduct a ransomware attack.
Unfortunately, even in the most security-conscious cities, we count many cases where the technology systems of smart cities have already been hacked. For example, let us remember the attack conducted to San Francisco Municipal Transport Agency by hackers who locked up computers and data with 100 bitcoin demand. This happens because often the smart cities are not able to keep pace with the adoption of digital capabilities. This delay can cause a potential downside of digital transformation without controls.
How can we make a Smart City Secure?
Many organizations, government agencies, municipalities are focused on the first part of the equation and not on the second one. They look to digitalization instead of the organization, the technology instead of people’s culture. Thus, we must take a holistic approach to smart city cybersecurity. An integrated cyber risk framework can provide cities with management principles to incorporate into their smart city planning, design, and transformation stages. It must include industry standards, legal, and regulatory requirements to determine how cyber risk may affect all the ecosystem participants, including users, government, services, infrastructure, processes, as well as assess how systems and assets can influence each other. Such an integrated approach can enable city stakeholders to view threats and vulnerabilities in their whole rather than react to specific services or operational impact.
Indeed, the enhanced risk factor has no doubt been a driver for the implementation of new legislation, the recent European Union’s General Data Protection Regulation, which took effect in 2018, which is slowly paying off. So, many cities are establishing a culture of cybersecurity by adopting security measures like certified biometric systems, cryptography, and digital privacy policies.
As experts, we every day must address new challenges, and as these challenges arise, our constant commitment must be to intensify awareness programs regarding principles like data protection and security by default. However, also as users, we must expect that the technologies we are using are designed, manufactured, and deployed with the same strategy.
Understanding the need to adopt a new approach to cybersecurity can also help to avoid add-on expenses once a system is already in place.
We need to start treating smart cities as they would be banks, with care and as much security measures as possible. The consequences of not making cybersecurity a central point of a smart city strategy could be thus too fatal to overlook.
Then, the steps that we could follow are:
- Integrating city and cybersecurity strategy: cities should align their cybersecurity strategy with the overall smart city strategy. This includes assessing their data and systems to identify and mitigate risks. A cybersecurity strategy should be a part of the broader city plan
- Capture tech talent—attracting innovators can provide fresh solutions for security challenges.
- Engage stakeholders and city governance—to create a culture of cybersecurity across the city. The city can implement an ecosystem involving private and public sector organizations
- Support the development of a harmonized cybersecurity framework to allow Smart Cities operators to implement common guidelines.
- Cybersecurity can be improved by raising awareness
The drones have the potential to improve urban air mobility by moving people and cargo faster, at a lower cost and in a sustainable way. However, industry leaders and manufacturers, to take advantage of these new opportunities, should cooperate with aviation authorities to build jointly an extended mobility ecosystem where the concepts of security and safety are ensuring by design and by default.
In term of technology, a reliable network based on the blockchain could prevent that blocks of information, exchanged by unmanned aircraft in the global airspace, could be intercepted and altered by somebody else.
Second, a robust integrated aircraft management system powered by advanced technologies such as smart sensors, cognitive systems, machine learning and computer vision are essential to enable autonomous vehicles to identify obstacles inflight, prevent collisions by rapidly predict alternative routes, but also facial recognition to enhance the passenger’s experience.
Finally, the data gathered by drones, transmitted seamlessly to the cloud, should be used to build digital twin models to improve, not just maintenance capabilities, but also the fleet management and sustainment.”