Attacks/Breaches

6/14/2017
10:30 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How Smart Cities Can Minimize the Threat of Cyberattacks

As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.

In the not-so-distant future, smart cities will weave the Internet of Things (IoT) and interconnected devices into existing technology infrastructure to bring entire communities online. Singapore, for example, recently launched its Smart Nation program, deploying citywide sensors and monitors to collect data on everyday living. Using an online platform dubbed Virtual Singapore, the city-state plans to use the information to improve livability and enhance government services.

But like all things digital, smart city networks have the potential to be breached by malevolent intruders. In Ukraine, hackers targeted a power grid and took an entire city's substations offline, leaving thousands of residents without power. Cybercriminals can also disrupt emergency response systems. In Texas, hackers triggered all of Dallas' emergency sirens, eventually prompting government officials to shut down the city's security system.

Bringing cities online invites a new type of threat that most government agencies are unprepared for. From traffic lights to power grids, smart cities are full of entry points that could fall victim to hackers' exploits. As cities design their digital future, government agencies need to prioritize cybersecurity protocols to mitigate attacks that have the potential to cripple entire communities.

Smart Cities Must Strengthen Security Protocols
As the number of IoT devices grows, security sits atop the list of government policy concerns. But today, only one in three governing bodies says they are prepared to manage IoT security. While 12% of government respondents believe they have the resources to respond to cybercrimes, 47% say they are only well-equipped in some areas and ill-equipped in others. Some cities, such as Dallas, discover the hard way that they lack the skills needed to protect their residents in the wake of crises.

Check out the all-star panels at the 'Understanding Cyber Attackers & Cyber Threats' event June 21 and get an in-depth look at your cyber adversaries. Click here to register. 

Part of the security challenge stems from a shortage of dedicated professionals. Although the majority of states have developed some type of cybersecurity response plan, 83% of government agencies say only 1% to 2% of their IT departments are security experts. The absence of dedicated security professionals is a problem for state CIOs, who struggle to keep up with evolving cybersecurity best practices. Government agencies should strongly consider offering certification or supplemental training courses to prime their in-house security teams for the challenge of protecting smart cities.

In addition to the knowledge gap, some cities are hamstrung by reliance on outdated technology used to manage industrial systems. Several years ago, Iranian hackers were able to infiltrate a water dam near New York City when city officials connected its control system to poorly protected office computer networks. Public sector groups attempting to digitize their city operations with aging infrastructure create security risks that that can easily be penetrated online. Governing bodies need to modernize each IT component within a smart city's ecosystem to keep hackers from accessing essential services.

Security Starts with a Resilient Infrastructure
As the number of IoT-connected devices swells and cyberattacks become more complex, municipalities, counties, and states considering smart solutions need to rethink their security approach.

Protection begins with building a resilient infrastructure. Before moving essential services online, a robust response protocol and disaster recovery plan for worst-case scenarios must be established. Including additional layers of security can help mitigate the fallout from a cyber attack on one system and ensure associated services continue to function. Steps like incorporating end-to-end encryption, using blockchain technology, or deploying decentralized applications are also strategies to consider using when securing essential municipal services.

Government leaders and urban planners should also consider utilizing artificial intelligence tools to help detect anomalies in city networks and accelerate government response times during a hack. Unlike human security workers, machines can process huge volumes of data quickly, reducing the time it takes to identify and negate threats. Once security measures are in place, public sector teams should routinely test for loopholes and broken patches that can be fixed immediately before intruders discover them first.

The complexity of the security challenge associated with smart cities may challenge even the most tech-savvy government staff, which may quickly find themselves in unfamiliar territory when it comes to systems integration. Moreover, pilot projects that were manageable with existing internal staff quickly become unmanageable when it's time to expand to full deployment. That's where the technology industry comes in.

Tech firms with expertise in integration, APIs, cloud computing, data, and security are essential to facilitating smart cities' growth. Expect to see concepts such as "smart cities-as-a-service" to gain traction as a means for providing efficient and effective end-to-end solutions. With economies of scale, standardization, and commoditization, smart city technologies will become more accessible and affordable over time. The smart cities-as-a-service approach brings it all together into what many city planners will view as an appealing option. 

Smart cities are quickly becoming a reality that many governments are looking to embrace. But as cities become smarter, they also become more vulnerable. As communities continue to push for digital transformations, governing bodies will need to double down on cybersecurity to keep smart cities, and their residents, safe.

Related Content:

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.