Cities have always been in development with the new innovations in technology and its rapid adoption by the society. Today’s cities are being called as the ‘Smart Cities’ because the operations and services such as safety, mobility, education, transport, finance, electric power, water distribution, etc. are being monitored, operated and controlled smartly. It is helping cities to become more interoperable & coherent, and bringing more autonomy in the ongoing systems and services.
However, today’s smart cities need requirements for processing an uninterrupted operation and execution framework. These requirements include- quick channeling of the finance, availability of the human resources, utility services, co-ordination among multiple stakeholders and the security of smart city resources. Among these, the implementation of Cybersecurity is a foremost challenge in a Smart City network – as the technologies utilized by the smart cities are causing a significant cyber security threat and open the door for many attainable cyber-attacks.
Here are few key technologies and systems that combines the Smart City’s complicated Attack Surface :
1) Smart Surveillance Cameras: Traffic and surveillance cameras are the eyes of the city and by making them part of the botnet, attackers can easily outsmart smart cities with a single large scale Distributed Denial of Service (DDoS) attack.
2) Smart Mobility:Use of mobile devices is increasing since the last decade, and today’s cyber attackers are already prepared to target these devices with a trojanized app or a simple user click on the malicious website for making them a part of a mobile botnet.
3) Cloud and SaaS Solutions: Smart city application servers and cloud infrastructure are easily exposable to common Distributed of Denial (DdoS) attacks. Application servers and cloud entities are cheaper targets for cyber attackers these days.
4) Smart Power and Water Grid: Attacks on power and water grid could cause a serious damage to country’s economy. The malware attacks on Ukraine & Russian grids in the previous quarter demonstrated that even the smart grids are easy targets for the cyberattackers.
5) Smart Transportation: Transport is also under the threat of cyberattacks. Cyber attackers can simply display the incorrect information on public transport information systems and can drive accidents, delays, overcrowding, etc.
6) Tourism (Location-based Services): Tourism can also be affected by a cyber attack on location-based services such as GPS – which can be easily spoofed by attackers and display the incorrect information to people who are looking for the real-time information.
7) Smart Retail: Smart retail is taking a big part in making the cities smart. Cyberattckers can also hack into the smart retail by hacking its operations such as spreading malware into IoT solutions of retail for automatic an inventory order or reordering of the product, etc.
Not just that, there are already many fields of application within Internet of Things (IoT) which are enabling cities to be smart – they range from smart traffic and surveillance cameras, street lights, smart sensors, LED lights, printers, smartphones, refrigerators to self-automated cars, DVR products, Smart Toys, etc.
This is a major point of concern where smart cities are implementing these IoT devices at a very fast pace without even testing them for cyber threats and vulnerabilities.
As we saw last year, cyber attackers used malware named ‘Mirai’ to form a botnet of millions of infected IoT devices and performed several DDoS attacks against banks and other big firms – which showed us that the IoT-devices are easily vulnerable and can easily be controlled by cyber attackers via command and control (CnC) server. Some experts described this attack as a threat to free speech, and it underscored that there is a quickly emerging dark side to the widely dubbed Internet of Things.
In a recent report from Intel, it is estimated that there are about 6.4 Billion connected devices around the world today and expected to reach this number around 20 billion by 2020. While It is not possible to secure every possible IoT device in a totally connected environment. However, it doesn’t mean we need to go back to the stone age. It’s possible to strengthen the smart city’s security architecture and stop smart cities being outsmarted by the cyber–attackers.