In commemorating World Cities Day on 31 October 2022, the focus must turn to implementing effective cyber security measures designed to keep infrastructure safe from increasing targeted attacks, especially as smart cities are no longer a futuristic dream but indeed reality. Such attacks not only have a financial impact but also threaten the lives of citizens. Considering that the adoption rate of Internet of Things (IoT) technology in smart cities across the META region is at 71% according to Kaspersky research, and accelerating fast, compromises in these implementations can have potentially devastating consequences.
Today, one of the most pervasive risks is ransomware attacking various government services. Moreover, smart cities are also susceptible to attacks on network equipment and items, such as CCTV cameras, which attackers can gain access to. Websites and applications connected to IoT are also at risk of exposure, and targeted attacks on infrastructure facilities are serious incidents.
From energy and water management, smart lighting, alarm systems, video surveillance, and others, IoT is a core part of enabling smart cities. It therefore stands to reason that efforts around protecting the environment should encompass every level of the smart city ecosystem – from equipment manufacturers and software developers to service providers and companies that implement and use these solutions.
“Unfortunately, many IoT devices have little or no protection at the software and infrastructure levels. They are often unsupported and have no updates from the vendor. Implementing IoT solutions on top of existing legacy systems, which were once stand-alone and unconnected, will also create vulnerable targets for cyberattacks,” says Bethwel Opil, enterprise client lead at Kaspersky in Africa.
To respond to these IoT security challenges and provide help to companies and government departments requiring specific cybersecurity protection, activities on different levels must emerge. Fortunately, there is movement towards standardising the development and implementation of IoT platforms to make them more dependable and secure by design.
“Effectively, smart cities can only be successful when all the stakeholders across specialist IT, business, government, and the private sector work effectively together. No single service provider, government department, or private sector business can try to do everything to deliver the environment for a smart city to succeed. For example, from a security perspective, Kaspersky contributes to this process by designing and developing components, including IoT gateways and other solutions based on the principles of cyber immunity,” adds Opil.
This cyber immunity approach is a means to create solutions that are virtually impossible to compromise and that minimise the number of potential vulnerabilities. For smart cities this means protecting systems for buildings and public services, such as those that enable public administration managers to control the consumption of water and heat – and much more.
During one of Kaspersky’s pilot projects, a hospital was connected to a smart city system so that a utility could securely receive and analyse reliable data. Thanks to this project, the hospital was able to detect abuse - a neighbourhood organisation illegally connected to the pipeline and using the water for its own needs, while the hospital paid the bills.
A smart city is a cyber-physical system, meaning both physical safety and digital security are essential for the smooth operation of city services.
Cyber security practices for smart cities should include basic measures such as encryption and strict password policies, vulnerability management, network segmentation and a zero trust model, as well as firewalls and dedicated protection for any cloud infrastructures that the smart city’s systems and applications are connected to. On top of this, dedicated IoT security solutions, such as security gateways, need to be in place to connect IoT devices with business applications while ensuring the security of the communications and data transferring through them. In organisations where the IT infrastructure is connected to smart city objects and systems, end point and network protection with the ability to detect and respond to diverse threats, should be used.
Kaspersky IoT Secure Gateway 1000 is the company’s latest cyber immune product for organisations embracing digital transformation, helping them to accelerate business value from new streams of industrial data. The gateway securely connects IoT devices and controllers with business applications and cloud platforms.
“The harmonious fusion of the digital and physical worlds in a smart city can significantly improve citizens’ quality of life, increase the efficiency of urban utilities and strengthen the position of cities in the global digital economy, making them attractive to investors and contributing to dynamic growth. However, cybersecurity measures must be considered every step of the way if such cities of the future are to flourish,” concludes Opil.
For smart cities, there are a number of best practices to consider when it comes to protecting their IoT environment:
- Keep IoT devices up to date with the latest software and security patches.
- Change default passwords on IoT devices.
- Use strong passwords for all devices connected on the IoT network.
- Check the privacy settings of IoT devices to ensure there are no weak spots.
- Wherever possible, activate multi-factor authentication on devices.