The world is becoming ever more connected with each passing day. While smart devices within smart homes are now an accepted and ingrained part of society, the idea of smart cities remains a somewhat maverick concept, full of potential pitfalls which require extensive contingency plans – which are inevitable, and vital. Spend on smart cities currently stands around £81 billion, and in the not-so-distant-future we will live in cities and societies that are totally connected to the internet, with entire infrastructures dependent on remaining connected.
However, as we extend the reach of technology and connectivity, there will increasingly be cyber-risks to take into account. Cybercriminals will look to exploit the vulnerabilities smart cities possess, and with entire populations, government departments and huge businesses as the potential victims, the stakes are now much higher – as are the financial rewards. Large office blocks and public sector buildings, motorways and road networks could all potentially be brought to a standstill.
The issue with smart cities
Cybersecurity will have to extend far past personal, or internal corporate networks, to encompass far-ranging technological protection for vast city networks, achieved through extensive testing and research and development. Cybersecurity experts will certainly have their work cut out to devise software solutions that protect potentially millions of people at once, as well as countless networks all connected to one another.
Currently, many devices operate together in homes, offices and public spaces, yet there is no one cybersecurity standard that these devices must conform to, or be tested against, before being made available for public use. Without a security standard for connected infrastructure, we are feeling our way into the future while at the same time enabling huge capabilities, which is surely a recipe for disaster. This must be addressed as soon as possible. We are increasingly dealing with connected versions of devices that have existed for a long time, and as a consequence, digital security is not very often incorporated into their designs. For example, consider CCTV cameras. Designed at a time before these cybersecurity risks were even imaginable, their models and serial numbers are typically printed on the side of the camera – allowing cybercriminals to identify them, making the job of finding vulnerabilities in the hardware or software that they can exploit. These may seem like basic flaws, but it is where we are currently at. This basic information would allow a hacker to purchase another unit to find a vulnerability within the product line, and explore how to access the camera’s data, and how to alter it, or even take control of all the other CCTV cameras of the same model.
Initiatives like the Securing Smart Cities programme are extremely important in helping identify the cybersecurity issues that smart cities may face and the possible ways to combat these. The intelligent, digital solutions that are being adopted by organisations across the world need to be protected from cyber-crime in as many ways as possible, which is why, alongside initiatives, laws need to be put in place to secure their safety. Governments the world over must set cybersecurity regulations, including how security is designed and maintained in connected devices that will circulate throughout buildings, from smart lighting to networked door systems.
In 2018, the UK government proposed a Code of Practice for Consumer IoT Security to aide in the development, manufacturing and retail of consumer IoT. The government have taken a clear stance in providing strong security for all smart devices.
For organisations tasked with implementing smart technology in residential, commercial and public spaces, plans on how to do so will have to be part of the design and planning stage – including how human operators securely implement and maintain these smart spaces. It is integral that all connected aspects of smart cities are operating at the exact same standards, that have all undergone extensive planning and designing.
More awareness and training will be needed
It is not just the networks and devices that will need to be designed with security in mind, to ensure they are more secure than ever; the people working and living alongside them everyday will most definitely need more awareness too. This is because more and more data will be shared, and the value of it is only going to rocket.
Individual error and falling foul to phishing attacks which trick people into clicking harmful links or inadvertently installing dangerous software, is still a major problem our society faces – phishing attacks remain a very successful tactic for cybercriminals. Last year, it was estimated that around 65,000 small businesses were the subject of cyberattacks in the UK. Many of these attacks were successful because of a lack of knowledge of employees on how to spot what is a hacking attempt, and so follow their instructions.
It is the responsibility of governments and cybersecurity firms to ensure that awareness and knowledge is spread on how to defend against cybercriminals, particularly as nearly every aspect of our lives now involves being online or using connected devices.
What else can be done?
On top of spreading awareness and implementing government quality control standards for all devices and networks, it is imperative that updates and patches for all devices are regular and automatically available. This will ensure any potential windows of entry for hackers are ironed out. Currently IOT products and devices do not receive automatic updates and can be used to bring down entire networks once breached. This just shows, once again, how integral it is for industry standards to be introduced and enforced.
While it remains an attractive and futuristic concept to have truly smart cities and mind-blowing technology at our fingertips, in actual fact there still are vital steps to be taken to ensure that it is safe to be put out into that advanced world. Cybercriminals are licking their lips at the prospect of havoc and financial gain that smart cities present them, and we must not oblige by depending on networks that aren’t safe, and easily hackable.
By David Emm, principal security researcher, Kaspersky Lab