While smart cities may be the future, they also create a wide-open target for malware. These technologically dense cities will have a larger attack surface with more internet of things (IoT) devices per square mile.
The goal of the smart city is to improve economic and environmental efficiency while improving the quality of life for its inhabitants. These improvements can be attributed to millions of sensors that are scattered across the city that enable real-time communication with these devices.
Of course, these smart cities also have vulnerabilities. As new technologies are deployed, there is a new opportunity for vulnerabilities and increased risk. Top malware threats can not only affect the city and its administration, but also the residents and businesses which reside there.
For example, having smart city energy management could allow energy to be delivered based upon user demand. Using this type of technology, a smart grid may turn off certain higher power consumption items such as water heaters during the day when nobody’s home.
What happens when these devices across a smart city (or the equipment at the power grid) are infected with malware and instead of turning off the power, they increase power usage instead?
How would citizens and administration need to respond to power outages all over the city due to malware on electrical devices? In the future, these types of cyber attacks could affect street lighting, city management, traffic control, power, water grid, surveillance, public transportation, location-based services, and much more.
Challenges With Smart Cities and IoT
One of the big challenges is that many current devices are insecure and did not have sufficient security testing. This allows the devices to be hacked and faked data can be fed to them, allowing for mischief.
While these devices may be tested for functionality, cybersecurity testing is not currently part of the process. Cyber security expert Cesar Cerrudo found over 200,000 vulnerable traffic control sensors that were already installed around major cities in the world.
“Most product vendors are releasing hardware, software without any security, and governments are releasing it without any testing,” says Cerrudo.
According to Tom Cross, there are five stages of people’s attitudes regarding technology vulnerabilities. The first is denial when they are too enamored with a new technology to think about the potential risks. Then, much like the five stages of grief, they will slowly go through the different stages including anger, bargaining, depression, and then accept that these devices are vulnerable. However according to Cross, “there’s still a long way to go before we reach acceptance.”
Making Our Smart Cities More Secure
Since smart cities will have millions of devices that could potentially be infected with malware, it’s critical that security starts with identifying and then prioritizing the critical infrastructure.
Establish benchmarks: Behavior-based security can be a critical part, but first you need to establish benchmarks for normal operations. Once you have this, you can use software to determine when behavior is not “normal” and ascertain if the problem is a cyber attack or some other issue.
Use a security framework: Create or adopt a cybersecurity framework and make sure that it is followed. It should contain policies regarding selecting new systems, procurement, management, and access control throughout the entire lifecycle of the device. This framework should be reviewed and a checklist applied to make sure that rules are being followed.
Better Training For Vendors: Another part of the problem is that vendors need to be educated on cybersecurity. Their technologists, while technically skilled, need to focus more on security.
White-list approved applications: Approved applications can be white-listed and then software applied to keep unauthorized software from running on the device.
Use endpoint protection software: Apply security measures including endpoint protection software and then proactively monitor the devices on the network for behaviors that would indicate an attack is in progress.
Test regularly: Perform regular penetration tests on the network and devices to reduce the risk of vulnerabilities. This testing needs to be scheduled as well as retested when new devices or updates are deployed.
Hopefully, there will be a growing number of smart cities in the future. However, in order to keep them safe, IoT device vendors, security vendors, and smart cities will need to work together to ensure security. Working together, we can reduce the top malware threats and allow smart cities to become the innovation for our future.