Mitigating cybersecurity risks in tomorrow's smart cities

This post was originally published on Sustainability Matters

As global cities embrace the potential of ‘smart’ technology, from optimised traffic management to advanced energy grids, the allure of a more efficient, sustainable and digitally connected urban landscape is becoming a reality.

However, with these advancements come significant cybersecurity challenges that cities must address to ensure the promise of innovation is not overshadowed by the risk of threats. To build the resilient, sustainable cities of tomorrow, cybersecurity must be integrated as a core principle in every step of development.

The evolution of smart cities

Smart cities represent a groundbreaking shift in urban planning and management. These cities integrate advanced technologies like the Internet of Things (IoT), artificial intelligence (AI), and 5G networks to improve city services such as traffic management, waste collection, energy distribution and emergency response.

Countries like Singapore, South Korea and Germany are leading the way, investing billions in smart city technologies. China, as part of its ‘Made in China 2025’ initiative, has outlined an ambitious Smart Cities Development Plan to modernise its urban infrastructure.

Yet, as investment increases, so does the risk. The interconnected nature of smart cities presents an attractive target for cybercriminals, with critical infrastructure systems — such as energy, health care and transportation — vulnerable to cyber attacks that could ripple across the urban landscape.

Key cyberthreats facing smart cities

The list of cybersecurity threats faced by smart cities is diverse. Some have the potential to cause significant disruption to services and cause damage and loss for residents. Some of the most significant include:

• Ransomware attacks on critical infrastructure:

Ransomware attacks on city systems are escalating as cybercriminals capitalise on the growing digital footprint of urban infrastructure. Municipalities worldwide have experienced system lockdowns, where attackers demand ransom payments to restore access to critical services.

• Public safety system attacks:

Emergency systems, video surveillance and gunshot detection technologies are indispensable for public safety in smart cities. Unfortunately, these systems are prime targets for cyber attacks.

A survey conducted by UC Berkeley’s Centre for Long-Term Cybersecurity¹ highlighted emergency alert systems as particularly vulnerable within smart city infrastructure. An attack on these systems could result in widespread panic or delayed response to genuine emergencies.

• Data breaches and privacy concerns:

Smart cities collect vast amounts of data on their citizens, from travel patterns to health details. The widespread use of sensors and IoT devices makes these data pools tempting targets for hackers. A successful breach could lead to identity theft, financial fraud and diminished trust in public institutions.

• Water supply and sanitation threats:

Attacks targeting water supply systems are a stark reminder of the vulnerabilities within smart city infrastructure. In 2021, hackers attempted to poison the water supply in Oldsmar, Florida, by altering chemical treatment levels. Although thwarted, the incident underscored the dangers posed to critical infrastructure by cyberthreats.

Cyberthreats transcend borders

The interconnected nature of smart cities amplifies the potential impact of cyber attacks, extending beyond individual municipalities. A breach in one city could have cascading effects on neighbouring regions and even disrupt international systems.

For example, a successful attack on a city’s energy grid could affect hospitals, schools and essential services over a wide area. A breach in transportation infrastructure could delay shipments, disrupting global supply chains.

Beyond financial losses, a successful cyber attack can also erode public trust in digital infrastructure, potentially slowing the adoption of smart city technologies that are essential for achieving sustainability goals.

Preparing for tomorrow’s cybersecurity threats

Building resilient smart cities requires comprehensive cybersecurity measures that address vulnerabilities across infrastructure, data and citizen engagement. Key strategies include:

1. Adopting a ‘secure-by-design’ approach:

Cities should embrace a secure-by-design strategy, ensuring cybersecurity is integrated from the earliest stages of technology deployment. This involves rigorous risk assessments and the use of encryption, multi-factor authentication and regular software updates.

2. Cross-sector collaboration:

Protecting smart cities from cyberthreats requires collaboration between government, private sector and technology providers. By sharing threat intelligence and co-ordinating on cybersecurity protocols, public and private entities can respond swiftly to cyber incidents.

3. Investing in cybersecurity talent:

As demand for cybersecurity experts rises, cities must invest in developing a skilled workforce. Governments, educational institutions and businesses should collaborate to create training programs that equip professionals with the skills needed to protect smart city infrastructures.

4. Citizen awareness and cyber hygiene:

Engaging citizens in cybersecurity efforts is crucial for creating a safe digital environment. Public awareness campaigns can teach residents about recognising phishing attempts, securing their devices and reporting suspicious activities. Empowering citizens to practice good cyber hygiene strengthens a city’s overall security.

Building resilient smart cities

The potential of smart cities is vast, offering enhanced quality of life, greater efficiency and sustainable urban living. However, without addressing cybersecurity risks, these benefits could be undermined by significant threats.

By prioritising cybersecurity as a fundamental component of smart city development, cities worldwide can build resilient infrastructures that protect citizens, sustain public trust, and lay the groundwork for a safer, more connected future.

Les Williamson is Regional Director Australia and New Zealand at Check Point Software Technologies, a cybersecurity platform provider of AI-powered, cloud delivered solutions. He has more than three decades of sales and leadership experience in the IT industry, having previously been Head of the AWS Telecommunications Business Unit for Asia Pacific and Japan as well as Vice President for ANZ at Citrix. In addition, he worked for Cisco Systems for more than 10 years in a variety of roles, including as Vice President Asia Pacific.

^{1. https://cltc.berkeley.edu/wp-content/uploads/2021/03/Smart_City_Cybersecurity.pdf}

Top image credit: iStock.com/gremlin