Rebecca Root and Daniel Sager :
In 2016, the United States’ National Security Agency had their “hacking tools” stolen in a cybersecurity breach, and the Bangladesh Bank endured a cyber attack that cost them a reported $81 million. In the first quarter of 2016, Kaspersky Lab, a cybersecurity and antivirus provider, also stated that 45 percent of its users in the Middle East, Turkey and Africa had reported a security incident.
As more cities become better connected, the issue of digital security looms large. What would happen if a system controlling electricity or water supply was hacked? If technology is being used during a humanitarian crisis to distribute aid, could a manipulation of the technology cost lives? And how can vital information such as health care and financial information be better protected?
Since technology, data collection and cloud storage are relatively new city management tools, people working within smart cities may not yet have all the answers to these questions.
Francesca Bria, Barcelona City Council’s chief technology and digital innovation officer, says that until now it hasn’t been clear that when developing technology and deploying services to maximize efficiency within a city, “respecting the basic fundamental rights of citizens” should also be considered. Those rights include privacy and security, rights that could be difficult to safeguard in a smart city without adequate security.
“Thinking that hackers won’t attack your city or turn off the lights for the fun of it, or something much more dangerous and insidious, is crazy.”
The solution to this, Bria told Devex in an interview, is to work with experts to make security “an integral part of the way we develop technology, we buy technology and we deploy services.”
Such assets come with a cost however, one that some cities may not have funding for. Jesse Berst, chairman of the U.S.-based Smart Cities Council, said that when it comes to security in smart cities, “the number one issue is the lack of attention to the problem.” This could mean a lack of resources and allocated funds, leaving some cities vulnerable to a security breach.
There are, however, some actions that practitioners working in a smart city space can take to help their city become a safe city.
1. Implement a security policy.
A study by the Smart Cities Council and multinational tech company Cisco found that only around one-third of cities surveyed had a city-wide security policy for their smart systems, while one-third had policies that only applied to individual city departments. That left the remaining third with no policy at all to guard against, or deal with, the potential hijacking of city street lighting or of critical software mapping violence in a city.
Berst said city leaders must implement cybersecurity policies and treat security more like a process than a one-time event.
“Thinking that hackers won’t attack your city or turn off the lights for the fun of it, or something much more dangerous and insidious, is crazy,” he said.
Berst explained that developing a policy begins by conducting an audit, which helps determine any weaknesses and the processes needed to strengthen these. This can be expensive and is a process that many cities have no choice but to abandon.
Bria, however, noted that the European Union Data Protection Reform, which will be brought into effect in May 2018, will offer a set of guidelines those in the EU will have to adhere to in order to protect digital data.
“Cybersecurity and vulnerabilities are now factors that will have to be considered at the very inception and built into the process,” she said.
2. Make humans smart, too.
As Berst pointed out, “a large percentage of all cybersecurity problems arise from social engineering,” a term that means that individuals are manipulated into divulging confidential or personal information that may be used for fraudulent purposes.
Human error plays its part too: the biggest threat to smart cities may not be terrorist factions, hacking groups or malicious individuals, but merely someone unknowingly inserting an infected flash drive into a computer, or clicking on an email link from an unknown person. Picking secure passwords and remaining vigilant around unknown correspondence could help in safeguarding personal data in general, as well as that relating to a smart city.
In the global development community, smart grid technology is probably the most well-known use of the internet of things. But energy is just one example – truth is that the internet of things could drastically increase efficiency in many other ways.
3. Maintain internet of things devices.
Cities including Bangalore in India, and Maputo in Mozambique, are installing sensors to provide information that can streamline services. Information on waste and available parking spaces can cut city costs, reduce the amount of time a vehicle is emitting gases, and overall contributes to a cleaner, more efficient environment.
However, Berst said that every device feeding data into a central system is a point of vulnerability that hackers can intercept and manipulate. He pointed out that manufacturers are currently working on better protecting these devices, but it needs to start with city workers performing simple maintenance and updating software. That same logic applies to citizens and the updating of their smart city phone applications.
4. Work with experienced corporations.
Leaders of cities such as Brazil’s Rio de Janeiro, and Medellín in Colombia, are used to tackling crime where the perpetrators are visible, but digital crime lacks this tangible element. Often people aren’t aware there has been a security breach for some time and the damage is often never fully realized.
However, corporations and cloud providers such as Microsoft, Amazon Web Services and IBM have been dealing with security issues for years, and even lend their expertise to defense agencies and banks. Berst said there is no reason why those operating projects in a smart city can’t fast track their way to cyber safety by working with them.
“Security and privacy are two of the biggest fears we hear from mayors and [chief information officers],” he said. “So the company that has answers for that – that has the system, the process and the framework – is going to have an advantage in selling to those cities, because it’s really a blocker right now.”
5. Embrace open standards.
Finally, there are protocols for the installation of smart systems, frameworks for the internet of things and software that has already been developed and available for public use.
While mayors may be tempted to create a smart system that is proprietary and tailor-made to meet specific needs and safeguard a city’s own ideas, a system that has been used previously is likely to come with fewer security risks. Vulnerabilities in the software have already been identified and remedied and open-source communities – online societies built around publicly available source code – are usually quick to identify and address security.
Bria said that many cities share common problems, so it makes sense to use the same type of open-source software and share it.
“That can be done in one country, but also it can be done globally,” she said.
(Rebecca Root is an editorial fellow at Devex. She has a background in journalism and communications, and has written for a variety of publications while living and working in New York and London. Daniel is a lead software engineer at Devex. He studied computer science, specializing in secure IT systems and artificial intelligence).