Cybersecurity critical for smart cities

From household appliances to civic infrastructure, cities are getting connected, securing their vast networks of smart, internet-enabled devices is a rising priority.

This article was originally published as part of the PlaceTech Q2 TRENDS report – download here

Where connected devices such as smart speakers or lights may be vulnerable to hacks that afford attackers access to a home network, connected infrastructure such as buildings, motorways, and traffic lights could potentially be hacked to bring companies or cities to a standstill.

Cybersecurity will extend far past personal or corporate networks to encompass technological solutions to protect city networks, and more than ever, behavioural training will be critical for people around digital systems, whether in their home or the workplace.

The security issues with smart cities

A fast-growing amount of data is being created by people and buildings, which is valuable to cyber criminals and organised hacker networks.

Many connected devices must operate together in homes, offices and public spaces, yet there is no one standard for how these devices must operate – nor be secured.

“Without a security standard for connected infrastructure, we’re feeling our way at the same time as enabling huge capabilities, which can be dangerous,” says David Emm, principal security researcher at Kaspersky Lab.

Training will be crucial

As people, corporations and cities generate more data than ever, human behaviour may become the weakest link in digital networks.

Security researcher David Emm warns of the dangers of “feeling our way at the same time as enabling huge capabilities”

“We’re increasingly dealing with connected versions of devices that have existed for a long time, so digital security is often not baked into their designs,” says Emm. Take a connected CCTV camera, designed so that its make and model is printed on the side. This basic information would allow a hacker to purchase the same unit to find a vulnerability that could allow access to the camera’s data – whether to view or alter it.

Smart buildings and corporate servers alike will be equally vulnerable to human error, with inadvertently downloaded malware or infected USB drives having the potential to breach these digital fortresses. Last year, 72% of reported data breaches at a company resulted from staff opening a scam email – and only 20% of those surveyed had received cybersecurity training.

Smart cities will need cybersecurity standards

Software updates are one way to patch vulnerabilities that hackers might exploit, but most connected appliances, also known as Internet of Things devices, do not receive automatic updates – and consumers often don’t imagine that the office air-con can be used to hack the power grid.

Yet unsecured IoT devices have been hijacked to be used en masse – called a botnet attack – to freeze large parts of the internet and could potentially take down any city systems that are hosted online.

“A major issue is that connected devices operate in something of a universal bubble,” says James Wood, cyber solutions managing consultant at CNS Group. Once online, a security flaw in one device can compromise another, better-secured device in its network. Other industries have strict legal standards to follow – in technology, these standards need to be developed,” Wood says.

Governments will have to set cybersecurity regulations, including how security is designed and maintained in the connected devices that will proliferate throughout future buildings, from smart lighting to networked door systems.

For organisations tasked with implementing smart technology in residential, commercial and public spaces, digital security must be part of the design and planning stage – including how human operators securely implement and maintain these smart spaces.

Illumio provides micro-segmentation of servers for security

Companies to watch

Illumio – American security startup whose software prevents the spread of data breaches bysegmenting a company’s server

Panaseer – British startup offering an automated inventory monitor that identifies and fixes ‘poor cyber hygiene’ in a company’s systems, reducing the likelihood of human error