Smart cities open door to cyber-attacks, say security experts

More attention needs to be directed towards a smart city's security to ensure smooth sailing

The smarter cities get, the more vulnerable they are to cyber attacks which could lead to chaos if control of the technology falls into the wrong hands, security officials said.

Security is falling behind a rapid influx of new technology, Natalya Kaspersky, president of InfoWatch Group, said at the Arab Future Cities Summit this week.

"Any technology has vulnerabilities and no technology comes without them," she said. "With smart cities, technology is coming up so fast that security systems are not able to catch up effectively."
Ranging from surveillance cameras and water systems to buildings, energy and transportation, she said they would pose a huge threat for communities to overcome.

Modern cities today are growing increasingly reliant on technology that is often connected through the internet making them susceptible to the same threats all computers have, she said.

"They also have some more threats which are associated with the physical [aspect], up to destroying human lives, building explosions and total block of the system. A whole smart city could be stopped."
The Internet of Things is implemented in a smart city by default. Most residents have expressed a very high concern over the risks involved, according to a survey conducted by InfoWatch, with 69 per cent of them mainly worried about their privacy.


Read more:


Last year, 30 energy stations were disconnected in Ukraine following attacks by hackers, leaving 80,000 people without any electricity for two and a half hours.
"Cyber adds a new layer," Ms Kaspersky said. "Before it, the security system was separate. What's needed is for security to be built from down to top through all the systems. This means we should have a level of security for each stage of the smart devices, from collecting the information, to the gateways it goes through and the networks, cloud and data centres in which it gets stored and analysed."

Chief security officers responsible for cyber-security should be involved in each stage of the development. "Unfortunately, it makes it all slower because there are too many different providers and manufacturers and they claim they have built-in security but they don't always," she said. "It's a problem which one should consider when they think about a smart city."
Industries implementing security strategy in their Internet of Things are mainly in telecommunications, at 78 per cent, followed by technology, at 73 per cent, and the automotive industry, at 69 per cent.
Matthew Cochran, chairman of Defense Services Marketing Council in Abu Dhabi, agreed with Ms Kasperky. "Using smart technology to protect our cities has its limitations currently that can be exploited by criminal actors," he said. "Challenges like low quality video CCTV networks, data storage and retrieval reaching command and control rooms for responders or police to combat crime remain due to legacy systems that don't talk to new systems or simply no smart city solution of any kind."

He said the adoption of big data analytics and high speed mobile networks along with the Internet of Things and sophisticated security systems today would ensure a drop in future crime rates and police arriving on the scene in minutes versus hours. “Technology is developing much faster than the security measures that are being implemented so we see a lot of advances in tech today,” said Dr Fadi Aloul, head of computer science at the American University of Sharjah.

"There's a big competition between companies on who can deliver the smarter solution faster to the market. There's no issue with tech advances but the way we look at it is it's a new toy and because of that, security is not considered seriously."
He said people were more excited about the novelty rather than the security. "Dealing with it isn't being done carefully," he said. "Companies might not be doing the right testing as they might miss the time to release it to the market. Threats today are significantly different than in the past, from hacktivists to cyber-criminals and state attackers, there are many players out in the market which can look anywhere."