How to Secure a Smart City
Daniel Norman is a Senior Solutions Analyst at the Information Security Forum (ISF).
The Middle Eastern region has seen significant public and private investment, especially across urban areas since the mid 1980’s. One just has to compare the skylines of Dubai or Abu Dhabi in the 1980’s to see the differences between the small fishing towns of yesteryear to the global trade and tourism hubs we see today. However, with cities continuously expanding, denser populations, worsening traffic and dwindling energy resources, governments across Saudi Arabia, The UAE, Kuwait and Qatar have sought additional investment in technological solutions to support this growth and improve the lives of millions – this solution is known as the ‘smart city.’ Smart cities promise much for organisations and citizens alike, but unfortunately present significant risks…
A smart city combines a connected nexus of smart technologies, infrastructure and sensors across private and public environments, leveraging, analysing and managing data in real-time to support citizens, promote sustainability and improve the quality of life for all.
All industry verticals across power generation, agriculture, transportation, tourism and emergency services may be impacted by the development of smart cities through the use of dispersed IoT devices, edge computing and cloud services. Local authorities will likely become significantly dependent on data analytics for waste management, electricity, water and gas. Citizens will also depend on smart cities for real-time activated traffic light systems reducing congestion, to connected cars communicating with charging docks for availability, to smart phones becoming digital credentials instantly, the opportunities are endless. Across Saudi Arabia the four ambitious giga-projects: NEOM, Amaala, Qiddaya and Red Sea Projects involve multi-billion Dollar contracts. In Abu Dhabi, the Masdar City and Zayed Smart City projects are all leveraging IoT devices to upgrade the city’s infrastructure.
With millions of devices and applications ripe for the picking, smart cities will become an attractive target for cyber attackers. Individuals and organisations will face operational, financial and even environmental threats. The interconnected ecosystem of devices and objects constantly sharing data will inevitably bring unwanted attention from nation states aiming to disrupt entire cities to individual hackers desiring access to personal data. For example, at a nation state-level espionage and sabotage may become a significant threat once again. Nation states may aim to spy on and steal information from sensors and internet-connected devices from individuals or even corporations. Moreover, if critical public services like water, electricity and even transport systems become targeted this could have direct impacts on trade and the welfare of millions.
At an individual hacker or hacking-group level, opportunistic attackers will become far more successful; with millions of devices requiring constant updates and patches, the likelihood of compromise at a device or even system level will increase, thus potentially exposing personal data of millions. Organisations involved in these types of breaches may face significant regulatory penalties in the form of fines.