Smart cities are redefining the way we live and work. Blending cutting edge IoT technologies with virtualization, big data, cloud and more, they represent an urgent and ongoing attempt to overcome the challenges associated with rapid urbanization. There’s just one problem. These vast, interconnected technology systems also raise serious privacy and security concerns.
That’s why Trend Micro has produced a new article for smart city stakeholders investigating exactly where these concerns lie. As the pace of tech development and adoption continues to accelerate, it’s vital that we take a step back to consider where the key threats originate.
A trillion-dollar market
The smart city is a difficult concept to pin down because there’s no typical project. The fundamental aim is to improve quality of life for citizens, reduce the strain on local government finances and promote sustainability through advanced, connected systems. For example, smart water systems in Singapore use sensors to continually track the pressure, flow and quality of water in the network. This not only helps the Public Utilities Board predict and minimize pipe bursts, but also helps end users monitor and conserve their own usage.
Considering the benefits, it’s no surprise that governments all over the world are sinking billions into these projects. In fact, some estimates claim the smart city market will reach a staggering $1.5 trillion by 2020.
But as with any major IT system – or in this case, “system of systems” – there are security and privacy challenges. As the attacks on Ukrainian power stations over the past couple of years have shown us, suspected nation-states have both the skills and motive to launch attacks on the critical infrastructure of enemies. Financially motivated cybercriminals will look to hold the operators of such systems for ransom by hacking and remotely controlling key elements. And there are even opportunities for hacktivists to publicize their cause by instigating chaos and disruption in urban areas.
The convergence of IT, ICS, IIOT in smart cities, now more than ever, demands real-time metrics for billing, as well as remote access for support, which are done through the Internet. Unprotected and vulnerable systems connected to the Internet represent the single biggest risk to smart cities. Just to highlight the issue, a 2-year study completed using Shodan the search engine, Project SHINE (Shodan Intelligence Extraction) surveyed 2.2 million Internet facing assets and documented 586,997 ICS devices, 13,475 HVAC (Heating, Ventilation, Air Conditioning) and building automation systems.
That’s not to mention the potential privacy issues that arise when user data is collected up in massive quantities to be used by third parties. The end goal might be to improve service levels and the end user experience, but without prior consent owner operators will face actions from the FTC and not to mention where applicable the stiff fines with the implementation of GDPR in 2018.
The bottom line is that as we come increasingly to rely on smart city systems, any outages could have a potentially severe impact on the quality of our lives.
Here are a few examples from the paper of where things can go wrong:
It’s vital that we incorporate security and privacy-by-design into these systems as they’re developed. The cost of bolting on security after the event is always significantly higher, and the end result less effective. But we must also be aware of the scale of the task. Smart cities represent a large and complex attack surface, where vulnerabilities in cloud servers, mobile app ecosystems, data transfers and more could all have serious repercussions for end users and smart city providers.
Click here to find out more about the security and privacy implications of smart cities.