A Smart City creates a significant number of cybersecurity challenges. Emmanuel Tzingakis, Customer Service Manager Lead at Trend Micro Sub-Saharan Africa, explains the threat landscape and how to keep safe.
Earlier this year, South African President, Cyril Ramaphosa, identified Lanseria as the site where a new Smart City will be developed, reiterating its importance on the Government’s digital agenda. But as the country, and many others around the world, embrace the need for municipalities capable of leveraging ICT to increase operational efficiency and improve service delivery to citizens, a fundamental building block cannot be neglected – that of cybersecurity.
As the name suggests, a Smart City encompasses all aspects of a municipality that includes energy, environment, connectivity and governance managed in a digitally-led manner. At the core of this environment is a myriad of Internet of Things (IoT) sensors that collect data and provide government with insights to manage assets, resources and services better.
This can take any number of implementations all focused on meeting the daily needs of the city’s citizens. New York, for instance, provides gunshot alerts, which do not exist in countries where owning weapons is legal. Boston, meanwhile, puts greater emphasis on improving transportation and reducing CO2 emissions.
However, in South Africa and other developing countries, access to water and energy resources will likely be the initial priorities. City managers and officials are constantly looking to upgrade existing systems, many of which are legacy, with more intelligent technology. Such systems can run in the background, helping to manage and maintain water and energy infrastructures with little human interaction. This boosts efficiency and in theory, helps reduce the chances of long-term outages that result from inclement weather or other critical infrastructure issues.
For all the advantages a Smart City provides, there are also a significant number of related cybersecurity challenges.
Take, for example, the limitations of the form factor of an IoT device and its lack of complexity. Many smart devices are designed to be lightweight with only enough computing power for their functions. This makes encrypting them a challenge. Updating and patching firmware may also prove to be difficult. The resultant lack of security exposes them to new cyberthreats. Hackers can compromise these devices to gather intelligence on government and conduct surveillance attacks through security cameras linked to the network.
Furthermore, these devices pose a significant threat to ransomware and other blackmail attacks that can take data and the devices themselves hostage. In turn, this can manipulate and disrupt operations, and even affect the delivery of public utilities such as electricity and water. A long-term power outage or the inability to access running water could have severe consequences for small and large cities alike, creating panic and potential public health impacts among residents.
Then there is the risk of successful attacks on transportation systems. These can have massive consequences, including accidents and traffic jams that impact service delivery, the movement of freight, and daily commutes.
To mitigate the cybersecurity risks associated to Smart Cities, local Government should follow a similar approach to the way organisations defend themselves. These include regularly employing patches and updates for the entire system, including firmware. Data must also be secured by configuring access according to the principle of least privilege and encrypting communication channels.
A manual override should be allowed so personnel can manage threats without having to rely on a network or Internet connection. Administrators should also ensure that the system can still work without an Internet connection, even if it is just enough to continue basic services.
Building a Smart City from the ground up presents the ideal scenario to ensure its cybersecurity integrates with all aspects of its operations and more traditional cities become smarter over time. This is a given as governments increasingly rely on technology to enhance service delivery. Cybersecurity must form part of that digital journey.