David Emm, principal security researcher at Kaspersky Lab, explores how ready the cybersecurity world is for protecting smart cities
The world is becoming ever more connected with each passing day, and while smart devices within smart homes are now an accepted and ingrained part of society, the idea of smart cities remains a somewhat maverick concept full of potential perils which require extensive contingency plans – but they are inevitable. In fact, spend on smart cities currently stands around £81 billion. However, in the not so distant future we will live in cities and societies that are totally connected to the internet, with entire infrastructures dependent on remaining connected.
But, while it may be possible to maintain smart connectivity, there will always be the cyber risks to take into account, too. Cybercriminals will look to exploit the vulnerabilities smart cities possess and with entire populations, government departments and huge businesses the potential victims, the stakes are now much higher – as are the financial rewards. Large office blocks and public sector buildings, motorways and road networks can all be brought to a standstill.
The issue with smart cities
Cybersecurity will have to extend far past personal, or internal corporate networks, to encompass far ranging technological protection for vast city networks, achieved through extensive testing and research and development. Cybersecurity experts will certainly have their work cut out to devise software solutions that protect potentially millions of people at once, as well as countless networks all connected to one another.
Currently, many devices operate together in homes, offices and public spaces yet there is no one cybersecurity standard that these devices must function to, or be tested against, before being available for public use. Without a security standard for connected infrastructure, we are feeling our way into the future while at the same time enabling huge capabilities, which is surely a recipe for disaster. This must be addressed as soon as possible. We are increasingly dealing with connected versions of devices that have existed for a long time, and as a consequence, digital security is not very often incorporated into their designs. For example, take CCTV cameras. Designed at a time before these cybersecurity risks were even imaginable, their models and serial numbers are still printed on the side of the camera. These may seem like basic flaws, but it is where we are currently at. This basic information would allow a hacker to purchase another unit to find a vulnerability within the product line, and explore how to access the camera’s data, and how to alter it, or even take control of all the other CCTV cameras of the same model.
Governments the world over have to set cybersecurity regulations, including how security is designed and maintained in connected devices that will circulate throughout buildings, from smart lighting to networked door systems.
For organisations tasked with implementing smart technology in residential, commercial and public spaces, plans on how to do so will have to be part of the design and planning stage – including how human operators securely implement and maintain these smart spaces. It is integral that all connected aspects of smart cities are operating at the exact same standards, that have all undergone extensive planning and designing.
More awareness and training will be needed
It is not just the networks and devices that will need extensive reviewing to ensure they are more secure than ever, but people working and living alongside them everyday will most definitely need more awareness too. This is because more and more data will forever be shared, and the value of it is only going to rocket.
Individual error and falling foul to phishing attacks which trick people into clicking harmful links or inadvertently installing dangerous software, is still a major problem our society faces – phishing attacks remain a very successful tactic for cybercriminals. Last year, it was estimated that around 65,000 small businesses were the subject of cyberattacks in the UK. Many of these attacks were successful because of a lack of knowledge of employees on how to spot what is a hacking attempt, and so follow their instructions.
It is the responsibility of governments and cybersecurity firms to ensure that awareness and knowledge is spread on how to defend against cybercriminals, particularly as nearly every aspect of our lives now involves being online or using connected devices.
What else can be done?
As well as spreading awareness and introducing government quality control standards for all devices and networks, it is imperative that regular updates and patches for all devices are automatically available, as this will help iron out any potential windows of entry for hackers. Currently IOT products and devices do not receive automatic updates and can be used to bring down entire networks once breached. This just shows, once again, how integral it is for industry standards to be introduced and enforced.
So, while it remains an attractive and futuristic concept to have truly smart cities and mind-blowing technology at our fingertips, there are many steps to be taken to ensure that it is safe to step into that advanced world. Cybercriminals are licking their lips at the prospect of havoc and financial gain that smart cities present them, and we must not oblige by depending on networks that aren’t safe, and easily hackable.
About the Author
David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and is a member of the company’s Global Research and Analysis Team. He has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon’s Software, and Systems Engineer and Product Manager at McAfee.
Featured image: ©MediaStock