Smart cities are under cyber threat
With cybercriminals showing a willingness to exploit any vulnerability they can find, smart cities will likely see a growing number of exploits until authorities give cybersecurity the priority it deserves.
The concept of smart cities has been around for over a decade now, and for much of that time, it has been one that has struggled to really take hold. Indeed, a report from the Institution of Engineering and Technology a few years ago illustrated how the public didn't really get what all the fuss was about.
As such, it was perhaps no great surprise when research from the University of Reading showed that cities largely lacked any kind of proper plan or strategy for how to become "smarter". Follow-up analysis, from McKinsey, found a mixed bag in terms of the progress that was being made.
Investment in smart cities is continuing to grow at a considerable pace, however, and is predicted to reach $158 billion by 2022, up from $124 billion in 2020. This growth is being driven by the rise in urbanization, with projections that 65% of the world's population will live in cities by 2040.
The OECD argues that such changes require cities to better utilize technology to ensure citizens can function effectively. Indeed, they suggest that in the European Union alone, digitization of services has seen operating costs fall by up to 85%. It's perhaps no surprise that banking giant Barclays estimates that $20 trillion could be generated in economic benefits from the adoption of smart city technologies.
The Smart City Index, from the Institute for Management Development (IMD), shows some of the progress that’s being made, but also the divergence between those at the forefront of the movement and those cities that are lagging behind. This has been all too evident during the Covid-19 crisis, in which the effective use of technology has been so important.
As well as a general divide in terms of the effectiveness of smart city deployments, however, there is also likely to be significant divergence in terms of the cybersecurity of smart city projects. That’s the stark warning in The Economist’s Safe Cities Index, which highlights the importance of security as cities have become more digital.
“Digital security is now an even higher priority as more work and commerce have moved online; those responsible for infrastructure safety have to adjust to dramatic changes in travel patterns and where residents consume utilities; agencies responsible for personal
security need to address a large, lockdown driven shift in crime patterns; and the priority that urban residents and officials assigned to environmental security has risen markedly as covid-19 serves as a stark warning of unexpected crises,” the report says.
A central problem for smart cities is that there is seldom anyone whose primary responsibility is the cybersecurity of the entire city.
The authors argue that when responsibility for security is dissipated across numerous departments, it usually means that any overall cybersecurity strategy is both disconnected and disjointed. This has obvious implications in terms of securing the various smart city projects underway but also has significant implications in terms of effective responses to any attacks. As the authors highlight, it is rare for any one individual to have the power to shut down the entire system in the event of an attack.
The Covid period has seen a growing number of attacks on key infrastructure, with governments spending millions to repair systems and restore stolen data. Despite this growing threat, the report highlights how barely half of the American cities included had any kind of dedicated budget for cybersecurity in their wider smart city infrastructure.
Among the cities with no dedicated cybersecurity resources are Dallas, Chicago, and Washington DC.
Indeed, even among those cities where cybersecurity spending does exist, the report reveals that the investment is likely to be insufficient to provide either robust protection or effective recovery from an attack.
This lackadaisical approach to security could have severe consequences, not least due to the growing number of digital devices in smart city networks and therefore the growing number of potential targets for attackers to exploit. This is increasingly an issue that is affecting infrastructure that would not ordinarily have been thought of as digital, such as utility networks.
Securing meaningful and coordinated responses is often extremely difficult, however, due to the disparate number of agencies involved, their different strategies and capabilities, and, of course, the huge variety of different technologies deployed. With cybercriminals showing a clear and understandable willingness to exploit any vulnerability they can find, this is highly likely to be an area that will see a growing number of exploits until authorities give cybersecurity the priority it deserves.