While many people presume burgeoning smart cities to be secure and safe for use by citizens, a new study by security professional association ISACA reveals the potential for substantial threats.
The association surveyed approximately 2,000 security and risk professionals focused on smart cities, including their management strategies, risk management measures, and future technology initiatives. This research shows that malware and ransomware lead the top of concerns in the sector, as well as more frequent and destructive denial of service attacks. Additionally, when asked to name the most likely executors of these attacks, smart cities experts named nation-states and hacktivists.
Global survey respondents flagged several critical infrastructure areas as potential targets including transportation systems, environmental systems and local and regional government, with the energy sector named by 71 percent as most susceptible to attacks, followed closely by communications at 70 percent, and financial services at 64 percent. Only 15 percent of respondents consider cities to be most equipped to confront and neutralize smart infrastructure cyberattacks; more than half of respondents believe the national government would be better suited to confront these potential threats.
Ironically, energy, communications and financial services are among the top critical infrastructure that experts anticipate benefiting most from smart city technology, along with transportation.
“With nearly 3 million people moving to global cities each week, ISACA’s smart cities survey is a timely wake-up call that many parts of government need to up their game in both planning to prevent city infrastructure attacks and in engaging with their citizens about these plans,” Rob Clyde, vice-chair of the ISACA board, said in a statement. “The top threat areas identified (energy, communications and financial services) are both economically and socially critical, and inter-related. This reinforces the importance of national governments working much more collaboratively with their municipal and state/provincial counterparts on multifunctional, smart solutions across data analytics, A.I., blockchain, smart grids and emerging technology.”
These looming threats are very real. Smart meters, such as those found in most major metropolitan cities these days, can be sniffed for data that can be used to profile home users. Centralized transportation systems can also be at risk, as the San Francisco Municipal Transportation Agency was when it was hit with a ransomware attack in 2016. Smart sewage systems could be hacked to release wastewater into bodies of freshwater, poisoning local resources. Then there’s Dallas, with more than 150 tornado sirens blaring in the middle of the night. The list goes on.
While city planners, smart city experts, and related organizations and constituents continue to struggle with security, these complex systems continue to evolve. The not-for-profit global initiative for securing smart cities has a good head start with guidelines and complex analyses of developing threats and solutions. But many experts say that more work in this area of smart city development is needed, with solutions that may include Computer Emergency Response Teams (CERT), more standardized Static Application Security Testing (SAST), and perhaps a regulatory body to ensure that only well-secured cities are able to invest in these technologies.