Connect with us

Hi, what are you looking for?


IoT Security

Finding the Middle Ground: Securing Smart Cities

Smart City Security

Smart City Security

High-profile cyberattacks and data breaches have become somewhat of a norm. You’ve likely heard this before: it’s no longer a question of if an attack will happen but when. We expect ‘always on’ connectivity with access to business data and this means that the clear boundaries of the traditional security perimeter are fading fast; as this happens, the potential attack surface grows. Advanced smart infrastructure, cloud networks and the Internet of Things (IoT) add more points of entry and ultimately more risk for both network operators and end users. 

This reality has sparked a rather polarized debate among government organizations and municipalities contemplating smart city technologies. Advocates are willing to throw caution to the wind to charge forward and implement these technologies, eager to harness the data and near real-time communications enabled by smart applications to positively impact their communities and citizens. On the other hand, skeptics are staving off adoption due to fears of destructive cyberattacks – and there’s no shortage of examples to justify their hesitancy. 

Just recently, we saw the City of Atlanta crippled by a SamSam ransomware attack that lasted two weeks and cost nearly $3 million – a clear warning to municipalities using smart applications. Numerous attacks on smart cities fly under the public’s radar: local police departments hit by small ransomware attacks, fire department databases hacked and gas operators plagued by customer communications disruptions. 

Keeping up with the daily barrage of cyberattacks when critical services like police and fire departments, water treatment plants and utilities and energy infrastructure are at stake poses new challenges and greatly increases the consequences of an attack. Consider Gartner’s prediction that by 2020 there will be over 20.4 billion connected IoT endpoints and over the past three years alone AT&T has seen a 3,198 percent increase in attackers scanning for IoT vulnerabilities. However, there is a way to bridge this divide and manage the risks of these nightmare scenarios so that governments can capitalize on the benefits of adopting smart city technologies. 

● Embrace a platform mindset. When considering smart applications, security cannot be an afterthought. Think as early as possible about developing a platform, ideally starting with the first smart application being deployed. This will ensure that the network is approached holistically, allowing orchestration, security, scalability and speed to all be prioritized. As smart applications are added, the foundation already exists to securely manage connections and implement emerging security technologies.
● Leverage the network. Whether you’re running an entire smart city or managing IT environments within a smart city, the network can help minimize damage and contain threats at the earliest possible moment. It’s unlikely that municipalities will ever have the budgets, resources or security personnel needed to secure each individual endpoint connection. Instead, optimize every part of the network – from switches to gateways and endpoints – to detect and remediate threats. 

● Invest in automation. To defend against constantly evolving threats, security personnel must also adapt. A recent study revealed that only 19 percent of public sector organizations have deployed security automation tools or applications. Firewalls and endpoint security will always be important components of a city’s security posture, but innovations in machine learning and automation are essential for maintaining pace with attackers. Every attack, successful or thwarted, traverses the network. Machine learning and automation can help security teams correlate meaningful insights from the network’s data to stay ahead of cybercriminals.

There’s no shortage of consequences for leaving smart city applications unsecure, and recent industry conferences Black Hat and DEF CON provided a deluge of reminders. IBM research exposed 17 vulnerabilities in popular sensor hubs used to support smart city systems and researchers at an Israeli university discovered flaws that allow hackers to disrupt a city’s water supply by turning smart irrigation systems into a botnet. Do not mistake smart for secure. Only when these platforms are constructed with security in mind, the entire network can be leveraged to detect and remediate threats and when automation and machine learning are built into security architecture, smart cities can be secured. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Today’s growing attack surface is dominated by non-traditional endpoints.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...