The future of the world’s population is urban. In 2050 about two-thirds of the people will live in urban areas – especially in Asia and Africa ; urbanization is accelerating rapidly. In plain language, this means that an additional 2.5 billion people are expected to live in our cities over the next three decades. In addition to the procurement of the necessary living space, critical infrastructures and urban services lead to significant challenges.
Technology can build a crucial bridge here and create better, safer, and more efficient cities. In supply, transportation, traffic, waste management, pollution, sustainable living, safety, health care, and governance, smart cities are emerging in response to the ever-growing urban agglomerations.
Innovative city initiatives are real game-changers. Heating from renewable sources in Yokohama, digitized waste management systems in Barcelona, intelligent parking solutions in Canberra, real-time monitoring of public transport in Groningen, or a decentralized air quality network in Nijmegen name just a few examples.
Interconnectivity Is A Two-Sided Sword
Smart cities are based on numerous networked sensors and Internet of Things (IoT) devices. These are networked via the Internet and cloud computing architectures and control internal and external systems. In addition, personal and trustworthy data is transmitted via insecure channels – the end devices are often not patched and do not support data encryption. This interconnectivity that keeps an intelligent city running also creates substantial risks in terms of cybersecurity. Every access point increases the vulnerability to compromising sensitive data – and digital attacks have already begun.
In 2018, for example, a ransomware cyberattack hit Atlanta . The attack paralyzed numerous devices for five days, hampered law enforcement and business licenses, and even halted operations at the most important airport in the United States. Ransomware attacks also destroyed a large part of the servers in Baltimore and in the same year caused the 911 emergency call center to be shut down, causing damage of 18 million US dollars.
These attacks aren’t just affecting cities in the United States. For example, the road system in Dublin was affected by a ransomware attack, as were the air traffic control and rail ticketing systems in Stockholm. In addition, the power supply in Johannesburg and Hyderabad was disturbed after a ransomware attack. In addition to ransomware, cybercriminals use numerous other techniques, including remote attacks and signal disruption, and known measures as malware, data manipulation, and distributed denial-of-service attacks. Cybercriminals’ digital arsenals come from the deep web, and their weapons are fully automated and enable attacks that can be carried out around the clock, seven days a week.
Easy Targets Or Avoidable Crimes?
Cities are easy targets for cybercriminals because they often lag in technology, and the underlying technology – which supports the critical infrastructure of cities – is out of date at best. The technological acceleration that is transforming existing cities into smarter cities is adding to the complexity. Smart cities are not built in one go but evolve. Since technologies are often used that are initially experimental, in many cases, the beta versions remain in use for the long term, which also increases the likelihood of breakdowns.
Cities currently generate 70 percent of the global gross domestic product. Cybercriminals who find a way to break through the defense of a smart city have a good chance of getting rich financially. For this reason, smart cities have to be “secure by design” and not just be docked after the systems have already been set up. Plans should be based on solid, intuitive, and automated security protocols and guidelines from the start. It is important to involve citizens in every phase because this way, they learn more quickly to comply with data protection requirements.
The Convergence Of Old And New Defines Cyber Risk
Several factors influence the security risk of the ecosystem of a smart city. The convergence of cyber and operating systems places devices and sensors at the “edge” – these, in turn, can become entry points for cybercriminals. Harmless devices such as energy-saving, automatic lighting, or energy meters quickly become potential entry points. As soon as these are hacked and infected with malware, they open other networked devices and cause cascading damage to the entire infrastructure.
Due to the necessary interoperability between legacy systems and new digital technologies. Without consistent security policies and procedures to govern the operational framework, they expose the entire ecosystem to hidden security loopholes. This challenge is exacerbated by the lack of generally recognized standards for the functionality of IoT-capable devices at the “edge.” So basically, interoperability affects security.
Another influencing factor is the integration and networking of various services and departments within a smart city ecosystem. The services and departments often work independently in silos, and the combination of services and system integration, networking, and data exchange creates common weak points. A problem in one service area can quickly infect other sites.
Integrated Frameworks And Comprehensive Governance Models
Addressing cybersecurity threats caused by convergence, interoperability, and connectivity requires a cyber risk framework. Such frameworks must provide cities with management principles to integrate the industry-wide cybersecurity standards into the draft and ensure that the requirements for confidentiality, integrity, and availability are met. The frameworks should also include legal and regulatory requirements that assess the impact of cyber risk on all parties in the ecosystem, services, infrastructure, and processes. This framework must be developed and integrated into all planning, drafting, implementation, and transformation drafts and must align with the broader Smart City strategy.
IoT end devices and networks are protected against attacks through device authentication, patching, data encryption, and security monitoring. Establishing secure channels and a secure chain of trust between the networked devices is crucial. And physical security measures that protect IoT devices from unauthorized access and cyber-attacks should not be neglected.
Smart cities also require a comprehensive, formal governance model that defines the roles and responsibilities for each critical component in the ecosystem. The model underpins the continuous alignment of politics, legislation, and technology concerning the right balance between data protection, transparency, and utility.
Ultimately, smart cities have to expand their network and, for example, connect with the city administration of other smart cities and science, the private sector, and start-ups to represent their interests and advance the smart city. Even if their immense potential is still there, effective management of the associated cyber risks is crucial to realize the promise of the Smart City.