What will it take to keep smart cities safe?

“Smart cities” use smart technologies in their critical infrastructure sectors: energy, transportation, environment, communications, and government.

This includes smart systems for energy management, parking management systems, public transportation information coordination, transportation sharing, traffic management, air quality monitoring, waste management, e-government, connectivity, and so on.

Smart cities are the future

Currently, over half of the world’s population resides in urban areas, and by 2050, that percentage is expected to rise to 66%. This influx will create considerable social, economic, and environmental challenges for those tasked with making these cities thrive – challenges that can successfully addressed through the implementation and secure running of smart city technologies.

This reality makes it inevitable for most (if not all) cities to become “smart.” It’s also inevitable that there will be attackers who will want to take advantage of this situation.

“Malicious individuals may consider smart cities as playgrounds they can test their hacking skills on. They may toy with available technologies for personal satisfaction,” Trend Micro researchers pointed out.

“For cybercriminals, the interconnectedness of devices and systems in a smart city can be a means to steal money and data from citizens and local enterprises. State-sponsored actors can also abuse the pervasiveness of smart city technologies to launch their own espionage or hacktivist campaigns. In very extreme cases, smart implementations may even be exploited for acts of terror.”

Advice for developering secure smart cities

According to the researchers, the security of a smart city depends on two key factors: the limitations of the technologies used and how they are implemented.

The former factor includes limitations in computing power, which make things like encryption a challenge, and the fact that software gets outdated. The latter covers poor implementation, poor configuration, poor firmware updating.

“To guide smart city developers, we came up with a quick 10-step cybersecurity checklist they can refer to when implementing smart technologies,” the researchers offered.

They advise them to:

• Perform quality inspection and penetration testing of smart technology (often, and with the help of independent contractors)
• Prioritize security in service-level agreements for all vendors and service providers (noncompliance to specified conditions should lead to penalties)
• Establish a municipal computer emergency response team (CERT) or computer security incident response team (CSIRT)
• Ensure the consistency and security of software updates (regular updates, encrypted and digitally signed)
• Plan around the life cycle of smart infrastructure (think about what to do when infrastructure becomes obsolete or requires maintenace)
• Process data with privacy in mind (anonymized data, access to which is restricted to few, and a clear information-sharing plan)
• Encrypt, authenticate, and regulate public communication channels (strong cryptography and authentication mechanisms)
• Always allow manual override
• Design a fault-tolerant system (reduced performance instead of failure)
• Ensure the continuity of basic services (think about alternative systems)

In the report they’ve also included an overview of the current situation and future plans regarding the implementation of smart tech in several cities around the world, like Yokohama, Singapore, Rotterdam and Jaipur.