This post is also available in: עברית (Hebrew)
Electricity grid operators in the U.S. experience near constant cyberattacks, with one utility recording approximately 10,000 cyberattacks a month.
Cybersecurity issues can come up when installing new “smart” systems or trying to upgrade systems to make them smart. These smart systems may include connecting traffic lights to dedicated short-range communications radios for better traffic control for example. With more than 80 cities expected to be “smart by 2025”, problems are only going to grow.
“80% of deployed systems today are not connected,” Sameer Sharma, global general manager of Intel’s IoT Smart Cities Group, told Smart Cities Dive.
The first problem cities run into when connecting the unconnected is that some of these devices were never designed to be connected, and don’t always have a clear method of security. “They are more useful but in some ways they become more vulnerable,” Sharma said.
There are so many vulnerabilities and weak spots that guarding against them all is impossible. Even if systems were once secure, systems can be put at risk if updates aren’t installed promptly. One of the problems is that vendors don’t communicate effectively about the updates. Vendors, especially smaller startups, aren’t always focused on security, yet implementing security correctly right out the gate is the best way to protect critical systems.
“We believe the security has to be built in,” Sharma said. “It can’t be built on.”
The industry knows it must be proactive on cybersecurity. Earlier this year, Microsoft called for a digital Geneva Convention to tackle cybersecurity problems with a global perspective, as many attacks cross international borders and need cooperation to solve. There are also many ways to mitigate risks. Some are obvious like strong cryptography, automating system updates and having alerts for unusual events built in. Limiting human error, from bad passwords to mitigating scams, is also a way for cities to strengthen systems.
However, technology is also offering solutions to the exact problems that technology causes. One of these solutions is open standards, or best practices and tools developed by a large group of stakeholders. Sharma describes open standards as creating a system that allows critical upgrades to be deployed widespread. Along with future proofing, open standard enables transparency. Segmentation, or micro-segmentation, is another new solution. Breaking down digital systems into segments makes hackers take over systems piecemeal and a much slower process.
Non-technological solutions for technological problems might be the last line of defense, such as kill switches, or reset buttons that have to be activated in person. It might not be as easy as clicking something on a computer, but physically flipping a switch can be a great failsafe.