A smart city is representative of urbanization in the digital world. The infrastructure of smart cities is built on embedded Internet of Things (IoT) technology. The smart city promises new opportunities and growth in the urban world. These opportunities include better connectivity, productivity, agility, and innovation. However, it is a known fact that with opportunities come challenges.
The implementation of smart cities with IoT raises enormous privacy and cybersecurity concerns. Take an example of a smart home - your toothbrush or fridge can reveal your information to the intruders out there! Then, there are safety-critical systems such as smart health, where human lives are at stake due to cyber-attacks. So how can we ensure digital safety in the IoT enabled world? Let’s explore.
IoT operates and enables smart cities in the digital world. Different devices such as smartphones, smart grids, sensors, electrical appliances, RFID tags, and a variety of other embedded technology work in liaison to enable IoT powered smart city solutions. The whole infrastructure of a smart city becomes vulnerable even if one of the IoT components is compromised. The attackers can not only steal critical data - they can also malign the smart city infrastructure leading to safety-critical accidents.
Take the example of smart transportation. The smart transportation infrastructure has numerous connected devices such as traffic lights, wireless sensors, RFID tags, and mobile devices. These devices are continuously communicating with each other to ensure smooth transportation services. Here, the cybercriminals can cause significant disruptions in the network by just altering traffic signals. Such attacks can lead to road accidents and loss of lives. This is why cybersecurity is important for IoT and smart cities.
Let’s have a look at the top IoT security challenges in smart cities.
Smart cities thrive on communication between devices and people. Threat actors can infiltrate and disrupt communication through network attacks. These include various types of Denial of Service (DoS) attacks, the man in the middle attacks, and SQL injections. Such attacks disrupt services or gain access to sensitive information without being noticed. As a result, such attacks impact the services of a smart city through delays and miscommunication.
Malware is malicious software that may cause harm to an IT system. Smart city solutions are vulnerable to malware attacks such as viruses, trojans, logic bombs, ransomware, and Advanced Persistent Threats (APT). Yuval Noah Harari has described the impact of such attacks on digital infrastructure in his book 21 lessons from the 21st century:
“Even in the days of George w. Bush, the USA could wreak havoc in Baghdad and Fallujah while Iraqis had no means of retaliating against San Francisco or Chicago. But if the USA now attacks a country possessing even moderate cyber warfare capabilities, the war would be brought to California or Illinois within minutes. Malware and logic bombs could stop air traffic in Dallas, cause trains to collide in Philadelphia, and bring down the electric grid in Michigan'' - Yuval Noah Harari
Device hacking and hijacking
Device hacking and hijacking are the common challenges associated with IoT solutions for a smart city. In such attacks, the attacker hacks and gains control of an IoT device. Such attacks are difﬁcult to detect because in many cases the attacker doesn’t change the functionality of IoT devices. The attackers exploit hijacked devices to launch malware attacks on smart solutions. For example, RFID tags can be abused and cloned to launch attacks on smart grid solutions.
Data manipulation and theft
A key enabler of sustainable smart cities is data sharing. Data is generated, shared, and analyzed by different connected devices in real-time. This helps in making informed and critical decisions. This data can be hacked and manipulated by threat actors. Moreover, confidential data is also vulnerable to cyber-attacks.
The human factor in cybersecurity
There is a famous saying - “Human is the weakest link in cybersecurity”. People unknowingly become victims of cyberattacks due to a lack of awareness. Social engineering attacks are a significant threat to smart cities due to human factors. The attackers deceive a smart city stakeholder into performing an action that may cause a breach. For example, clicking a malicious link may install malware in the water utility system causing wastage of water.
The idea of a smart city opens pathways for new opportunities in businesses, education, communication, health, and governance. To maximize the benefits of a smart city, we have to ensure cybersecurity. Following are a few suggestions to address the cybersecurity issues.
Secure Internet of Things development
The first step to enabling security is to design and develop secure IoT devices. These devices should be provided with the latest operating systems. Device hardening is also good practice to ensure both physical security and cybersecurity.
Secure password practices
The practice of using the default passwords provided by the device manufacturing companies can destroy IoT security. Secure password management practices do not need any cost or effort - but they can help in protecting smart devices from cyber threats.
Firewalls, intrusion detection and prevention systems, effective port handling, security information, and event management systems, threat intelligence platforms, and anti-malware systems - these all work in liaison with each other to ensure network security.
Data protection and encryption
There are various kinds of threat actors looking to steal confidential information. These include nation-states, hackers, hacktivists, and business competitors. One way to protect digital data is to use encryption techniques. These techniques ensure that the data is not comprehensible by the threat actors.
Cyber threats work by manipulating software vulnerabilities. Keeping software patched and updated can prevent potential harm. Remember - unpatched software means an open loophole for the attackers!
Security awareness training
All the stakeholders of smart cities must be made aware of the threat landscape. General awareness of cybersecurity should be made mandatory. The right culture for a smart city is security culture.
Standards and policies
Sustainable and cyber-secure smart cities require IoT centric security standards, involving all of the concerned stakeholders. NIST’s Cybersecurity for the Internet of Things (IoT) program is actively working on the standardization to assist the IoT enabled technologies and solutions against cyber threats.
The stakeholders of a smart city involve citizens, governments, the military, business owners, the health industry, and educators. Therefore cybersecurity for smart cities is not just a technical issue - It is a social, national, and economic issue. Remember, a smart city is not so smart without cybersecurity!