# IoT Security
# Smart City
Securing Smart Cities
The buzz around smart cities is undeniable. Even though definitions of what, exactly, a smart city is can be hard to pin down, more and more authorities around the world are jumping on the smart city bandwagon in an effort to improve the cost-efficiency and liveability of their city.
The Benefits of Smart Cities
Smart cities can certainly bring a lot of benefits, both to their residents in improved quality of life and public services and to authorities in reduced costs and increased efficiency.
Smart technology can tell you when your bus will arrive, design better traffic flow, save energy and money by dimming streetlights when the streets are empty, monitor air pollution, and schedule garbage pickups more efficiently.
Smart technology can also be used to make a city more accessible. From extra time to navigate a pedestrian crossing to custom-designed routing planners for people with sensory impairments, smart cities can improve people’s lives and their experience of the city.
There are many potential benefits of smart cities. Unfortunately, these potential gains come with some scary risks.
Smart Cities are a Target for Hackers
Thanks to the huge volumes of data generated and its importance, the data lake residing at the heart of smart cities is a prize catch for hackers. Once a breach has occurred, data can be extracted and back doors left open for subsequent attacks.
Scarily, breaches may not be detected for years after they have occurred, allowing the attackers to lie on the network extracting valuable private data. A breach of this kind could grant a hacker access to millions of people’s personal data.
For hackers whose intention is not stealing data but causing disruption, the infrastructure which controls a smart city is a tempting target. Once breached it can be used to control the city and potentially to spark mass panic by triggering weather warning systems or cause traffic chaos by manipulating the traffic control system. An attack at this level could have disastrous and far-reaching consequences.
What Happens if Smart Cities Go Wrong
The more parts of a city you connect to a network and the more you rely on it for important, everyday functions, the worse the consequences will be if something fails.
While it might be frustrating if your smart speakers won’t connect or if a virus infects your smart fridge, imagine the consequences if a smart city’s whole network was paralyzed by an attack.
We may shortly see cities where public transport, traffic controls, emergency services, garbage collection, public utilities, and many more elements are all monitored or controlled remotely to some degree. That makes the security of that network vital.
Unfortunately, many smart city devices do not come equipped with sufficient security measures. IBM X-Force Red and Threatcare uncovered 17 zero-day vulnerabilities in sensors and controls which are used in smart cities around the world, eight of which are critical in severity.
They discovered a variety of vulnerabilities but the most common were public default passwords, authentication bypass, and SQL injection. Smart cities will face a variety of security challenges but some will be more prevalent (and more preventable) than others.
Smart Cities Security Issue 1 – People
It’s a sad fact that too often it’s not the tech to blame for security breaches but careless or insufficiently trained employees.
Smart city infrastructure may be particularly vulnerable as many people working in urban planning and city administration often lack sufficient security training. Hiring IoT professionals with sufficient security skills is costly and often more expensive than city budgets can afford.
Successful infiltration attacks in all sectors are often the result of simple human error. According to Verizon’s 2019 Data Breach Investigations Report, spear-fishing attacks on C-suite executives have risen hugely. They are up to 12 times more likely to be the target of breaches than in the past.
Poor password protocol and a lack of good security practices also contribute to an insecure system and cannot be mitigated by technological improvements. The answer is thorough best-practice security training which is frequently refreshed.
Smart Cities Security Issue 2 – Multiple Endpoints
An endpoint is a physical computing device that performs a function as a part of a connected solution. It could be a traffic-light control, a water-level control on a dam, or a sensor that alerts a central system when it detects high levels of air pollution.
A smart city will have thousands, possibly tens of thousands, of endpoints. This makes them especially vulnerable to attack as managing security on so many endpoints can be complicated and costly.
Unfortunately, these devices also often suffer from the same security issues as many other IoT devices: poor password protocol, a lack of two-factor authentication, no firewall and an inability to accept software patches or upgrades.
Even if the IoT devices could support sufficient security it would be complex and costly to secure thousands or tens of thousands of them. By securing the network you can more easily scale an IoT deployment. This is vital in a smart city, where the possibilities to add more elements to the network are virtually endless.
Smart Cities Security Issue 3 – People, Again
One of the security issues that city leaders must tackle before connecting their crucial infrastructure is a lack of clear oversight. Who is responsible for ensuring that the IoT smart city applications which are purchased have adequate security? Who is responsible for updating them? Even if a software patch is released and an IoT device is capable of accepting the update, someone needs to apply it. What happens when a new city administration is voted in after a few years?
Cities, and the bureaucratic organizations that oversee them, are hugely complicated. It’s vital that careful management of smart city infrastructure does not get overlooked.
Cities which want to take advantage of the benefits of connected devices would be wise to set up a department dedicated to this area and to staff it with competent and experienced security professionals. It may seem like an expensive outlay but it is peanuts compared to the cost of a security breach.
There are a wealth of benefits to be gained from smart cities, including reduced costs, improved accessibility, and a more pleasant, liveable city. However, as with all IoT deployments, security must be planned in from the start.
It is crucial that we heed the warning signs that have already begun to sound. Securing a smart city must never be an afterthought.