Alongside the growth of urban areas and technological advances comes the rise of smart cities and, with them, new security and privacy risks for leaders and citizens alike, writes Merritt Maxim.
According to UN projections, 68pc of the world’s population will live in urban areas by 2050. As cities grow, municipal governments are investing in infrastructure and applications to improve operations and services for constituents, and the overall urban experience.
Composed as part of the internet of things (IoT), smart cities aiming to optimise operations present new security and privacy risks to city leaders and citizens alike.
In April 2019, ransomware infected the servers for the city of Stuart, Florida, and brought down email, payroll and other vital functions. This cyberattack ultimately cost the city more than $600,000 in ransom fees.
Furthermore, a recent study conducted by McMaster University found that 88pc of people are concerned about their privacy in the smart city context.
As the pace of smart city implementation accelerates, cities are struggling to prevent, identify and respond to cyberattacks and privacy risks because of five key reasons.
1. City planners and developers aren’t prioritising security
Anyone can go on Shodan.io – a search engine for internet-connected devices – and find thousands of unprotected devices connected to a city’s internet.
2. Decentralised smart city initiatives undermine a centralised and consistent security approach
Without a centralised security approach, any initiative that leaves a gap in security policy or control in a smart city implementation increases this risk.
3. Security teams fail to address physical threats to connected systems
The long distances inherent in power transmission systems, pipelines and utilities leave remote locations exposed.
4. Cities are overwhelmed with high volumes of new data being collected
Security teams are just starting to gain maturity in the IT environment for data inventory, classification and flow mapping. In operational technology, they’re even further behind.
5. Security teams are not prepared to combat data integrity attacks
They lack the ability to prove that the data and algorithms that city functions rely on for decision-making haven’t been tampered with.
Merritt Maxim is a vice-president and research director at Forrester, serving security and risk professionals. Maxim’s research builds on 20 years of experience helping security leaders at global enterprises derive optimal business value from their identity and access management initiatives.
Forrester’s report, Making Smart Cities Safe And Secure, reviews the security implications of smart cities and offers guidance on how security and risk professionals can address and overcome potential challenges in an expanding threat surface.
A version of this article originally appeared on the Forrester blog.