Smart cities have the potential to reshape the lives of urban residents, and the businesses and workers that make modern urban economies go. However, a recent report from security vendor Trend Micro also makes clear that there are significant cybersecurity risks associated with the booming technology.
As cities increasingly implement Internet of Things technology, urban businesses are counting on smart city technology to improve efficiencies across their operations. Yet the report “Securing Smart Cities” also makes plain that the very connectedness that defines smart cities and modern, networked societies also leaves those companies vulnerable to an array of malicious actors.
This means that businesses that rely on a critical smart city infrastructure can have their operations disrupted and see their customers and physical locations harmed if those critical connected utilities are attacked.
How Businesses Take Advantage of Smart Cities
According to a Bank of America Merrill Lynch report released in March, the global smart cities market could grow to as much as $1.6 trillion by 2020, compared with $1 trillion today.
Generally, the report notes, a city is considered “smart” if it has “a networked infrastructure that is used to improve economic and political efficiency and enable social, cultural, and urban development.” Smart cities also put a great deal of emphasis on “business-led urban development and focus on social inclusion of various urban residents in public services.”
These forward-thinking cities also understand “the crucial role of high-tech and creative industries in long-term urban growth, accord profound attention on the role of social and relational capital in urban development,” and “emphasize social and environmental sustainability.”
Infrastructure is connected to wireless sensors that monitor and regulate consumption and performance. The data produced from such sensors can then be stored, processed and analyzed — in either the cloud or an on-premises server — to make operations more efficient.
Businesses that are located in smart cities take advantage of several technologies to boost efficiency, the report notes.
They can use smart energy meters and smart electrical grids to more efficiently monitor and use electricity, saving the business money on its utility bill.
Smart transportation or mobility solutions also help businesses, both directly and indirectly. The report notes that they address “issues in traffic management like congestion, pollution, and insufficient fuel supply. In highly dense cities, these issues have to do not only with too many private vehicles, but also with the design of commuter bus lines, metro systems, taxis, and shared vehicles.”
Smart transportation networks that use sensors to monitor and redirect traffic patterns can ease congestion and provide more efficient flows of traffic through intersections — and thus allow more customers to reach businesses. Sensors in parking spots can be connected to mobile apps that efficiently allocate the spots, bringing in more traffic to urban neighborhoods.
Los Angeles, for example, has embraced smart parking meters to help the city reduce parking woes as well as lower prices in less busy areas of town to boost foot traffic and increase patronage to local businesses.
Businesses also benefit from the robust wired and wireless network connectivity that supports connected infrastructure via a strong internet backbone and stable bandwidth. Public Wi-Fi and enhanced cellular connectivity can help residents discover businesses and use their apps and services, as well as make purchases from those companies.
The Challenges of Securing Smart Cities
Attackers would set their sights on smart cities for a number of reasons, the report notes.
“Malicious individuals may consider smart cities as playgrounds they can test their hacking skills on. They may toy with available technologies for personal satisfaction,” the report says.
The interconnectedness of devices and systems in a smart city could allow cybercriminals to steal money and data from citizens and local enterprises, Trend Micro notes.
“State-sponsored actors can also abuse the pervasiveness of smart city technologies to launch their own espionage or hacktivist campaigns,” the report says. “In very extreme cases, smart implementations may even be exploited for acts of terror.”
Typically, malicious actors would start by using publicly available firmware, codes and apps, and then perform a “static analysis of devices and systems and see what vulnerabilities can be exploited.” Then, they would scan “exposed systems and devices within the smart city so they can identify their targets or points of entry.” Next, attackers would “gather any relevant information such as access credentials via phishing, data mining, and other means.” Leveraging this information, hackers can manipulate codes and processes, infect systems with malware, brick devices and launch other kinds of attacks.
Hackers, could, for example, launch ransomware attacks on energy management systems, or steal energy and cause instability in the city’s power supply, affecting critical functions, Trend Micro says. A business without electricity can’t run for long — certainly not without backup power. Such a threat highlights the need to back up critical data in the cloud or in off-premises systems.
Moreover, attacks on smart transportations system could cause accidents, strand workers or customers and block access to certain parts of a city, cutting off any business there.
Hackers could also target smart utilities and cause wastewater systems to overflow, for example, flooding businesses and streets.
How to Guard Against Cyberattacks
While the maintenance of critical infrastructure is largely up to city governments (in conjunction with state and federal authorities), businesses should be aware of the vulnerabilities to the infrastructure they rely on.
Trend Micro provides a 10-step checklist for smart city planners to go through as they secure connected infrastructure:
- Perform quality inspection and penetration testing
- Prioritize security in service-level agreements for all vendors and service providers
- Establish a municipal computer emergency response team or computer security incident response team
- Ensure the consistency and security of software updates
- Plan around the lifecycle of smart infrastructure
- Process data with privacy in mind
- Encrypt, authenticate and regulate public communication channels
- Always allow manual override
- Design a fault-tolerant system
- Ensure the continuity of basic services