We talk about many things when it comes to smart cities. The Internet of Things, smart sensors, the cloud, and a host of other new technologies from artificial intelligence (AI) to advanced operator visualization techniques have opened huge new opportunities for cities to improve the lives of citizens, increase safety and energy efficiency, and reduce operational expenditures. Smart city cybersecurity, however, is rarely discussed.
Major cybersecurity incidents continue to grab headlines. Many of these incidents affect the IT infrastructure of cities, such as the recent ransomware attack on the City of Atlanta. Many more, however, are affecting the operational technology layer of smart cities and their associated infrastructure, such as the 2015 cyber-attack on the Ukrainian power grid system. This does not mean that IT-related attacks don’t affect operational technologies. The ransomware attack on Atlanta crippled government desktop computers and resulted in the shutdown or at least disruption of essential city services from law enforcement to utilities.
Today’s smart cities are really patchworks of old and new systems, each with their own cybersecurity concerns. Older systems like ICS (industrial control systems) and SCADA (supervisory control and data acquisition) systems for things like power, gas, and water distribution systems exist alongside new, IoT-based systems for smart lighting, transportation management, access control, and more.
The number of vendors and products in the rapidly emerging smart cities space is staggering, and the relative levels of inherent cybersecurity in these products and systems vary widely. Most smart cities fail to adequately address the role of cybersecurity in these new products and systems. Relevant standards and product registrations/certifications for cybersecurity in the smart city sector are only now beginning to emerge.
From an organizational standpoint, many cities seem ill prepared to respond to major cyberattacks. City and municipal governments tend to focus on the information technology (IT) world and have less experience managing the increasingly digital world of operational-related technologies. The utilities, which have become major investors in smart cities in the past couple of years, are more adept at the operational technology (OT) side of the equation. Both groups have their own challenges when it comes to managing the convergence of the IT and OT realms.
Smart City Cybersecurity Not Unsolvable
Cybersecurity for smart cities is not an unsolvable problem. Many cities and municipalities can take incremental steps to improve their cybersecurity organization, bridge the gap between IT and OT domains, and implement selection criteria to ensure better cybersecurity. Vendors and service providers are also greatly expanding their offerings, making it possible for cities to outsource certain aspects of the cybersecurity plan that cannot be performed in-house.
Table of Contents
- Executive Overview
- Smart Cities Have a Cybersecurity Problem
- Future of Cyber-attacks on Smart Cities and Critical Infrastructure
- Relevant Certifications and Standards