Cybersecurity Challenges Affecting Smart Cities
Securing Smart Cities: Tackling Cybersecurity Challenges
Cybersecurity challenges in smart cities are an everyday reality—a reality that deepens and becomes more complicated with every technological advancement.
In 2018, a ransomware attack demanding $51,000 in Bitcoin ransom forced the city of Atlanta to shut down its municipal courts. That same year, multiple Alaskan local and state government organizations were hit by similar cyberattacks. While some paid the ransom, cities like Mat-Su (Matanuska-Susitna) chose to spend millions of dollars on cleaning up and rebuilding their systems instead.
These are just a few instances of cyberattacks that brought smart cities to their knees.
Let’s take a closer look at different kinds of cybersecurity challenges that smart cities face and ways to avoid them by safeguarding security data.
Smart cities are also called digital cities, intelligent cities, and wired cities. These names depend on the individual goals of the cities and their technological framework.
Digital cities have superior interconnection and information sharing. Ubiquitous cities, or U-cities, aim to connect citizens to any service through a smart device. Knowledge cities aim to increase their skilled workforce and so, focus their technology on developing the knowledge economy.
All smart cities are built on a mix of ICT (Information and Communication Technology), AI/ML (Artificial Intelligence/Machine Learning), Cloud computing, IoT (Internet of Things), and other technologies.
This technological construct, notably the number of uncontrolled and unmonitored connected devices in the IOT, is what makes smart cities vulnerable to hackers and cyberattacks.
With 26 billion devices already connected, cyberattack threats such as ransomware, data breaches, and identity theft are increasing with each new device connection. With the exponential growth that the global smart city market is showing, investing in cutting-edge solutions minimizes vulnerabilities and protects financial resources from being drained due to ransom or breach compensation.
Data theft is one of the most critical cybersecurity challenges for a smart city. Depending on their objectives, smart cities collect massive amounts of data, including traffic flow, waste management, and even facial recognition.
This personal data is a treasure trove for cybercriminals who use it for identity theft, cyber threats, ransomware, device hijacking, and exploiting vulnerabilities.
Using Seagate’s data storage technology, including upcoming heat-assisted magnetic recording (HAMR), enables enterprises and municipalities to securely store massive amounts of cold data without outgrowing the physical space needed to house the devices.
A 2021 estimate from IDC projected there would be 55.7 billion IoT devices generating almost 80 zettabytes (ZB) of data by 2025. With millions of devices operating within a smart city infrastructure, device hijacking tempts cybercriminals.
For instance, by hijacking a smart meter, hackers can steal electricity and gain access to other connected devices and the larger network. Because device hijacking doesn’t affect functionality, end-users may not even recognize when a device has been compromised.
To proactively plan against unwanted attacks, it’s important to assess both cloud and physical infrastructure for vulnerabilities and obsolescence.
Advanced ransomware protection cannot rely on software alone. Organizations must also consider how the physical infrastructure of cold backup devices can be utilized instead of attempting to unencrypt or paying hefty ransoms.
Cyberattacks can cause irrevocable data loss from weak endpoint security and intrusion points. Often, these attacks occur due to misconfigured firewalls, weak internal passwords, stolen credentials, and hacking through IoT.
Data breaches, on the other hand, refer to data theft during a cyberattack. Social engineering is a popular tactic for data breaches, involving extracting information from someone trusted through way of conversation.
Maintaining data privacy is a critical piece of cybersecurity for smart cities. Organizations providing the technology are responsible for protecting privacy and meeting compliance standards per local and national laws.
Citizens have already voiced concerns about data collection and its ethical implications because it’s not uncommon for data to be sold or improperly stored.
Offering transparency about how data is used and communicating vulnerabilities can help foster trust. By providing citizens a clear view of their data and controlling its usage, their concerns can be quelled.
Ensuring efficiency in space and energy consumption is also a crucial piece in the selection process. Data Storage Solutions can help consolidate computing resources and enable scalability at a competitive price. Similarly, smart cities must invest in suitable technologies that balance flexibility and scalability with the need for data security and compliance.
Vendors must also meet the city’s standard for data privacy. While data is meant to improve citizen lives, it can also cause tedious issues when it falls into the wrong hands.
For instance, connecting CCTV devices across the city and using facial recognition can help identify criminals. However, hackers can also use the same connectivity for extortion and abuse.
Before scaling strategies and technological frameworks, smart cities need protocols which scan for and identify vulnerabilities, further communicating with customers and stakeholders if their data was potentially compromised, even momentarily.
Running a denial-of-service attack to test the IT department is one way to gauge their response to attacks in a mock setting. It can highlight how quickly administrators notice that something unusual is happening. For example, they might be slow to monitor system performance, or the existing network defences could be holding the attack off.
If a sustained DoS attack keeps users from accessing the system or significantly impairs performance, they should be able to adjust the firewall or switch to a failover system.
Conducting mock cyberattacks help identify gaps in the readiness of your systems. Each run helps improve your cybersecurity framework to make it as strong as possible.
To build a robust smart city infrastructure, it is necessary to educate all stakeholders about cybersecurity, including its citizens.
Involving citizens in the making of smart cities is one way to spread awareness. The Vancouver Greenest City 2020 Action Plan is a living example of when over 35,000 people participated in the development of Vancouver’s smart city initiatives, including the residents.
A method that tests citizens for cyberattacks is a fake phishing email. Citizens should be alert of phishing attempts, recognizing possible consequences of opening random attachments or following links from dubious messages out of ignorance.
A mock phishing email can include an attachment or link that alerts the testing team when it's opened. For example, a phishing test can include a link that goes to a mock login page. This allows you to see how many people click the link but also who inserts their credentials.
Once you have the data, conducting awareness campaigns can help prevent future phishing attempts.
Seagate Exos X Series hard drives are the most scalable drives in the datasphere which integrate the latest technology to support a secure and reliable cloud data center.
To learn more about protecting data better in a smart city with Exos X, talk to an expert at Seagate today!