Smart Cities, A Gold Mine of Data – How Can Organisations Protect Themselves?

The National Cyber Security Centre warned that smart cities will be the next major target for cybercriminals. This comes after a year of booming cybercrime, with a nearly 600% rise in malicious attacks worldwide. How, then, can we protect against this rising threat?

Notify of

5 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
May 10, 2021 1:56 pm

<p>The more connected devices, the more threat vectors become open for cybercriminals to exploit. When creating smart cities it is vital that those designing them have security in mind from the outset and attempt to future-proof the infrastructures. Failure to prepare for cyberattacks now will mean they will inevitably fall over later and with the amount of data at risk, smart cities could be a disaster. More devices mean more of our private information is at stake which will remain a target to those who want to take advantage of such new technologies, so we need to be mindful of how much of our personal data we release.</p>

Last edited 1 year ago by Jake Moore
Andy Norton
Andy Norton , European Cyber Risk Officer
InfoSec Expert
May 10, 2021 1:55 pm

<p>Smart devices turning rogue will be one of the critical challenges facing smart cities and other digitally transformed aspects in society. There is a real physical cyber threat posed by the unauthorised commandeering or corruption of a smart device that is a component of critical infrastructure.</p> <p> </p> <p>The loss of sensitive data from eavesdropping devices has also been recognised in other areas of UK society. Currently, the new Telecom Security Requirements  (TSR) is imposing a ban on High Risk Vendors, notably Huawei. How many devices do we use in our everyday life that have a license agreement which states: \’you bear all the risks, opposing the basic principles determined in the constitution of the Peoples Republic of China?\’  </p> <p> </p> <p>Recognition of this “sleeper” device integrity risk was the catalyst of the US FAR-889 regulation preventing the sale of certain Chinese devices to US government and banning the usage of such equipment by contractors to the US government. The UK TSR, though, is far more far reaching than just High Risk Vendors, and will force Telcos to implement and demonstrate compliance with a broader cyber resilience framework based on the NCSC CAF3.0.</p>

Last edited 1 year ago by Andy Norton
Tom Van de Wiele
Tom Van de Wiele , Principal Consultant
InfoSec Expert
May 10, 2021 1:52 pm

<p><span lang=\"EN-US\">Smart cities make life more efficient and have been around for a while, but they do invite privacy and security risks. Ultimately, there is a real risk for harm from unsecured networks that share data from sensors and analysis tools. The high degree of connectivity in these technologies means that an attacker could, potentially, take malicious action across the entire UK with ease if proper security measures such as segregation of networks and fallback processes are not enforced and properly tested.</span><b><u></u><u></u></b></p> <p><u></u> <u></u></p> <p><span lang=\"EN-US\">A nation state, a serious organised crime group, or attackers wishing to harm critical, national infrastructure without direct loss of life could create countless amounts of chaos. Threat actors on the prowl looking to abuse smart city networks and its decision-making patterns really are viable threats and isn’t far off from what we saw happen at the Florida water plant hack in February. The possibilities for attack are relatively endless.  </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><u></u> <u></u></p> <p><span lang=\"EN-US\">Striking the right balance between efficiency, privacy and security is important so it’s no surprise the NCSC are setting out guidelines to get a hold over some of the risks</span></p>

Last edited 1 year ago by Tom Van de Wiele
Adam Enterkin
Adam Enterkin , SVP, EMEA
Industry Leader
May 10, 2021 1:51 pm

<p style=\"font-weight: 400;\">If it can be hacked, it will be. As the IoT booms to 67 billion new connected devices by 2025, the nation’s critical infrastructure is increasingly reliant on networks of these devices. During this pandemic, we have seen a nearly 600% rise in malicious attacks worldwide targeting schools and universities, offices, government departments, and hospitals. As potential doorways to lucrative data, medical records, and government secrets, every IoT endpoint must be secured to ensure hackers can’t hijack public systems, steal data and wreak havoc.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Smart cities will soon become a significant branch of this increasingly connected IoT system, where complexity often leads to vulnerability. The average new car, for instance, contains more than 100 million lines of code and some of the most complex software ever deployed by automakers. Now making their way onto Britain’s roads, each one poses a threat to public safety if not properly secured. As a society, we must not be overwhelmed by the magnitude of the task to secure each and every device; our collective safety depends on it. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Before deploying any powerful technology or artificial intelligence, we must learn to anticipate the threat, recognise the value of IoT systems to cyber attackers, and prepare to respond to any sign of unauthorised hackers. Cybercriminals are waiting for organisations and the public to drop their guard. We must not let them seize the opportunity.</p>

Last edited 1 year ago by Adam Enterkin
Stephen Bradford
Stephen Bradford , SVP EMEA
InfoSec Expert
May 10, 2021 1:49 pm

<p>Smart cities are useful to help improve efficiencies for urban infrastructure but the data that resides in this technology- often commercially sensitive and personal- is a gold mine for criminal and hostile states. </p> <p> </p> <p>Supplier or not, anyone working within these critical projects has the potential to be a threat and pass sensitive information into the wrong hands if the right cybersecurity measures aren’t in place. Organisations must therefore secure access at all costs, only giving stakeholders as much access as is required to perform their assigned roles and responsibilities – no more, no less. This is vital to spot unusual, suspicious behaviour and to root out threats well before a breach occurs.</p>

Last edited 1 year ago by Stephen Bradford
Information Security Buzz
Would love your thoughts, please comment.x