Making smart cities with cybersecurity the core of every smart city project
A Smart city has become yet another buzzword recently with rating agencies actually running world rankings for the smartest cities globally. If you’ve not heard the term before, I assure you that you are going to be hearing it a lot soon. The idea behind smart cities is to leverage the power of technology using things like data sensors, analytics, IoT, ICT, etc. to improve governance, citizen services, and the quality of citizen lives.
If you’ve been in any big city in the world, especially in Asia where I am originally from, chances are that you’ll always hear complaints about congested highways, crowded or poor public transport, and pollution. Over the years, a lot of these large cities have seen rapid growth and urbanization, way beyond what government bodies estimated. It is things like this that are pushing governments to start looking at technology to solve the problems with their cities.
Why Security has to be the core of Smart Cities
The challenge with smart city projects is that while the hyper connectivity opens up great opportunities, it also exposes numerous entry points to cyber criminals with malicious intent. These projects are often so large that they contain way too much public and private information to inflict major damage if a breach occurs. If you want to know what could happen then every sci-fi movie that you’ve seen showed some situation that could happen. Vital services are always at risk like energy, transportation, communication systems, environmental systems, etc.
If this seems far-fetched, let’s make ourselves aware of some real incidents. In April this year, the city of Dallas had a tough time sleeping. The city’s hurricane warning system went off around midnight causing 156 sirens to blare through the city, together. And this kept happening for 15 times, each lasting 90 seconds. If you thought this was a glitch, then this New York Times report will tell you that there was no hurricane coming. Rather, the alarms were triggered by a hacker who penetrated the system. Nothing seriously damaging happened, but it’s a real-life example of possibilities.
There are have been more such real-life incidents being reported - like the case in Ukraine’s Kiev city where hackers gained control of electricity substations and put 20% of the city in darkness affecting 225,000 Ukrainians. And while we are talking about technology how can we leave out Silicon Valley! Last November, a ransomware attack caused damage to the San Francisco Municipal Transportation Agency. Singapore, often touted as the financial capital of Asia, had more than 700 public security webcams hacked and surveillance videos leaked online displaying interiors of apartments, offices, parking lots, and more.
In short, there are a bunch of things that could go wrong with smart cities if security isn’t top most priority:
- Damage to smart power grids
- Damaging and derailing intelligent transport systems
- Damaging smart healthcare initiatives
- Causing environmental disturbances by disturbing water systems
What Can Be Done to Make Smart Cities Secure Cities?
Dumb security can actually cripple the whole city. It won’t even be close to being as smart as what we’d envisioned. Anybody who has worked in cybersecurity would agree that there is no such thing as complete security. Cyber attacks and breaches cannot be avoided entirely but they can be tackled very well. In order to build smart cities that are truly smart and secure, governments need to take care of a few things:
- Security by design
Before jumping in and implementing technology-based solutions to civic problems, it is essential to take a few steps back and ensure security is deep-rooted in the vision of the smart city. It will be totally worth to spend the time and effort applying security principles right at the design stage rather than compensating for an incident with the tax payer’s money. Security cannot be considered an afterthought especially when you are talking about designing smart cities.
- Proactive attitude and mindset
One of the key things to understand, acknowledge and believe in is the fact that security has to be proactive and not reactive. Most of the world’s biggest companies still have a reactive approach to cybersecurity. It is human tendency to believe that nothing terrible will happen to you. And spending on security seems like spending on insurance. When thinking about extremely large public systems and data, you have no other option than to be proactive.
- Security is not a cost
With over a million cyber attacks happening every day in the world, every government will need the most comprehensive systems and infrastructure to prevent disruptions and losses. Keeping that in mind, security cannot be looked at as a cost but rather as an investment, insurance rather! Many companies that have a proactive attitude towards security can vouch for the fact that they save millions every year by reducing their threat exposure and strengthening their security systems.
- Public and private partnerships
This is fairly obvious and at the same time extremely crucial. Bringing in all the stakeholders to work together on this is the only way to come up with comprehensive designs and applications. Universities, private corporations and the government can achieve a lot of success if they team up.
- Rapid action and replacement
Like I said before, there’s nothing called 100% secure. Keeping that in mind, it is important to create an action plan in case of a breach. We should rather call it a rapid action plan because timing and accuracy are both critical during a breach. Intelligent threat detection and monitoring systems can help create a leverage against possible attacks while an action plan defines well on what each stakeholder should do in the case of a breach. The idea here is to minimize losses and damages.
Secure Cities are Smart Cities
Cyber attacks and breaches simply cannot be avoided fully. Instead of trying to achieve what is mostly impossible, we need to focus our efforts and attention on smart investment in infrastructure and training to improve our resilience to outside attacks.
It is also extremely important to educate citizens about how they can play their part to ensure security for their personal identities and data. If everyone does their part, this challenge will not be difficult to deal with.
Governments, private corporations, universities, and citizens need to work together to better understand and resolve real-world problems that arise with smart city projects. A clear understanding of the risk landscape that exists today and what it would be tomorrow will go a long way in ensuring we are well prepared for the worst-case scenario.
The rise of smart cities is just catching pace but it is something inevitable. Before we suddenly reach a stage where cities transform into IoT controlled environments, governments need to have a comprehensive cybersecurity strategy in place. Something that can predict and withstand malicious attacks on any front. It might seem difficult but it is doable with the right mindset and the right attitude.