Cyber security for smart cities
In February 2013, Los Angeles became the first major city in the world to synchronize the control of all of its 4,500 traffic lights (Curbed). Six years earlier, in the movie “Die Hard 4”, a terrorist caused panic in the City of Angels by making all of the traffic lights turn green at the same time. What was then just a scenario contrivance is now a real risk: by the end of the year, a total of 2.3 billion connected objects will be deployed in the hearts of cities around the world (Harvard Business Review). Public transport, public lighting, power stations, hospitals… many critical functions continue with their digitization. This massive and rapid deployment, to which can be added the growing interconnection of infrastructure and its centralized management, opens and unveils new spaces of vulnerability that cities are gradually taking into account.
Attacks are multiplying
At the beginning of April, the inhabitants of Dallas woke up to the wails of emergency sirens triggered by a cyber attack. Within minutes, a wave of panic had overwhelmed the emergency telephone services (The New York Times). In late June, a computer virus affected the Ukrainian central bank, its metro and its telecom infrastructure, before spreading around the world (The Verge). According to a survey of IT security professionals, public Wi-Fi systems, smart grids and transportation would be among the most vulnerable types of infrastructure to cyber risks (Government Technology). In the transport sector, thousands of alerts are already being generated every day throughout the world (Smart Cities World).
The smart city must be a “safe city”
In terms of the IoT, organizations — companies, public services — are finding it increasingly difficult to identify all stakeholders in their digital ecosystems. For example, the Chief Information Security Officer of several hospitals in the United States explained how he discovered during an audit that 70,000 devices were connected to the system, while a much lower number had actually been declared and therefore secured. A digital blind spot such as this creates many potential entry points for hackers. The game is also changing for the manufacturers: the industry is working on setting standards and creating secure identification processes (BBC). Initiatives to support cities are also emerging, such as the NGOSecuring Smart Cities, which shares resources and good practices. Some states are also adopting a dedicated strategy, such as Latvia Ministry of Defense and France (Cybermalveillance.gouv.fr — In French). All this should raise global awareness, to put cyber security at the heart of resilience strategy for the cities of tomorrow.
This article appeared in Leonard’s Newsletter, the platform powered by VINCI which aims to identify the services, facilities and infrastructure of tomorrow. We share our news and best reads by email every fortnight, subscribe here.