What Are the Cybersecurity Risks for Smart Cities?
The Internet of Things (IoT) is revolutionizing how governments manage cities. Every aspect of city life, including mobility, health care, security, water, energy, community engagement, economic development, housing, and waste can now be connected and monitored remotely. Known as “smart cities,” these municipalities leverage technology to meet the demands of residents and provide greater efficiencies in delivering services.
There are three layers composing the infrastructure of smart cities. The first is a critical mass of sensors, networks, and smartphones connected by a high-speed communication network. That technology base collects data on energy usage, traffic volume and patterns, pollution levels, and more. The second layer employs applications for analyzing constant streams of raw data to predict usage and patterns and issue alerts, insights, or recommended actions. Thirdly, the buy-in and participation of the public are critical so that more data is available, and a true open-access system is created that allows citizens and businesses to leverage information for their own purposes.
Cities like Singapore, Dubai, and New York City have already deployed many smart technologies, but with so many devices connected, these networks are a prime target for cybercriminals and other malicious actors looking to wreak havoc or manipulate the system for monetary gains. Here are the primary cybersecurity risks smart cities face that they need to proactively protect themselves against.
Man-in-the-middle Attack
In a man-in-the-middle attack, a hacker breaches, interrupts, or spoofs communications between two systems. This happened last year in Israel when hackers attacked a commercial irrigation system. The hackers were able to turn the water system on and off remotely, which could empty a water reservoir overnight and deplete a town’s water supply. While inconvenient and costly, an attack on a wastewater system in a smart city could do far worse damage if it caused a biohazard spill that put citizens at risk.
Device Hijacking
With millions of devices operating within a smart city’s infrastructure, attackers often look to hijack a device to assume control over it. Since the device’s functionality is not altered, often users will not even notice their device has been compromised. Once a hijacker takes control, he or she could exploit other devices on the network. For example, a cybercriminal could exploit smart meters to launch a ransomware attack on a city’s energy management system or siphon energy from a municipality without paying for it.
Data Theft
The infrastructure of smart cities collects large amounts of data on individuals from items like surveillance cameras, traffic signals, parking meters and connected devices. Cyberattackers can use personal identifying information to commit fraudulent transactions and identity theft if devices are not properly secured.
Distributed Denial of Service (DDoS)
Distributed denial-of-service (DDoS) attacks are on the rise, increasing 128 percent from Q1 of 2020 to Q1 of this year. A DDoS attack temporarily or indefinitely disrupts services of a host connected to the internet to render a machine or network resource unavailable to users. To launch a DDoS attack, cybercriminals flood the target with illegitimate requests to prevent real requests from being processed. The use of multiple sources for the attacks makes them difficult to block and stop. A cybercriminal could use a DDoS attack to overtake a smart city’s parking meters so they can become part of a botnet used to overwhelm another system.
Permanent Denial of Service (PDoS)
Cybercriminals looking to cause long-lasting damage can deploy a permanent denial-of-service attack (PDoS), also known as phlashing. In this attack, devices, such as traffic surveillance cameras, are damaged so badly that they must be replaced or their hardware has to be completely reinstalled — burdening cities with downtime, repair costs, and the repurchasing of equipment.
Cybersecurity experts at the University of California, Berkley have ranked emergency and security alert systems, street video surveillance, and smart traffic lights as the most vulnerable to cyberattacks. With everything from train signals to nuclear power plants on the line, cities should have strong cybersecurity controls and practices in place, including:
- Making frequent software updates
- Properly securing their framework
- Authenticating devices before receiving or transmitting data
- Restricting who can connect to smart city devices
- Regularly scanning application tools
- Using heightened network security rules
- Implementing strong access controls
- Disabling any unnecessary or unused systems
- Perpetually scanning network activities to identify suspicious traffic
IDB Programs to Enhance Cybersecurity in Your Smart City
The Institute for Defense and Business offers specific programs that teach best practices and techniques to avoid the threats and potential risks that arise from a digitized world. Specifically, the IU-IDB Cyber Risk Management Program is designed to introduce participants to the multifaceted cyber risks with a focus on harnessing the benefits while mitigating the risks of emerging technologies. The benefits of the program include being equipped with a toolbox of cybersecurity best practices to manage risk exposure, developing confidence to work well on cybersecurity solutions, and learning cutting-edge technology to expand your understanding of key functional areas relating to cybersecurity. Additionally, the LOGTECH Advanced program will transform your organization’s approach to technology and innovation in logistics, providing new tools and techniques to help better manage potential threats.
About IDB
The Institute for Defense and Business (IDB) delivers educational programs and research to teach, challenge and inspire leaders who work with and within the defense enterprise to achieve next-level results for their organization. IDB features curriculum in Logistics, Supply Chain and Life Cycle Management, Complex Industrial Leadership, Strategic Studies, Global Business and Defense Studies, Continuous Process Improvement, and Stabilization and Economic Reconstruction. Visit www.IDB.org or contact us on our website for more information.