Key issues in cyber security for smart cities

Smart cities are still a pretty new approach for cities and their inhabitants and visitors and even the used technologies are cutting edge. The smart city ecosystem can be grouped in 3 layers:

· core technology layer

· communications layer

· edge layer

Looking beyond the standard cybersecurity issues that all systems need to be secured against, four key cyber issues of specific concern for smart cities are:

· man-in-the-middle attacks: an attacker breaches, interrupts or spoofs the communications layer.

· data & identity theft: data generated by unprotected smart city infrastructure such as parking garages, electric vehicle charging stations and surveillance feeds can cyber attackers provide with personal information that can potentially be exploited for frauds identify theft.

· device hijacking: the attacker hijacks and assumes control of an edge layer device.

· confusion of the systems by normal devices: the use of a normal device in an unexpected way can lead to wrong actions.

Surprisingly there are no regulations specifically for smart cities. Nevertheless, the first best practices for cyber security in smart cities are emerging:

· clearly separate data flows from smart city edge layer devices deployed by the city or its service providers from untrusted devices like smart phones or connected vehicles from inhabitants or visitors.

· use virtual private networks on the communications layer.

· use strong encryption and authentication.

· deploy network intrusion detection systems.

· deploy physical protection.

· implement an information security policy.

· deploy scanning application tools.

· use heightened network security rules to prevent access to sensitive systems in the core infrastructure layer and the edge layer and safe password practices.

· strong access controls should be in place.

To read the whole InBrief, please click here.