In our previous post about smart cities, we briefly discussed the vulnerabilities existing in current software that could pose threats to a city's infrastructure and cause a nuisance to public services. While many cities are advancing into the "Smart City" territory successfully, this new, untested software is posing not only a nuisance to public services, but an outright threat to public safety as attacks on city systems grow more malicious. So how vulnerable is your city to a cyberattack? Sure, cyberattacks on any IT system are difficult, but when aimed at a city they become incredibly dangerous. Because of a growing reliance on IT systems to manage smart grids, transportation, wastewater management, surveillance, and more, misuse of this software can result in actual loss of life if control is placed in the wrong hands. According to the US-based cybersecurity firm Tripwire, 78% of state and local goverment IT professionals agreed that a cyberattack on a smart city is highly likely. So what services could be disrupted?
Security researchers have tested city infrastructure in numerous locations, and all have found it alarmingly simple to gain access to ATMs, power grids, traffic lights, and even private homes and smart vehicles. And since cities are divided into public and private organizations, this makes it much more difficult to defend against an attack with a unified and consistent approach. During December 2015, Ukraine experienced a cyber attack that left 225,000 people without power, allegedly carried out by a Russian hacking group. The first of its kind, this type of attack demonstrated to officials that a group willing to take control of a power grid in exchange for ransom could easily do so. Monitoring the access of a system this massive should be a priority for any city, and designing a stringent access control system on the power grid's network will add an extra layer of protection from outsiders.
Surveillance cameras and edge devices are also opening the door of opportunity for cyber criminals. Cameras have clearly become a necessity for security in public areas, and they remain one of the most reliable methods for identifying criminals as the technology becomes more and more advanced. However, IP surveillance cameras connected to company IT networks can pose a risk, allowing a cyber criminal the chance to plug directly into the camera and attempt to access your network. Making sure cameras are inaccessible and tamper-proof, and using an intrusion detection system equipped with motion and sound sensors, will prevent a hack and alert the authorities immediately if an intruder is near the camera. And as we trade the hardwired cameras of yesterday for wireless connections, take the necessary steps to secure the surveillance data in your cloud.
So what other steps can a smart city take to prevent a cyber attack? More cities are looking into cyber defense organizations for training, operational support, and consulting services for defending against an attack. Cyber security organizations can create action plans, help cities make informed decisions based on data, monitor progress and simplify compliance and risk management. Similar to preparation for earthquakes, hurricanes, and other natural disasters, cities are also developing emergency management plans in which citizens are provided with alternative resources and education on how to carry on through a disruption in services.
Stay tuned for our next blog in this series for a discussion on how smart cities prepare for and manage natural disasters while maintaining security and safety among citizens.