In the future, the world’s population will be mainly concentrated in cities. It is estimated that by 2050, driven by rapid urbanization in Asia and Africa, two-thirds of the earth’s population will live in urban areas. Even in the next three decades, more than 2.5 billion people are expected to flood into our cities, and the challenge of providing them with critical infrastructure and urban services is becoming increasingly serious.
Like all other challenges, humans are turning to technology to create a better, safer, and more efficient urban living environment. From public utilities, transportation, transportation, waste management, pollution control, sustainable living to safety, and healthcare, smart cities are becoming the answer to managing the growing urban agglomeration.
Smart city projects are changing the rules of the game. For example, Yokohama’s renewable energy for heating homes, Barcelona’s digital waste management system, Canberra’s smart parking solution, Groningen’s real-time public transport monitoring or Nijmegen’s distributed air quality network are just a few examples.
Connectivity is a double-edged sword
Smart cities run on a backbone network of sensors and IoT devices. These sensors and IoT devices are connected to each other through the Internet and cloud computing architecture to control the system and external systems. They transmit personal and confidential data through insecure channels (unpatched devices that do not support data encryption). The highly interconnected nature of smart city work also brings huge network security risks. Every access point expands sensitive data exposure vulnerabilities, and digital attacks have begun.
Atlanta was hit by a large-scale ransomware cyberattack in 2018. The vulnerability shut down many devices for five days. Law enforcement, business licenses and even the busiest airport in the United States were disrupted. In addition, there were several other damages. The ransomware attack also destroyed most of Baltimore’s servers and paralyzed its 911 emergency call center in the same year, causing $18 million in damage.
The attacks are not limited to American cities. The tram system in Dublin was attacked by ransomware, and the air traffic control and railway ticketing systems in Stockholm were also damaged. The ransomware attack also disrupted power supplies in Johannesburg and Hyderabad. In addition to ransomware, cybercriminals have deployed many other technologies, including remote execution, signal interference, and traditional means such as malware, data manipulation, and distributed denial of service (DDoS) attacks. Their digital weapon arsenal comes from the deep network, and their attack weapons are fully automated and can carry out 7*24 attacks.
Easily targeted or crime-preventable?
Cities are easy targets for cybercriminals because they lag behind in terms of technology use and familiarity. Many of the basic technologies that run its critical infrastructure are outdated. Technological advancements to transform existing cities into smarter cities have added complexity. Smart cities are not built in a day, but will develop over time. Considering that the technology they use is experimental in nature, they are still a permanent Beta version, which increases the possibility of accidents.
Cities currently account for 70% of the world’s GDP. For cybercriminals who may violate smart city defense measures, this is an easy road to economic gains. Therefore, smart cities must be designed to ensure safety, rather than bolting the system after it is in place. They should be based on rock-solid, intuitive, and automated security protocols and policies from the beginning, and negotiate with citizens and involve them at every stage. This will help build confidence and a sense of ownership regarding the requirements of maintaining citizen privacy.
Cyber risk defined by the integration of old and new
The security risks of the smart city ecosystem are affected by many factors. The fusion of network systems and operating systems makes devices and sensors at the edge an entry point for cybercriminals. Harmless devices such as energy-saving automatic lighting or electric meters may become potential entry points. Once hacked and infected with malware, they open up the penetration of other connected devices, causing a series of damages throughout the infrastructure.
The interoperability between legacy systems and digital technologies in the new era is forced to transform into different technology platforms that are fully suitable for collaborative work. There is no unified security policy and procedure to manage its operating framework, they will expose the entire ecosystem to hidden security vulnerabilities. The challenge is even more serious, the lack of a common standard to manage the functions of edge devices that support IoT. This means that security is often compromised at the height of interoperability.
Another influencing factor is the integration and interconnection of different services and departments in the smart city ecosystem. They are used to working independently in independent systems. This mix of service and system integration, interconnectivity, and data exchange creates sharing loopholes. Therefore, problems in one service area can quickly infect other areas.
Integration framework and comprehensive governance model
Overcoming cyber security threats caused by convergence, interoperability, and interconnectivity issues requires a cyber risk framework. Such frameworks must provide management principles for cities to incorporate industry cybersecurity standards into the design to ensure that confidentiality, integrity, and availability requirements are met. It should integrate legal and regulatory requirements to assess the impact of cyber risks on all ecosystem participants, services, infrastructure, and processes. The framework must be drawn and integrated into the planning, design, implementation and transformation blueprints, and aligned with the broader smart city strategy. In addition, it must evaluate the interaction between each system and asset.
IoT devices and networks should be protected from attacks through device authentication, patching, data encryption, and security monitoring. It is essential to establish a strong secure channel and a secure chain of trust between interconnected devices. Physical security measures such as protecting IoT devices from unauthorized access and network attacks cannot be ignored.
Smart cities also need to standardize a comprehensive governance model that clarifies the roles and responsibilities of each key component of the ecosystem. The model should provide continuous coordination of policies, legislation, and technology for the proper balance between protection, privacy, transparency, and practicality.
Finally, smart cities need to establish an ecosystem network with other smart city governments, academia, the private sector, and start-ups, so they don’t have to fight alone. Despite their enormous potential, effectively managing the associated cyber risks is essential to realizing the promise of smart cities.