The importance of cybersecurity in Smart Cities

An image of , News, The importance of cybersecurity in Smart Cities

With the world’s population set to hit 9.7 billion by 2050 and the UN predicting that 68% of us will be city dwellers by that same time, it is unsurprising that there is growing demand for sustainable infrastructure across the globe. As nations and governments look to counter the effects of this change, they are re-assessing how they view urban dwelling and increasingly looking at it via the prism of the smart city.

The term “smart city” is typically used to describe centers and concentrations of people that use various integrated IoT-based technologies to exchange data in an urban setting. By facilitating the optimisation of assets, resources and services in a sustainable manner, smart cities can deliver benefits such as smarter urban transport networks, upgraded water supply and waste disposal facilities and more efficient ways to light and heat buildings. It also means a more interactive and responsive city administration, safer public spaces and meeting the needs of an aging population, whilst also improving sustainability.

Powered by the growth in IoT and 5G technologies as well as a relaxing of global government regulation, the market size of the global smart city industry is set to hit nearly $9 billion by 2025, with an annual growth rate of 24.2% between now and 2030. No longer the stuff of science fiction and fantasy novels, smart cities are fast becoming a reality for many countries.

However, those responsible for these new modern cities are also faced with a number of challenges, especially around the area of security. Smart cities, by their very nature, represent a unique combination of cybersecurity risks that must be overcome to ensure security, safety, and data privacy of their users / residents. The root of this problem can often be ascribed to the issue of interoperability between the disparate organisations and technologies that power smart cities. Different parties will have different prioritsations and focuses when it comes to cyber risk and, as a result, when combined, vulnerabilities that target one element can affect all.

Exacerbating things is the simple fact that quite often, the ecosystems behind them ie: the network of sensors, data analytics and decision makers, are often not sufficiently cyber resilient to protect the very people they are working for. Despite guidance and recommendations on security, many IoT devices are often released with a lack of encryption or a massive dependency on OTA patches / updates. IoT security differs from traditional IT security in that the devices are often limited and embedded computer systems; frequently single-purpose devices performing specific functions within a broader, more complex ecosystem. With a lack of security testing in place, vulnerabilities become apparent only after IoT manufacturers put smart city devices into production, which can further increase potential areas of attack.

Think about it like this – to function properly, smart cities have to collect, share, analyse, protect and manage huge amounts of data. This information travels across highly interconnected and distributed environments and will be used to deliver services to citizens that are often safety-critical. It doesn’t take a genius to see how potentially devastating a security vulnerability could be at any one of those points. These issues can be exacerbated if a city relies on a central technological hub to control its core smart city infrastructure. Hackers will continue to attack IoT devices by either taking control of them, stealing information or disrupting the services being offered. And we already have several examples of what that looks like in real life.

So what can be done from a cyber-security perspective to protect smart cities, keep our data safe, and ensure services stay up and running when inevitable challenges arise?

Firstly, as previously stated, a lot of the risk relates to interoperability and synchronisation between different stakeholders within the IoT ecosystem, as opposed to a specific vulnerability within a specific device or system. Therefore, smart city designers must adopt a principles-based approach that will ensure the correct protections to address both the likelihood and impact of key security risks. Alongside this, it must also provide flexibility for those same stakeholders to alter their approach in the event of specific situations and circumstances. Addressing these considerations from the outset is crucial to avoid having to retrospectively apply security controls in the future, which is less effective and often very costly.

Both suppliers and vendors should also develop systems to be ‘secure by design’ and then test security as part of the development cycle so they can understand and address any security flaws. Encryption, authentication methods and communication inputs and outputs must have strict measures built in that determine what messages can be sent and received. Certification frameworks must be made mandatory across the board, as manufacturers may not implement security when it only adds to the time to market, cost and complexity of the product. In addition, systems should be designed to be manually overridden should a hack or malfunction make it necessary to retake control. 

Linked with this is the importance of cybersecurity training that is specific to smart cities. As hackers and cybercriminals become increasingly sophisticated, the possible dangers of having cities so connected grows and those working with and installing the smart technology must be adequately trained in their response; as well as making informed security decisions for the devices they install. The UK government, for example, has already proposed mandatory cybersecurity training to prevent smart devices from being exploited by criminals and this training can take many forms. They, and many other stakeholders in this space, are increasingly looking at cyber ranges as their tool of choice, owing to their ability for practice against the latest attack methods via special virtual machines that are intentionally designed with vulnerabilities and technical challenges reflecting real world deployments. These vulnerabilities and challenges are updated periodically to stay current and ahead of criminals.

The growth of smart cities has huge potential to benefit both current and future urban citizens across the globe. However, for it to be successful, those involved must be aware of the security issues facing their smart environments and systems if they’re to manage the risks before incidents occur. IoT security, the foundation of smart cities, will only be effective with better collaboration between vendors, device manufacturers and governments to develop better regulation, guidance and training around IoT security. 

An image of , News, The importance of cybersecurity in Smart Cities

Aare Reintam

Aare Reintam is the Chief Operating Officer and a Member of the Executive Board of CybExer Technologies since June 2018. He is also an Ambassador of the NATO CCDCOE and a co-chair of the European Cyber Security Organisation sub-working group on cyber ranges and technical exercises.

Previously, he worked as the Cyber Defence Exercise Manager of the NATO Cooperative Cyber Defence Centre of Excellence where he planned, executed and/or oversaw several iterations of world-leading cyber defence exercises (Locked Shields, Crossed Swords, Cyber Coalition) between 2014 and 2018.

AI alignment: teaching tech human language

Daniel Langkilde • 05th February 2024

However, Embodied AI refers to robots, virtual assistants or other intelligent systems that can interact with and learn from a physical environment. In order to do this, they’re built with sensors that can gather data from their surroundings, with this they also have AI systems that help them analyse data they collect, and ultimately learn...

CARMA announces acquisition of mmi Analytics

Jason Weekes • 01st February 2024

CARMA announces acquisition of mmi Analytics, expanding expertise in Beauty, Fashion, and Lifestyle sectors The combined organisation is set to redefine the landscape of media intelligence, providing unparalleled expertise and comprehensive insights for PR professional and marketers in the exciting world of beauty, fashion and lifestyle.

Managing Private Content Exposure Risk in 2024

Tim Freestone • 31st January 2024

Managing the privacy and compliance of sensitive content communications is getting more and more difficult for businesses. Cybercriminals continue to evolve their approaches, making it harder than ever to identify, stop, and mitigate the damages of malicious attacks. But, what are the key issues for IT admins to look out for in 2024?

Revolutionizing Ground Warfare Environment with Software-Enabled Armored Vehicles

Wind River • 31st January 2024

Armoured vehicles which are purpose-built for mission-critical operations are reliant on control systems that provide deterministic behaviour to meet hard real-time requirements, deliver extreme reliability, and meet rigorous security requirements against evolving threats. Wind River® has the partners and the expertise, a proven real-time operating system (RTOS), software lifecycle management techniques, and an extensive track...

The need to prove environmental accountability

Matt Tormollen • 31st January 2024

We are currently in the midst of one of the most consequential energy transitions since records began. The increasing availability of clean electrons has motivated businesses in the UK and beyond to think green. And for good reason. Being environmentally conscious attracts customers, appeases regulators, retains staff, and can even gain handouts from government. The...

Fuelling Innovation in Aftermarket

Jim Monaghan • 31st January 2024

One section of the motor trade is benefitting from the cost-of-living crisis: with consumers keeping their cars for longer, independent repairers are in huge demand. But they are also under pressure. Older cars need more repairs. They require more replacement parts, tyres and fluids. With car owners looking for value and a fast turn-around, independents...

The return of the five-day office week

Virgin Media • 25th January 2024

Virgin Media O2 Business has today published its inaugural Annual Movers Index, revealing four in ten companies are back to the office full time, despite widespread travel delays and disruptions With 2023 cementing the cost-of-living crisis, second hand shopping and public transport use surged as Brits sought to save money Using aggregated and anonymised UK...