Smart cities have become a reality today, with governments, businesses, and residents, making use of advanced technology to increase productivity and efficiency at home and the workplace and make lives better. However, the challenges to ensuring safety, security, and data privacy have risen proportionately, leading to the requirement for a unique cybersecurity model for smart cities.

A city using advanced technology infrastructure and other cutting-edge solutions to improve its operational efficiency, provide better services, and improve the lives of its citizens qualifies as a smart city. The technology ecosystem often consists of ICT (Information and communication technology),  IoT (Internet of Things), AI/ML (Artificial Intelligence/Machine Learning), Blockchain, Cloud computing, etc. However, using the latest technologies has its challenges of cybersecurity risks, compromising the confidentiality, integrity, and availability of PII (Personally Identifiable Information) of its citizens. Below is a closer look into cybersecurity risks in smart cities, their challenges, the threats they are exposed to, and the potential solutions to overcome such hurdles.

Smart Cities Statistics You Need to Know

Here are some statistical details of the smart cities market that can serve as an eye-opener.

• The overall value of smart cities globally is expected to exceed $2.7 trillion within the next five years.
• Alternative research estimates the smart cities market to grow at a CAGR of 13.8% during the forecast period, 2021-26.
• Smart cities’ AI (Artificial Intelligence) market could touch $298 billion by 2027.
• Ransomware, Identity theft, and data breaches remained the top three cybersecurity risks in 2021 and will likely continue to be so with emerging smart cities projects.
  

Cybersecurity Challenges Facing Smart Cities

Smart cities can only remain ‘smart’ and ‘secure’ if they are prepared to handle cybersecurity threats. The following are the primary cybersecurity challenges smart cities face.

1. Variety and number of devices: Smart cities depend on a complex and interdependent network of devices, platforms, systems, and users. Gartner’s estimation was 25 billion connected devices by 2021. Many of them could be in untested and unpatched conditions, thereby exposing the information control systems to threats.

• Connectivity, communication, and security vulnerabilities: ABI Research indicates that there will be around 1.3 billion WAN smart city connections by 2024. All of them might not be capable of resolving digital and communication security challenges. Communication advancements can lower bandwidth costs and latency and enhance coverage but can also be vulnerable.

• Addressing residents’ data privacy and transparency concerns: Smart cities will have to deal with huge volumes of PII of their citizens and the vast amount of personal data captured from webcams, CCTV cameras, facial recognition, IVR (Interactive voice response),  and other such systems. Smart cities thus will need to implement adequate control measures that address not only the technical aspects but also regulatory concerns.

• Need for efficient and effective data processing and analytics: Data related to mission-critical services for a smart city ecosystem, such as facial recognition, traffic systems, etc., must be prioritized, analyzed, and processed in real-time. Especially the data from infrastructure services like parking garages, surveillance feeds, EV charging stations, etc. They can be vulnerable to cyber-attacks if not appropriately classified and adequately protected.

Cybersecurity Risks Smart Cities Must Be Prepared to Handle

Convergence of the cyber and physical world, interoperability between new and legacy systems, and integration of different types of city services with technology infrastructure could be some of the major factors influencing cybersecurity risks in a smart city ecosystem. Here are some cybersecurity risk situations smart cities must be prepared to face.

• Data breaches and data loss: Inadequately equipped information systems are vulnerable to cyberattacks leading to data breaches. Breached data can include Personally Identifiable Information (PII) and Protected Health Information (PHI), leading to disastrous outcomes. Smart cities must be wary of cyber threats that can affect the confidentiality, integrity, availability, safety, and resiliency of information assets and lead to massive cyberattacks.

• Risks arising from security and surveillance systems: Smart cities and security technology go together. However, inadequately trained people and inaccurate processes can be risky and lead to cyberattacks, even if you have the best technology controls in place. A study from the University of California, Berkeley found ‘Emergency and Security Alert Systems‘ to be most vulnerable to cyberattacks and were also ranked as most likely to generate significant impacts in the event of a cyber attack.

• Risks from complex network interconnectivity: The complex interconnectivity of public and private networks and other information systems can induce troubles. A problem in one service area can spread to others without a proper cybersecurity strategy and framework in place. According to a recent study from Statista, public Wi-Fi networks pose the biggest threat to a smart city ecosystem.

• Other cyber attacks: As per Verizon, ransomware is the most potent cyber threat globally. Other prominent hazards include DDoS (Distributed Denial of Service) attacks, MITM (Man in the Middle) attacks, phishing, supply chain attacks, etc. Smart cities are valuable targets for state actors and for-profit hackers and not having a holistic cybersecurity strategy in place makes them an easy target in a cutting-edge tech where interoperability and security not always staying neck to neck.
  

How Can Smart Cities Be Safer from Cybersecurity Threats That They Face

Having appropriate safeguards is the best way to prevent a cyber attack. Smart cities can minimize cyber risks by implementing cybersecurity best practices. These practices need active collaboration among smart city planners, local governments, the public, and cybersecurity service providers.

1. Developing a smart city-specific cybersecurity strategy and framework: Ideally, the perfect solution is to create a comprehensive cybersecurity framework by hiring professional third-party cybersecurity experts to manage the risks and developing long-term strategies to deal with future cybersecurity issues, such as issues arising out of the advent of quantum computing. Simulating cyberattacks, mock-exploiting vulnerabilities, and testing the readiness of the operators increase preparedness and helps ensure an impregnable security framework.

• Establishing public-private partnerships and communication: Local and national authorities should unite, set aside political differences, and ensure proper stakeholder communication to address cybersecurity issues. Appropriate stakeholder involvement increases the responsibility to address cyber vulnerabilities and improve overall security posture.

• Focusing on critical infrastructure: Smart cities must strengthen the critical information infrastructure (CII) comprising highways, tunnels, bridges, railways, utilities, buildings, transportation, clean water, electricity, etc. Focusing on these aspects and plugging the vulnerability holes should be on the priority list of developers and stakeholders.

• Proper cybersecurity education and awareness: Smart cities shouldn’t jump into the technological pool without educating and preparing the stakeholders (primarily the citizens). Besides, starting with a smaller POC (Proof of concept) to verify if it can withstand a cyber attack is better than directly commissioning an extensive system.

• Cybersecurity resiliency: Increased reliance on smart technology can lead to a one-dimensional viewpoint and fall into the trap of becoming dysfunctional in the absence of technology. Therefore, alternative solutions should be available in smart cities to deal with any cybersecurity incidents whenever they arise. Resiliency should be part of the design, and the technology solutions must be able to continue to offer mission-critical services to its residents even in case of a disaster.
  

Conclusion

As more cities start using the latest ICT and state-of-the-art technologies to improve their overall civic amenities and services, there is a need to invest in cybersecurity solutions to prevent compromising information assets and jeopardizing the privacy of its citizens. The use of sophisticated technologies makes the cities smart but also creates opportunities for threat actors to launch and implement their nefarious activities. Today, concepts like AI, ML, 5G, and Blockchain have become household names. However, they have risks and make information network systems vulnerable to cyber-attacks from interoperability challenges, to growing pains of being cutting-edge. Thus, smart cities must develop and implement robust cybersecurity strategies to protect information assets’ confidentiality, availability, integrity, safety, and resiliency. These strategies should work cohesively with people, processes, and technology to strengthen the cybersecurity posture and avoid undesirable consequences. It is key to do this at the very point of inception, and ensure adherence throughout the lifecycle of the smart city to safeguard it from intentional disruption as well as human error or configuration drift. Are you involved in a smart city project today? Share your experience and thoughts! Whether it is design, or a public entity, architecture, IoT, ICT, security or city planning; reach out! Love to connect with like-minded professionals and enthusiasts. You can reach me through the comments, on LinkedIn or on Twitter (@UlvBjornsson)

My other posts on smart cities

Smart Cities Using XR/AR

References

1. Cerrudo, C., Hasbini, M., Russell, B. Cyber security guidelines for smart city technology adoption. Securing Smart Cities. https://securingsmartcities.org/wp-content/uploads/2016/03/Guidlines_for_Safe_Smart_Cities-1.pdf
2. National Cyber Security Centre. Cyber experts set out a blueprint to secure smart cities of the future. https://www.ncsc.gov.uk/news/cyber-experts-set-out-blueprint-to-secure-smart-cities-of-the-future
3. Appleton, J. (2020, October 22). The importance of cyber security & data protection for smart cities. Beesmart.City. https://hub.beesmart.city/en/strategy/the-importance-of-cyber-security-and-data-protection-for-smart-cities
4. Ransomware threat rises: Verizon 2022 Data Breach Investigations Report. (2022, May 24). Verizon.com. https://www.verizon.com/about/news/ransomware-threat-rises-verizon-2022-data-breach-investigations-report
5. Making smart cities cybersecure. Deloitte.com. Retrieved August 13, 2022, from https://www2.deloitte.com/content/dam/Deloitte/de/Documents/risk/Report_making_smart_cities_cyber_secure.pdf
6. The Cybersecurity Risks of Smart City Technologies. Berkeley.edu. Retrieved August 14, 2022, from https://cltc.berkeley.edu/wp-content/uploads/2021/03/Smart_City_Cybersecurity.pdf