More and more municipalities are pursuing smart city initiatives, for example, to better manage resources, optimize citizen services, and improve the quality of life. However, the security risks also increase due to the necessary collection of corresponding data, their networking, and processing. NTT Ltd., a global technology services provider, identifies the top five threats to smart cities.
The smart city, i.e., the networked intelligent city, is one of the trending topics par excellence. The prerequisite is comprehensive digital networking encompassing a wide variety of areas: from traffic infrastructure and control to energy supply and health care. With innovative city initiatives, municipalities can realize cost savings, efficiency improvements, and service optimization for citizens. However, data collection and networking are also inevitably associated with increasing cyber risks. NTT lists the top five threats and provides tips for improving security.
Vulnerabilities In Sensors And IoT Devices
Simple sensors, Internet-of-Things devices (IoT), and operational technology systems (OT) as elementary data sources of the smart city often do not offer default security. As a result, security problems primarily exist in availability, data integrity, and confidentiality, i.e., device failure, the use of incorrect data, or unauthorized access to personal information. To minimize these dangers, all devices used must be classified as insecure, and »Secure-by-Design« approaches must be applied, i.e., the potential risks must be considered as early as the planning phase, and the proper security measures must be taken on this basis.
Unencrypted Communication Between Sensors Or Devices And Control Systems
Networking in the smart city is based on communication between central control systems and individual devices and between the devices themselves. Since security is not necessarily integral to the devices and methods used, contact should be encrypted. A secure network and protected infrastructure should be used for these systems.
Waiver Of Risk Analysis In Advance
It is widely believed that in imaginative city scenarios, it is sufficient to monitor and combat cyber threats, but efficient preparation is even more critical. The following questions, in particular, must be clarified in advance: What needs to be secured? What is critical? What answers are there for each identified risk?
No Physical Protection For Sensors And Devices In Public Spaces
Physical security can scarcely be carried out openly for sensors and gadgets, i.e., it can’t be resolved who, when, and how gets to these gadgets. Consequently, measures for logical security must be taken. This includes implementing a robust authentication mechanism, encrypting communications to and from these devices, and implementing a secure network for these devices in public spaces.
Insufficient Cooperation And Coordination Between The Companies And Authorities Involved
A lack of coordination between smart city project stakeholders often leads to companies violating regulations or not making the right decisions when problems arise. In IT, project collaboration is primarily based on governance strategies and defined rules. Such governance must also be implemented in the OT and IoT areas. That means, on the one hand, security guidelines must be determined that also cover legal aspects. On the other hand, a process must also be defined to ensure that these guidelines are applied entirely and consistently.
IoT and OT frameworks as a feature of the brilliant city have weaknesses that open up various roads of assault for programmers. The challenges from a security point of view are complex and growing simply because of the high number of endpoints and sensors. Since the outcome of Smart City drives generally relies upon the acknowledgment of the populace, which must be accomplished with a high degree of information insurance, particularly of their information, and a high degree of information security, sufficient safety efforts should be given the most noteworthy need project from the start. The following security measures are fundamentally indispensable in the smart city context:
- Inventory of all IoT and OT environments and devices
- Conducting security risk assessments for all intelligent city core components
- Conception and application of security guidelines for innovative city environments
- Getting correspondence among IoT and OT gadgets and the associated IT frameworks
- Securing and monitoring maintenance access
- Carrying out regular penetration tests.