As the smart cities mission gathers momentum, one cannot help but imagine that they will turn into growth engines in the near future. A whole new eco-system is coming together to facilitate their evolution, with the country’s technological prowess also getting a boost. One area where we need more work, however, is cybersecurity. As smart city projects take off and grow, security challenges will rise proportionately and so should strategies and tactics deployed to deal with them.
Complexities that need consideration
From smart energy to smart infrastructure, a network of people, devices, access points and interfaces creates vulnerabilities. Any chink in the armor, even something as downstream as smart street light, can lead to the whole data chain getting infected.
Where are the threats coming from
When it comes to cyberattacks on smart cities, they can be subdivided into man-in-the-middle, data and identity theft, device high-jacking, Denial of Service(DoS) and Distributed Denial of Service (DDoS). In all these cases, the hacker or hacker groups might target data, disruption or attacks on third-parties.
During a DoS attack, a network resource may be rendered unavailable by flooding it with fake requests. In case of a DDoS, multiple smart city entities may be used to attack single or multiple sources to overwhelm the system. Smart parking meters, lighting, traffic signals and other connected end-points could also fall prey to permanent Denial of Service attacks (PDoS) — damaging a device so badly that it requires replacement or reinstallation. Connected vehicles could also serve as an entry point for vectors. For instance, an infected connected vehicle coming onboard through another city could carry that vector and infect others it comes into contact with.
Dealing with consequences
Malicious actors could work to cause large scale disruption including power outage, grid shutdown, even disrupt emergency services or law enforcement communications.Every attack on a smart city could lead to loss of capital, revenue potential, legal liabilities or even deaths. If the hacker takes down a traffic management system during peak hour, it could result in loss of manhours and unnecessary fuel consumption. A medium sized breach affecting about 100,000 devices could cost upwards of $1 million to fix, and this is just a conservative estimate.
While loss of revenue and investment opportunities may be compensated in the short term, loss of credibility cannot be fixed that easily.
Building a robust infrastructure
A multi-pronged approach is needed to secure endpoints, underlying network infrastructure and cloud architecture. By deploying multiple layers of security, threats could be contained. Cities can also boost threat intelligence by installing sensors that monitor and automatically respond.
The command and control facility needs to be secured by deploying systems monitoring inbound and outbound data traffic. A security operations center should also be deployed to constantly monitor functioning at all levels of data flow. Essential steps such as firmware updates need to be done on a regular basis. And finally, secure decommissioning of devices should prevent their repurposing for attacks. To conclude, when it comes to protecting a smart city, a series of small steps done in a coordinated manner with complete attention and involvement of stakeholders at all levels can go a long way.