In commemorating World Cities Day, the focus must shift to implementing effective cybersecurity measures designed to protect infrastructure from increasing targeted attacks, especially as smart cities become a reality rather than a pipe dream. Such attacks not only have a financial impact, but they also endanger the lives of citizens. Given that the adoption rate of Internet of Things (IoT) technology in smart cities across the META region is 71%, according to Kaspersky research, and rapidly increasing, compromises in these implementations can have potentially disastrous consequences.
Ransomware attacks on various government services are now one of the most common threats. Furthermore, smart cities are vulnerable to attacks on network equipment and items, such as CCTV cameras, to which attackers have access. Websites and applications linked to IoT are also vulnerable. Targeted attacks on infrastructure are also serious incidents.
IoT is a critical component of enabling smart cities, with applications ranging from energy and water management to smart lighting, alarm systems, and video surveillance. As a result, efforts to protect the environment should include everyone in the smart city ecosystem, from equipment manufacturers and software developers to service providers and businesses that implement and use these solutions.
“Unfortunately, many IoT devices have little or no protection at the software and infrastructure levels. They are often unsupported and have no updates from the vendor. Implementing IoT solutions on top of existing legacy systems, which were once standalone and unconnected, will also create vulnerable targets for cyberattacks,” says Bethwel Opil, Enterprise Client Lead at Kaspersky.
To respond to these IoT security challenges and assist companies and government departments that require specific cybersecurity protection, various levels of activity must emerge. Fortunately, there is a push to standardize the development and deployment of IoT platforms in order to make them more reliable and secure by design.
“Effectively, smart cities can only be successful when all the stakeholders across specialist IT, business, government, and private sector work effectively together. No single service provider, government department, or private sector business can try and do everything to deliver the environment for a smart city to succeed. For example, from a security perspective, Kaspersky contributes to this process by designing and developing components, including IoT gateways and other solutions based on the principles of cyber immunity,” adds Opil.
This cyber immunity approach aims to develop solutions that are virtually impossible to compromise and reduce the number of potential vulnerabilities. For smart cities, this means safeguarding systems for buildings and public services, such as those that allow public administration managers to control water and heat consumption – and much more.
A hospital was linked to a smart city system during one of Kaspersky’s pilot projects so that a utility could securely receive and analyze reliable data. The hospital was able to detect abuse thanks to this project: a neighborhood organization illegally connected to the pipeline and used the water for its own purposes, while the hospital paid the bills.
A smart city is a cyber-physical system, meaning both physical safety and digital security are essential for the smooth operation of city services.
Cybersecurity practices for smart cities should include basic measures, such as encryption and strict password policies, vulnerability management, network segmentation and a Zero Trust model, as well as firewalls and dedicated protection for any cloud infrastructures that the smart city’s systems and applications are connected to. On top of this, dedicated IoT security solutions, such as security gateways, need to be in place to connect IoT devices with business applications while ensuring the security of the communications and data transferring through them. In organisations where the IT infrastructure is connected to smart city objects and systems, endpoint and network protection with the ability to detect and respond to diverse threats should be used.
The Kaspersky IoT Secure Gateway 1000 is the company’s most recent cyber immune product for organizations embracing digital transformation, assisting them in accelerating business value from new streams of industrial data. The gateway connects IoT devices and controllers to business applications and cloud platforms in a secure manner.
“The harmonious fusion of the digital and physical worlds in a smart city can significantly improve citizens’ quality of life, increase the efficiency of urban utilities and strengthen the position of cities in the global digital economy, making them attractive to investors and contributing to dynamic growth. However, cybersecurity measures must be considered every step of the way if such cities of the future are to flourish,” concludes Opil.
For smart cities, there are a number of best practices to consider when it comes to protecting their IoT environment: