| || ||Satyamoorthy Kabilan |
National Security and Strategic Foresight
From major data breaches and phishing to distributed denial-of-service (DDoS) attacks and ransomware, cyber security issues have continued to hit the headlines on a regular basis in 2016. The pace of adoption of new, networked technologies is increasing, potentially creating a whole host of new vulnerabilities. This means it is unlikely that we will see a slowdown in cyber security issues any time soon. One area where connected technologies and data collection have been growing rapidly is in smart, connected cities.
There are many ways to define a smart city, but essentially a smart city is a vision by urban developers to securely manage a city's assets by combining multiple information and communication technology (ICT) and Internet of Things (IoT) solutions. While this definition mentions the need for a smart city to work securely, discussions with a number of organizations and municipalities involved in smart-city-related projects, as well as some recent literature, suggest that security is not always top-of-mind in the rush to deploy new technologies. There are two key areas of concern from a cyber security perspective when it comes to smart cities:
Data security and privacy
From smart meters to intelligent transportation infrastructure and sensors in our surroundings, the smart city of the future is likely to be capturing a lot of data—about us as individuals, as well as our surroundings. These data may reside within, and be utilized by, a multitude of organizations in the pursuit of better services, efficiency, and other smart-city goals. It is likely that the sheer volume of data gathered and used will continue to rise exponentially as new technologies are integrated into smart cities and novel uses are found for the data that are gathered. This means that there will be a lot of data, including personal information about individuals and their habits, being gathered, stored, and used in a smart city—making smart cities a very inviting and potentially lucrative target for hackers. The volume of data and the potential insights the data offer could amplify the impact of any breach suffered by the system. If we are not building the appropriate security into the data-gathering and -processing systems of our evolving smart cities, are we simply creating a ticking time bomb for data and privacy loss with potentially very large implications?
The Dyn DDoS attack on October 21, 2016, demonstrated the challenge that unsecured IoT devices can create. In this case, a range of unsecured IoT devices was used to create a massive botnet that resulted in the largest DDoS attack seen to date globally. Smart cities will be reliant on IoT devices, from sensors to a range of smart devices, and will likely have some of the highest and fastest-growing concentrations of IoT devices. Much like the issue with data and privacy, cities could be an attractive potential target for hackers wanting to create massive botnets. In addition to this, the proliferation of IoT devices means there are more end points that connect into your system that need to be secured—potentially adding to the overall vulnerability of your system. If we rely on IoT devices that are not fully secured, are we creating more vulnerabilities in our overall system and the potential for massive botnet development?
We need to ensure that the enormous volume of data that will be gathered and used by smart cities does not turn into a potentially catastrophic data breach scenario. At the same time, we need to ensure that smart cities' reliance on IoT devices does not create additional vulnerabilities, from unsecured access points into the system to the creation of massive botnets. Giving the appropriate attention to cyber security while pursuing the benefits offered by a smart city today will reduce the risk of paying an exorbitant cost for these benefits tomorrow.
- Get the latest insights on cyber security and smart cities at our conference in Ottawa on February 27 and 28, 2017.