Smart cities need smart cybersecurity

The blueprints for smart cities have been drawn up for years, but COVID-19 forced governments and urban planners to reassess their approach. The pandemic has also served as an opportunity for cities to put their infrastructure to the test. During this time, governments across the globe have utilised smartphone data to track and isolate the movements of individuals, to varying degrees of success. 

Post-pandemic, however, it’s clear that cities have to be designed in such a way that public services remain remotely accessible, even when social distancing is necessary. To do so, the buildings of tomorrow have to be self-regulating, and able to detect fluctuating conditions, while simultaneously adapting to the specific needs of different individuals as they move through the building - which is where the IoT can help.

What is IoT and what are the cybersecurity risks?

IoT connects a massive number of devices by linking various databases together to enable real-time customisation of public infrastructure and customer service systems. This technology has many people on the edge of their seats as it opens up a whole new realm of possibilities for people to live and interact. 

What is less commonly spoken about however is the cybersecurity risks that are involved. This new-found level of connectivity also creates far more opportunities for ill-meaning hackers to exploit systems.  So, as much as governments and entrepreneurs need to invest in IoT infrastructure, cybersecurity will be just as, if not more crucial in ensuring that the cities of the future function safely and sustainably.

Smart cities are more vulnerable to cyber threats  

As IoT networks are a hyperconnected system, they are as secure as their weakest link. That’s because each time users connect their personal devices to public infrastructure, they create an additional opening for hackers to enter the system. Which means, the likelihood of hackers infiltrating essential public infrastructure grows each day as smart cities expand. 

And, expansion is well underway. The COVID-19 pandemic has already forced some cities to rely on IoT infrastructure despite the lack of standardised cybersecurity measures in place. For example, an Australian hospital in New South Wales’ provided remote care for coronavirus patients through oximeter devices that transmitted oxygen saturation levels and heart rates to the hospital’s virtual unit. 

And, if the past is any indication of the future, then the risk is glaringly obvious. More than a decade ago, before IoT and automation were the talk of the town, the 2010 Stuxnet virus (a malicious computer worm) demonstrated how several lines of code could impact not just data, but disrupt physical factories and manufacturing plants to devastating effect. 

In today’s context, we need to realise, and accept, just how easy it could be for entire public transport systems, hospitals, and even military bases to be shut down in the hands of hackers. After all, uncontrolled growth is a recipe for disaster.

‘While it’s a positive step forward that we’re now in a position to rely on IoT to increase the accessibility of essential services, authorities still need to have proper cybersecurity safeguards in place to account for the average user who is likely to be less prudent when handling sensitive data,’ said Dr. Teow Hin Ngair, Founder & CEO, SecureAge Technology. 

Cities cannot simply slap IoT functionality on top of urban development and call it a day. As things stand, IoT networks are already expanding faster than security can catch up and 88% of organisations in the Asia-Pacific region have already experienced at least one IoT related security breach.

How do we make smart cities secure?

IoT systems are presently littered with a variety of problems including lack of visibility and transparency. Basic modes of identification, including IP addresses of IoT connected devices, are often obscured from other systems. The waters are further muddied as the number of connected devices and networks multiply. Not only does this make it difficult to pinpoint which individuals are connected into IoT systems and through what devices, the lack of visibility also endangers innocent users who may be subjected to undetected cybersecurity attacks.

Will blockchain make smart cities more secure?

Some industry experts believe that the key to dealing with cyber security attacks can be found in how we are dealing with COVID-19 at present. They advocate for blockchain as it can swiftly isolate compromised devices from the overall IoT system in order to prevent hackers from advancing towards sensitive databases and other devices connected to IoT systems. 

While blockchain does offer a possible solution toward data tampering, locking access to other IoT devices, and shutting down devices immediately after signs of compromise are detected, it’s still in its early stages of development and in many ways is still a very reactive approach.

Will one-time-passwords make smart cities more secure?

Another suggested solution is to mandate the authentication of every device before each information transaction. However, simple password authentication, or even the increasingly ubiquitous One-Time-Passwords (OTP)s used in two-factor identification (2FA) systems will not remain substantial for much longer. 

Instead, management systems that can provide overviews of the cybersecurity health of every single connected device, and only permit devices that have correctly implemented the required security protocols will be the order of the day.

A simpler solution is needed - Introducing SecureData

What if instead of focusing on the perimeter protection, we encrypt data at the file-level? That means wherever the Data goes it remains protected so even if it does get into the hands of the wrong person the data is useless. This was the vision of Dr Ngair Teow Hin, the CEO of SecureAge Technology. 

After spending 8 years in a Research Lab where he built the world’s first Unicode based system to support multilingual computing (yes, before Microsoft) he founded SecureAge in 2003. The first 10 years were dedicated to researching cybersecurity solutions which is when he discovered that existing solutions were either only protecting perimeters, or only protecting data at-rest. This left Data in-transit and data in-use vulnerable. 

This revelation inspired Dr Ngair to find a data-centric alternative that would protect ALL types of Data, against ALL types of threats and ALL types of use. His solution, SecureData, quickly caught the attention of government agencies and SecureData soon became the preferred Data encryption solution for public entities in Asia. 

As Data privacy is no longer a tick-box activity, and every piece of Data is sensitive, SecureData can make the transition to Smart Cities safer. It uses PKI-based technology to make encryption an inherent property of Data, as opposed to a collection of reactive systems. This is important because 2020 taught us that we can no longer predict the future. The PKI therefore provides a trusted certificate authority for asymmetric encryption, and it supports natural file sharing processes - meaning the wheel doesn’t have to be reinvented.

The bottom line - public cybersecurity cannot be compromised 

While advocates of IoT security are pushing for the implementation of concrete governance, governing bodies such as the EU’s Article 29 Working Party and the US Federal Trade Commission have shied away from implementing hard standards, choosing to instead take the soft approach of offering recommendations and putting the onus of cybersecurity on individuals which we believe is a recipe for disaster. As IoT seeps into every aspect of our lives we simply cannot afford to endure compromised public cybersecurity systems.

Visit these links to learn more about how SecureData can help governments transition to secure Smart Cities, or find out how SecureData can help large enterprises to save on hiring cybersecurity experts.