Lifeline of smart cities will be their underlying networks, which if compromised, could be devastating. It’s critical therefore to ensure that security is engrained into a smart city’s infrastructure right from the planning stage.
The creation of smart cities is termed as the third industrial revolution by Deloitte, while Frost & Sullivan predicts that by 2025, over 25 of the cities globally will be smart cities. PwC expects the smart cities market to exceed $1.7 trillion in the next two decades. The government has announced plans for 100 smart cities and 500 Atal missions for their rejuvenation and urban transformation (AMRUT). Its duration will be five years, during which the central govt. will fund approximately US $7.5 billion with an equal contribution from the state governments of the selected cities. The objective of the smart city mission as laid out by the government of India, is to promote cities to provide core infrastructure, decent quality of life, clean and sustainable environment and smart solutions with a focus on inclusive development.
According to Deloitte, smart cities would be characterized by unprecedented access to information, new technologies and information networks. They’ll depend on IoT interactions for decision-making. In other words, future smart cities will be a network of connected devices across municipal domains.
Due to this, security will have to be a part and parcel of such networks right from the beginning, and can’t be left as an afterthought.
Unfortunately, this doesn’t seem to be happening, which is a cause of grave concern. PwC says that the development of cybersecurity credentialing, security, safety and prevention systems for smart cities has not really kept pace with the burgeoning adoption of digital capabilities.
So, once a city becomes interconnected, the potential for disorder will be infinite! It’s important therefore to understand the security concerns so as to make a foolproof plan for safe and secure smart cities.
Security Concerns in Smart Cities
Some existing smart cities have already witnessed severe security breaches, which clearly indicate that cyber criminals are already thinking ahead. In Ukraine for instance, cyber criminals targeted a power grid and took an entire city's substations offline, leaving residents without electricity. In Texas, hackers triggered all of Dallas' emergency sirens, eventually prompting the government officials to shut down the city's security system. Japan’s electronic power meters were compromised with bills of power usage running in thousands of yens or dollars for each citizen.
Future smart cities can’t afford such data security breaches and according to CompTIA Research, threats could enter the infrastructure at any point and multiply the risk it poses. This is exactly what happened in most of the cases above, where a connected device was injected with malware, which then spread across other devices, causing a cascading effect throughout the entire infrastructure and bringing a city down on its knees.
Steps to Combat the Security Threats
According to IDC, to enable smart cities to function effectively, the four pillars of big data, mobile technologies, cloud computing, and social business must be in place. As smart cities will create a huge amount of data from all connected devices, data management and its security also become critical.
In addition to this, the following are some steps that need to be taken to safeguard cities of the future:
Prioritize Security of Critical Assets: All connected devices in a smart city won’t have equal importance, so their protection must be prioritized by differentiating the city’s critical assets vs non-critical.
Implement Behavior Based Security: Auditing millions of separate devices for signs of malware is not feasible, so evaluate the behavior of smart city components and systems against an established baseline of normal network behavior. Any significant deviation from this should trigger an investigation into the possible presence of malware.
Have an Automated Component Replacement Process: With so many components spread across a wide geography, it’s critical to have in place a system to replace them. Component failures could otherwise also become an opportunity for hackers to leverage.
Segment Critical Assets of Private Organizations from the City’s Network: Many vulnerabilities could creep in from the networks of private organizations in the city, so it’s important to have a policy to enable organizations to contain and mitigate any threat actors exploiting vulnerabilities in the smart city network to reach their assets.
Ensure Regular and timely Software Updates: The most basic solution to any security issue is to ensure regular updates of all systems with the latest updates. Of course, when it comes to a city’s network, careful planning is a must to ensure that updates happen quickly and regularly before somebody finds a loop-hole.
Smart cities are a new dawn to give better living to citizens. This interconnected utopia comes with responsibilities of controls with proper implementation of technology to ensure that connected infrastructure is accessible only to the right people at the right time for the right reasons and that cyber-attacks do not damage the data and functioning of the city.
Reports and references: