Article by Marcelo Branquinho and Emílio Arimatéa, from TI Safe
The term smart city (smart city) refers to the composition of a city that makes use of digital technologies to interconnect, preserve and improve the lives of the population. Some examples of technologies used are: Intelligent and adaptable lighting according to need and demand, population monitoring by means of digital video, fire control management and public announcement systems, intelligent roads with warnings, messages and detours according to climatic conditions and unexpected events such as accidents or traffic jams, waste management with the detection of garbage levels in containers to optimize the garbage collection route, among others. However, all the benefits provided by the use of new technologies in cities can be wasted if due care is not taken with cybersecurity.
A smart city makes use of technologies related to IoT, IIoT and IoE for the functioning of its services and applications. These technologies can become a threat because those who provide the solutions usually have no sense of good cybersecurity practices. Cybersecurity systems are rarely implemented and, when a vulnerability is found, the service hardly stops working to be updated, as it is vital for society.
Smart cities are already a reality in the world and are considered the future. A good example is the city of Santander, in northern Spain. THE SmartSantander installed IoT devices to provide citizens with applications and services typical of a smart city. The city of 180 thousand inhabitants, which until recently received tourists interested especially in its beaches and in its historic center, started to attract the attention, also, of visitors passionate about technology. Groups from all over the world are now arriving to see Santander sensors, which measure everything from the amount of waste in containers to air pollution levels.
SmartSantander started being developed in 2010 by a team from University of Cantabria. Researchers and programmers installed hundreds of sensors on the asphalt to manage the limited number of places available in the city center. The project cost € 8,5 million, mostly financed by the European Union, which sponsored the initiative with € 6 million. The Cantabrian government also contributed € 500.
On the one hand, the research community benefits from the implementation of a unique infrastructure, which allows real field experiences, while on the other, citizens enjoy different applications that meet their needs.
Since then, more than 12 sensors have been installed in the city in the following areas: availability of parking, lighting, waste management, traffic and information about the bus. Collecting data through these sensors can lead to significant improvements in the way the city's infrastructure is used and a better understanding of urban issues.
The data is sent to a central that analyzes the information in real time and gives the city authorities information that allows them to adjust the amount of energy they use on the streets, the number of trucks needed for garbage collection during the week and the volume of water used to irrigate city parks. As a result, the city has already reduced its electricity costs by 25%, and by 20% with garbage collection.
The benefits are countless, but on the other hand, the city may collapse if cyber attacks against its critical infrastructure happen. The main challenge facing smart cities is cybersecurity, as, managed systems can virtually be subject to hacking attacks that compromise not only the privacy but the lives of millions of people who use its services.
The complexity of the infrastructure of smart cities creates vulnerabilities and in the event of a security incident, it will lead to essential services not functioning properly or being interrupted, for example, water and energy supplies. Likewise, unauthorized access to personal data can lead to major breaches of privacy, for example, access to personal data records of citizens in general.
Smart cities have very vulnerable components that can provide cyber attacks. Some of these components are:
- The convergence between the physical and the cyber world, which will become practically the same, allowing vulnerabilities to be exploited on one side and take devastating effects to the other using the existing connections between them;
- Due to the interoperability that exists between systems in smart cities, the cyber attack surface becomes wider, making it necessary to increase cyber security and all its aspects involved;
- The correlation between complex and large-scale processes in the services provided by smart cities, can be an attraction for attacks with financial justification (extortion).
There are five major vectors of attacks on critical smart city networks that seek to reach multiple potential targets. Are they:
Attacks on applications
To receive data from the sensors and send commands to the controlled devices, local and cloud applications are used. This is one of the main vectors for cyber attacks and its possible targets are:
- Collaborative digital platforms
- Massive and Open Online Courses (MOOC)
- Public administration portals and government agencies
- Portals of services available to citizens of the smart city
- Applications in general
Attacks on data integrity and confidentiality
The storage and processing of the large volume of citizen data and smart city control applications requires databases with a high level of performance, integration and analysis that will later provide information with intelligence. The main targets of this attack vector are:
- Business intelligence
- Big data
- Database in general
Attacks on communication networks
A robust and resilient communication infrastructure is critical to keeping all smart city services accessible. Keeping this infrastructure always available for the most varied types of access, requires a very well prepared contingency plan and must take into account the integrity and availability of the data transferred. Potential targets are:
- Digital infrastructure
- Intelligent urban infrastructure
- Monitoring systems
- Cloud computing
- Public Wi-Fi networks
Attacks on IoT devices
IoT devices are one of the main entry points for interaction between citizens and systems. They have numerous vulnerabilities and special attention to cybersecurity is necessary. There are several target devices, among which we can mention:
- Smart screens
- Autonomous vehicles
Attacks on interfaces and apps
The interfaces between the real world and the virtual world will become more intelligent and intuitive, as the number of applications and interactive systems will multiply and this requires a more secure and continuous development taking into account the privacy and authenticity of users. The Internet of Things will be one of the foundations for smart cities, because of this, it will also be one of the main targets of cyber attacks. Impending Targets:
- Internet of Things Solutions (IoT, IIoT and IoE)
- Citizen interface apps
Systems, people and things will be interconnected in smart cities. The ability to successfully interconnect the three, manage, monitor and verify what is linked and shared, while protecting information and users, is fundamental to the use of the full range of services available.
Cybersecurity laws and regulations for smart cities must be developed and implemented by governments and must involve everything from design to maintenance and monitoring of the entire smart ecosystem, taking into account not only data and networks, but mainly people .