What is Being Done to Combat Cyber Attacks in Smart Cities
Smart cities use many types of technology to improve public services, become more efficient, and offer residents a better quality of life. However, these systems also pose a cybersecurity threat that can lead to many issues if they are compromised.
For example, Baltimore, MD suffered from ransomware attacks that disrupted many city services, as most of the servers were shut down. In addition to local government agencies, the 911 emergency call center was unable to provide the same level of service that it normally did. Even some public-private partnerships were caught up in the attack, such as the local open-admission animal shelter, as it relied on Baltimore City IT resources.
To address the growing problem of smart city cyberattacks, it’s important to understand the unique characteristics that make them such tempting targets.
Types of Cybersecurity Risks in Smart Cities
Smart cities have multiple connected systems, which have different levels of resources, varying implementation times, and disparate security measures. A mixture of legacy and modernized solutions offers an incredibly complex infrastructure that offers many potential attack surfaces.
Here are some of the most common cybersecurity concerns that stem from this type of environment:
The mixture of older and newer systems means that some solutions have significant threat detection and protection, while others may have limited security features. Smart cities are only as strong as their weakest component.
Outdated Legacy Systems
Technology that has reached the end of life no longer receives security updates and bug fixes, which can open up potential exploits. These systems may have fallen behind on patches if they are available, due to cumbersome processes.
Internet of Things Devices with No Security
Some smart devices lack security solutions, which creates easy intrusion points on the smart city network.
Lack of Coordination Between IT Security Teams
If each security team lacks visibility into what’s happening with the overall ecosystem, then they won’t be able to keep attackers from accessing sensitive data and functions. Resources may also be allocated unevenly across the teams, or there may not be a dedicated team at all.
Lack of Policies and Procedures to Support Cybersecurity Measures
If cybersecurity technology isn’t backed up by the right policies and procedures, then it won’t be as effective as it could be.
Too Much Bureaucracy Preventing Effective Cybersecurity
Too many approval layers or red tape can prevent an effective response to an attack. When every minute counts during an attack, empowered personnel can do their jobs and keep smart city systems online.
Lack of Proper Data Encryption
Sensitive data is at risk if some or all of the smart city ecosystem lacks encryption.
Failure to Audit or Test Cybersecurity Solutions
The middle of a cyberattack is a bad time to find out that your security measures are not working. A security audit establishes a performance baseline, while frequent testing ensures that all cybersecurity solutions are functional.
No Dedicated Cyberattack Emergency Response Plans or Teams
A lack of coordination or leadership during a cyberattack prevents an effective response. If city emergency planning does not account for threats against technology, then it can be challenging to limit the damage being done.
No Budget for Security Solutions
Some cities may not have enough of a budget allocated to cybersecurity. Corners get cut and resources are limited, which damages protective measures. The lack of funding may come from the city not having enough revenue, shortfalls in other agencies or departments, or a lack of priority on security. The security solutions they can afford may be old and unable to defend against new types of threats. Maintaining older systems may take more resources over the long-run than investing in more modern solutions.
No Budget for Cybersecurity Training
Cybersecurity is not as effective when people don’t have the right training. Cyber awareness training for everyone interacting with these smart systems is essential. Cyberattacks that focus on low-hanging fruit are thwarted, which opens up more resources for handling more sophisticated hackers.
Lack of IT Security Personnel
Sometimes a smart city’s security problems stem from not having the right technical personnel in place. IT security is a highly competitive hiring marketplace, and cities may have problems with getting the best talent.
Significant Vulnerability to Ransomware and DDOS Attacks
Smart city systems are essential to many functions, such as traffic lights, 911 systems, lighting, and other public services. If an attacker takes down a system through DDOS or ransomware, then the smart city has to do whatever it takes to get everything back up and running before it causes a disaster.
How to Approach Smart City Cybersecurity
The World Economic Forum and Deloitte have both published recommendations for proactively addressing the risk of smart city cyberattacks. These strategies empower smart city governments to strengthen the security of their smart technologies, improve their reaction times in a crisis, and develop plans that keep these systems online.
Since the vulnerability of one solution can easily spill over to others in these highly interconnected systems, all cybersecurity decisions must be made based on the whole ecosystem. A security-centric approach can eliminate common attack surfaces, and implementing best practices through policies and procedures makes it an integrated part of these systems.
Smart city governments need the right training and personnel on-hand to power this strategy, as a lack of resources will make it difficult to achieve good response times in emergencies. Dedicated teams focus on supporting this environment and improving it against new or growing threats. Getting buy-in from city leaders to support cybersecurity measures is another important step, to ensure that adequate resources are available.
Keeping smart cities safe from cyberattacks requires a robust and flexible cybersecurity strategy involving many teams, agencies, elected officials, and other stakeholders. By being able to defend against hackers, cities provide a transformative experience for their residents through modernized technology.