List: Cyber security in modern cities has become a priority for governments and businesses. CBR lays down 5 critical tools that will make any metropolis safer.
From London to Berlin, all the way from Paris to Tallinn, Dubai, Singapore or New York, well over $25bn is being invested right now in creating the cities of tomorrow.
Yet, according to the European Union Agency for Network and Information (ENISA), awareness around cyber security in the smart city space is still low and poor.
ENISA has also highlighted that adoption of cyber security measures has been slow and more awareness is needed to bring in a cyber safe culture into the smart city ecosystem.
CBR lists five cyber security measures every smart city will need.
Digital access control systems
DACSs have to be built in a way that only the right parties – either official authorities or relevant companies/providers – have access to smart city data and its networks.
These systems are crucial to keep the city’s services at bay from cyber threats, such as theft, tampering or alterations, that could have a significant effect on how the city functions.
In these DACS, those building the technology infrastructure of the city can allocate different levels of entry to different parties in order to ensure that the right people see exactly the right amount of information.
At the same time, having a clear and concise database of who has access to the data and networks will help to mitigate responsibilities when a breach does happen.
A well-built DACS will help to protect different layers of the city’s infrastructure web such as data transmission networks, data aggregation connectivity, and smart data processing.
Disaster recovery and back-up services
Data centres, either on site or off site, are at the heart of everything IoT has to offer, from smart cities, driverless vehicles or smart buildings, to intelligent street lighting and so on.
Disaster recovery is a critical part of the data centre’s architecture. If servers go down, is it important that systems are brought back online as soon as possible and, once those systems are back up and running, need to have all their previous workloads operational. This is where the right level of back-up comes in.
Data back-ups should be done regularly, and according to the ENISA, should be done off site. This suggests that data centres at the edge, for example, should always send the relevant information back to a ‘mother hub’ for safety purposes.
Hardware/software faults monitoring
Everyone has heard that "software is eating the world" and smart cities will be large scale software deployments. Everything in one way or another will be based on some sort of software coding.
Then the hardware steps in. This will be all over the place. Sensors, gateways, integrators, controllers, switches, beacons, and so on.
Hacking into either the software and/or the hardware could again lead to data theft, coding alterations, and so on.
For example, reversing the software code that keeps smart meters connected to the grid in a safe way to cope with over capacity could cause the whole grid to fail with possible physical consequences to the smart meters and/or the power station itself.
It is crucial that the smart city architecture is constantly monitored, 24/7/365 to ensure that no attacks are carried out.
Virtual private networks
VPNs let the private network be extended into the public network system. Essentially this means that a public network can be made as safe as a private one by sharing the same security, functionality and management policies features.
These private networks use the Internet Protocol Security (IPsec) that is designed to carry out authentication, authorisation and encryption of all the data being exchanged between different parts of the IoT city mesh (for example, from the car to the lighting post).
Encryption is indeed one of the key segments VPNs have to offer. This will convert all the data’s text into a cipher-text, which in theory cannot be understood by unauthorised parties.
Failure to encrypt, could allow hackers to steal and understand private data. Eavesdropping is a real and serious risk and as a result, those designing smart cities need to address the use of VPNs in data transmission networks, data processing and data aggregation connectivity.
In addition to all the benefits aforementioned, VPNs also have the capability to be bespoke to specific requirements in order to protect specific data exchanges.
Network intrusion detection systems
NIDSs carry out the inspection of all inbound and outbound network activity and help identify suspicious patterns that may indicate a network or system attack.
These attacks may well be propelled by unauthorised use or access of the networks which could let hackers to wiretapping into not only voice communication systems within the city violating citizens and organisations’ privacy, but also into data streams floating in the city’s system of communication networks.
NIDSs by themselves are not the ultimate safety layer. In order to ensure that these work accordingly to the security needs of a specific smart city application, operators need to configure them appropriately.
This includes for example, specific controls for monitoring key data exchanges with all known authorised connections well labelled to avoid conflicts.
These intrusion systems protect more than just the network itself, they can also help to protect the infrastructure deployed in the field, such as cooper cabling.
All in all, as IoT security risks represent a "new type of terrorism", the right take up on these five cyber bullet points will create a safer environment that will make it harder for hackers to penetrate.
However, it is important that governments, businesses and even citizens keep an eye out for updates and new safety roll outs as the cyber threat landscape is ever evolving as the answers against attacks also are.