Smart cities must be cyber-smart cities

Andrew Lee, ESET Government Affairs Liaison looks into how cities turn to IoT to address long-standing urban problems, what are the risks of leaving cybersecurity behind at the planning phase?

You’ve probably heard the term “smart cities” – that is, the idea that extensive use of Information and Communications Technology (ICT) to monitor energy, utilities and transportation infrastructure can lead to cost savings, reduction of environmental impact and faster fault resolution.

The benefits are obvious. If a streetlamp fails, and can tell you so, you can replace it more quickly. If you can control traffic more efficiently, you’ll reduce smog and noise, and reduce overall journey times. If you can tie AC/heating to ambient temperature in a fine-grained way, you can reduce power consumption and wastage. If you can track traffic in real time, you can plan the best routes for emergency response vehicles.

Most national governments have committed to the Paris Agreement, and therefore need to reach targets for reduced carbon emissions. These targets necessarily pass down to the regional and municipal levels, and the implementation of smart technologies in urban areas has a large part to play in achieving those goals. However, where there are complex, interconnected, computer-controlled networks of thousands of Internet of Things (IoT) sensors and devices, all sorts of alarm bells start to ring in the minds of cybersecurity practitioners.

Andrew Lee

ESET researchers have analysed malware (e.g. here and here) that was most probably used in several attacks against the energy industry and ultimately caused power outages. This sort of disruption has major effects on people’s lives, and intermittent or unreliable power does not take long to cause problems. Foods and medicines start to decay rapidly as refrigeration and freezers start to heat up. Hospitals must reduce power consumption to the essentials. Petrol pumps don’t work (nor for that matter do smart vehicle charging stations), traffic light systems go down, buildings start to over-heat, or over-cool. Street lighting stops working. Electronic payment doesn’t work, wages may not be paid, ATMs don’t dispense cash. You can’t recharge your phone or your laptop. Your insulin pump won’t charge, your CPAP (continuous positive airway pressure) device won’t work, nor will your remote monitoring systems, your security cameras – or your coffee machine! It doesn’t take much to understand that in these circumstances chaos quickly ensues.

We can also imagine more subtle attacks than total electricity outages. There have been at least two major cases of illicit cryptocurrency-mining software on compromised nuclear power plant control systems. Cryptocurrency mining is incredibly power-intensive, and therefore has a high environmental impact – in addition to the cost and the potential to cause power distribution problems as described above. It’s not just companies that are affected by such attacks. In many (most?) cases, IoT devices are not well secured, and their vulnerabilities can lead to an attack where there is little user-initiated mitigation possible. Last year a large-scale operation was discovered using home internet routers to mine cryptocurrency. Where there is money to be made, and easily – given the vulnerability of the systems – there will be criminal exploitation.

Smart meters are a boon to utility companies as well as consumers and businesses, allowing precise monitoring of utility consumption, but their compromise can enable the theft of power/gas/water. Perhaps worse – such meters can also indicate how much generated power is being put into the grid (think rooftop solar) and the rest of the grid depends on that being accurate to do proper load balancing and generation. As is often the case with failures of security, it’s the unforeseen events that can have the most devastating results.

The European Union (EU) has been very active in implementing smart city technologies, among other IoT-driven projects, with many set up under the aegis of its research and innovation program called Horizon 2020. These projects vary in scope, but many have vast implications for the sectors they affect – smart cites and society, agriculture, healthcare, ocean and water management, food, manufacturing, and many other aspects of lives.

Some of these projects are governed by Mission Boards that serve to guide and advise on the projects’ implementation. (Full disclosure: I was one of 550 applicants to the Mission Board for Climate-Neutral and Smart Cities, but did not obtain a seat, of which there were 15.)

The boards are made up of members working in a diverse range of disciplines, and we should hope that cybersecurity will be foremost in their thoughts, although it is scarcely mentioned in the briefs for the boards.

When all is said and done, there will be tremendous benefits in implementing technologies that can improve lives and reduce environmental impact. On the other hand, we should never forget the risks that come with failing to consider the security of those technologies.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Cloudflare to participate at GITEX 2022

Cloudflare, the security, performance, and reliability company helping to build a better Internet, today announced its participation at GITEX Global 2022.

Nozomi Networks confirms attendance of MENA ISC

Nozomi Networks is confirming its active participation at the forthcoming MENA Information Security Conference 2022 (MENA ISC).
ESET

ESET Threat Report: Attempts to exploit MS Exchange

ESET Research releases its T3 2021 Threat Report, summarising key statistics from ESET detection systems and highlighting notable examples of ESET
digital

Government to strengthen security of internet-connected products

A new law will protect millions of users of internet-connected household items from the threat of cyber hacks, Digital Minister Matt Warman
Juraj Malcho, Chief Technology Officer at ESET

ESET named a top player in Radicati’s ‘Endpoint Security’ Market Quadrant for the second year running

ESET, has been recognised as a ‘Top Player’ for the second consecutive year in Radicati’s 2019 Endpoint Security Market Quadrants SM
Atos UCLH

Atos announces new partnership with UCLH to support a digital future

Atos, a global leader in digital transformation, has secured an initial 10-year contract with University College London Hospitals to be its Digital Partner
ESET

Cryptojacking shows no signs of slowing down in 2019, says ESET

Cases of cryptocurrency mining and cryptojacking will continue to grow in 2019, as attackers target smart devices, according to ESET’s latest trends report.

Cryptojacking shows no signs of slowing down in 2019, says ESET

Cases of cryptocurrency mining and cryptojacking will continue to grow in 2019, as attackers target smart devices, according to ESET’s latest trends report.
Scroll to Top