Potential loss of service to malware attacks are raising concerns amongst architects of ‘smart cities’ whose effectiveness depends on maintaining the integrity and control of a broad range of devices.
Fully 74 percent of the 2000 global respondents to ISACA’s 2018 Smart Cities Survey said they were most concerned about ransomware and malware attacks, with 63 percent expressing concern about denial of service (DoS) attacks.
Just 15 percent said that cities were most equipped to deal with those attacks. National governments, named by 55 percent, were held to be better prepared.
This presents a significant concern, given that ‘smart city’ technologies are rapidly becoming considered to be part of any modern city.
Yet cities’ increasing digitisation attracts new attention: nation-state actors, for one, were the most likely perpetrators of cyber attacks – named by 67 percent of respondents – while hacktivists were also seen as a threat by 63 percent.
Amongst European respondents, nation-state actors were of even greater concern, with 74 percent naming them as a likely perpetrator of cyber attacks.
Recent compromises – such as the compromise of 55 Victorian speed cameras by WannaCry ransomware – have shown just how easily smart-city elements can be compromised by cybersecurity attacks.
Asked which sectors were most vulnerable, energy (named by 71 percent) was slightly ahead of communications (70 percent) and financial services (64 percent) infrastructure – which proved notable given that energy, communications, and transportation sectors were held to be those most likely to benefit from autonomous systems.
Innovation in those sectors was confirmed after state transport ministers this week confirmed they would work together on national standards for autonomous vehicles from 2020.
“Before our cities can be identified as being ‘smart,’ we must first and foremost transfer this smart attitude to the way we approach and govern the rollout of new technology and systems,” said Robert E Stroud, past ISACA board chair and chief product officer at XebiaLabs in a statement.
“Our urban centres have many potentially attractive targets for those with ill intent, so it is critical that cities make the needed investments in well-trained security professionals and in modernizing their information and technology infrastructure.”
Many of those investments will rightly focus on data analytics and its role in improving security, Webroot CISO Gary Hayslip wrote in an analysis that noted ‘advance data analytics’ was the most commonly-selected answer when respondents were asked what was needed to perfect their security efforts.
Cities are “packrats”, he said, that “keep technologies beyond their typical lifespans due to the scarcity of resources needed to replace them. This mixture of legacy and up-to-date solutions can lead to environments with challenging levels of risk.”
“Many would have thought new tech or cutting-edge science would be what smart cities need,” he continued, but “the use of data analytics to manage scarce resources and highlight anomalous behaviour is a better value because it provides visibility.”
That visibility is being aided by the use of artificial intelligence (AI), which can improve the responsiveness of analysis of large volumes of cybersecurity data.
Fully 78 percent of the ISACA respondents said that AI-based cybersecurity was important in improving the security and resilience of cities and municipalities, although just 36 percent expected AI to actually be widely deployed in the next 5 years.
Government investigations may provide some guidance in the assessment of smart-city components, with Australian Defence Force vice admiral Ray Griggs telling a Senate Estimates hearing this week that the ADF’s joint information warfare unit was working on evaluating the ‘cyber-worthiness’ of equipment and systems.
This potential strategy puts a new face on ongoing Defence efforts to categorise cybersecurity technologies through their evaluation and inclusion on the Evaluated Products List. And while technologies on that list are tested against specific security and usability objectives, similar efforts amongst the smart-cities and smart-devices communities may ultimately prove transformative in resolving many of the security issues that increasingly-connected cities produce.
“Cities that modernize their information and technology infrastructure, make the needed investments in well-trained technology professionals and partner with the private sector as needed to fill in gaps,” Clyde Consulting and ISACA vice-chair Rob Clyde said in a statement, “will be well-positioned to meet the coming challenges that will accompany increased urbanization and a more dangerous threat landscape."