Industry wary of Smart City security

The security industry is watching the growth of smart cities with increasing suspicion. Their gripe? How to defend them.

Smart cities will mean metropolises run and managed by computers
Smart cities will mean metropolises run and managed by computers

A new survey from TripWire has revealed the fears of IT professionals about smart cities. In fact, 98 percent of IT professionals think smart cities are at risk of cyber-attack.

Carried out in June, the study surveyed more than 200 IT professionals working in governments, both locally and on a state level.

Smart city initiatives are being employed all over the world to make large cities function more effectively, drawing services such as transportation, policing and waste management into one streamlined thought process. On paper, they will revolutionise the way the metropolises of the not too distant future are run. The survey respondents were slightly more skeptical.

Although Gubi Singh, chief operating officer at Redscan, did not participate in the survey, he gave SCMagazineUK.com some insight into that suspicion: “While increased monitoring and surveillance of our cities will help to improve the quality of public services, the more interconnected our cities become the greater the attack surface for hackers to cause chaos.”

“Cyber-criminals could cut off water and energy supplies, disrupt transport networks, even interfere with policing. Governments will need to be committed to spending huge sums of money to implement the security controls needed to defend vast city networks containing huge amounts of data.”

Chief among the concerns is the vulnerability of electricity grids, which will power the smart cities, and presumably render all those services the smart city enables, useless if effectively attacked. A quarter believed transportation to take that top spot.

Certainly, attacks on critical infrastructure have been not only widely feared, but seen. Late last year, The BlackEnergy APT group shut down the power to hundreds of thousands of Ukrainian citizens in the dead of winter. 

Taking smart cities into account, connecting these individually vulnerable pieces of infrastructure, presumably broads that attack surface massively. Mark James, security specialist at ESET told SC that, “I think the general idea of interconnecting technologies to run and manage smart cities is a very worrying prospect. For it to work, systems will need to integrate closely with each other, some even having direct control on others' actions. This if breached or compromised could have very serious consequences.”

The advance of technologies like this is often not met with the suspicion it should be, added James: “Very often in these instances the processes are all thrashed out for the best possible outcome and near perfect scenario painting a lovely flowery picture of how it would make everything super interconnected and working in unison.”

Those surveyed are not merely skeptical of advancement either; 74 percent said they believed smart city initiatives to be ‘very important'. Yet 55 percent added that their cities do not devote adequate resources to securing those cities.

Why might this be? Opinion splits here. Many believe that politics gets in the way. Over half think that budgets just don't measure up to the demands of securing smart cities. Others cite the simple fact that the cyber-risks of smart cities are just not yet fully understood.

This security ignorance doesn't just extend to what the risks might be once smart city initiatives have been put in place but what they are even before work has started.

Javvad Malik, security advocate at AlienVault told SC, that the main reason people believe there are vulnerabilities, “is that we haven't had any evidence that any IoT or smart infrastructure has had security requirements considered from the outset. This includes not only baking in security into the design up front, but also having a robust mechanism through which security patches can be applied going forward.”

Sign up to our newsletters