Smart cities essentially depend on a complex network of IoT. As smart city space is expanding, so is the deployment of advanced IoT systems. From your mobile phone to the traffic signal, everything is connected. And everything is constantly sharing data.
However, in the race to install IoT networks for smart city development there is little focus on digital security. The report comes from ABI Research, a global tech market advisory firm.
Smart cities and businesses report frequent cyberattacks. Some of them include hacking of communication systems, manipulating sensor data, holding systems for ransom and personal information theft etc.
We dive deeper into the problem and solution in the context ahead.
IoT Attracts Cybersecurity Threat
Digital14, a UAE-based advisor in digital transformation and cyber resilience warns of the considerable cybersecurity threat induced by IoT. The report is published in the study ‘Smart Cities: the Power, the Risks, the Response. As the government and businesses are increasingly adopting, smart city technologies, the cybersecurity risks are expected to rise.
The study also raises concerns that the attack surface is expanded for all types of cyber adversaries presented by IoT. As per Digital14, smart cities in the UAE and other nations will bring in a huge amount of productivity gains and efficiency. But companies in the UAE operate within highly networked environments. This opens doors to prolific malware that can have grave implications. Or, it may potentially attract cybercriminals.
Across the world, there are approximately 22 billion networked devices. Each of these devices serves as an entry point for malicious actors. Daily used gadgets such as IP camera and digital video recorders are likely to be at the greatest risk.
Furthermore, the study throws light on the increasing IoT attacks in the Gulf Cooperation Council (GCC). For instance, in the UAE alone, over 18% of the public-facing hosts are potentially vulnerable to such attacks.
IoT devices are the weak link in the chain of smart cities. This statement is as per Joshua Knight, executive vice president cyber defence at Digital14. He continues saying that it is crucial for businesses and individual end-users to recognise the potential vulnerability. It is vital for them to take prudent steps to defend their networks and protect themselves from cyberattacks.
In addition, the study proposes six measures for organisations to guard themselves against new and evolving threats. Three of these include:
- Validating IoT devices before deployment
- Monitoring all devices on the IoT network constantly
- Isolating IoT devices from crucial and sensitive networks
Expo Dubai 2020 Cybersecurity
‘Smart Cities: the Power, the Risks, the Response’ study specifically focuses on Expo Dubai 2020. The world-class event is now postponed and will be held from 1 October 2021 to 31 March 2022.
Expo Dubai 2020 is going to be the most interconnected and a technologically sophisticated event of its kind. And hence, it is obvious that it will have cybersecurity challenges similar to those encountered in a smart city environment.
Digital14 is the Official Cyber Security Provider of Expo Dubai 2020. It will be in charge of supervising the cybersecurity of the event’s digital platform. It will also be responsible for providing a safe digital experience to visitors and participants.
COVID-19 Bringing In New Cybersecurity Needs
COVID-19 pandemic has changed how people work. As a result, it is bringing in new requirements for cybersecurity. Businesses across every continent need to adjust the new realities brought about by COVID-19. This holds good even for companies involved in smart city development.
In terms of technology, companies now need to make enormous changes. This involves meeting the requirements emerging due to abruptly locked workspaces. And others like scaling new tools required to connect the workforces now isolated at home.
Thus, the addition of new tools and network systems will bring in challenges related to cybersecurity. To safeguard these efforts it is important for businesses to go beyond the initial tactical approaches to improve underlying security strategies. As per sources, technology will not be the biggest obstacle for organisations.
The challenge is the ability to realise that these short terms disruptions will be here for the long-term. For some organisations, adopting the principles and practices of working remotely is a challenge. Some may strive to stick to a network model that doesn’t reflect the functioning of their cloud and networks.
Going ahead, edge security, cloud security and network security must work synonymously. A security-driven networking strategy combining an entire distributed network into a single, coherent solution is no longer an option. Blending networking, the cloud and security need to be the foundational structure of not only the current circumstances. But it should also consider the innovations of the future.
Organisations can utilise AI for security-driven networking to stimulate efficient and integrated solutions that support remote access. This can also cover across the dynamically distributed networking and cloud environment. This can enable them to maintain the pace of their business.
Going further, this allows teams to focus on high priority challenges like segmentation and authentication. This is with the aim to protect businesses as well as get ready for the 5G opportunities. Other goals include safeguarding ultra-rich media and other smart solutions including smart vehicles, smart buildings and smart cities.
Expert Solution For IoT Cybersecurity
Recently, the National Institute of Standards and Technology organised an IoT-enabled smart cities framework. The focus is to address concerns linked with cybersecurity, data integration and sharing. Based on that, here are some solutions to mitigate cybersecurity risks associated with IoT.
Development of Risk Policy – Organisations and smart cities often pay attention to the benefits of IoT and not risks. Hence, it is imperative to create a policy that covers IoT data privacy and data use to prevent any kind of misuse. Eventually, this helps lead employees and users towards becoming more cyber secure.
Protection of Individual Identities – management of identity is vital across connected systems. Every single device in this system must have different rules and standards for providing access. Some may be stronger than others. By doing this, smart cities can protect their residents’ identity data.
Securing Information at the Source – As soon as a device is plugged in, it starts generating data every second. Hence, before any device goes live, smart city managers must have a clear understanding of the extent of the data collected. And they must also know how the data will be used. This way the connected systems can be better cyber secured and properly encrypted before a device is deployed.
Regulating the Need to Know – Every person in an organisation does not need to know everything in a given system. There must be certain protocols and options for access that create boundaries. At the same time, it must maintain the openness and functionality required for the connected system to stay effective. The protocol takes care of who is using the information ensuring they are authorised to access. This supports the cybersecurity ecosystem.
Implementation of Appropriate Interference – The consequences of cybercrimes are currently unclear. There is a need to update sanctions, fines, prison sentences etc. for rule-breakers in this interconnected world of smart cities.
The concern around cybersecurity mainly revolves around how safely residents can live, work and play in a smart city environment. In the end, this must be the focus. And also how data is collected, shared and used by everyone.