More and more municipalities are pursuing innovative city initiatives to manage resources better or optimize citizen services and generally improve the quality of life. However, the necessary collection of the relevant data, networking, and processing also increase security risks. NTT Ltd., a global technology service provider, names the five most significant threats to smart cities.
The smart city, i.e., the networked intelligent city, is one of the trend topics par excellence.
The prerequisite is comprehensive digital networking that encompasses various areas: from traffic infrastructure and control to energy supply and healthcare. With smart city initiatives, municipalities can realize cost savings, efficiency improvements, and service optimization for their citizens. However, data acquisition and networking are inevitably associated with increasing cyber threats. NTT lists the top five threats and offers tips on how to improve security.
Vulnerabilities In Sensors And IoT Devices
Simple measuring sensors, Internet of Things devices (IoT), and operational technology systems (OT) as elementary data sources for the smart city often do not offer default security. As a result, security problems exist primarily in the areas of availability, data integrity, and confidentiality, i.e., the failure of devices, the use of incorrect data, or unauthorized access to personal information.
To minimize these dangers, all devices used must be classified as insecure, and “secure-by-design” approaches must be applied. The potential risks have to be considered in the planning phase, and the proper security measures have to be taken on this basis.
Unencrypted Communication Between Sensors Or Devices And Control Systems
Networking in the smart city is based on the communication of central control systems with individual devices and between the devices with each other. Since security is not necessarily an integral part of the devices and systems used, communication should be encrypted. Ideally, a protected network and infrastructure should be used for these systems.
Avoidance Of Risk Analysis In Advance
It is widely believed that it is sufficient to monitor and combat cyber threats in innovative city scenarios, but efficient preparation is even more critical. Above all, the following questions must be clarified in advance: What is to be secured? What is essential? What are the answers for each identified risk?
No Physical Protection For Sensors And Devices In Public Spaces
Physical security can hardly be implemented for sensors and devices in public spaces, i.e., it cannot be determined who, when, and how physically accesses these devices. Consequently, logical security measures must be taken. This includes implementing a robust authentication mechanism, the encryption of communication to and from these devices, and the performance of a secure network for these devices in the public space.
Insufficient Cooperation And Coordination Between The Companies And Authorities Involved
In many cases, poor coordination between those involved in smart city projects means that companies violate regulations or fail to make the right decisions in the event of problems. In the IT world, project collaboration takes place primarily based on governance strategies and established rules. Such governance must also be implemented in the OT and IoT areas. That means, on the one hand, security guidelines must be defined that also cover legal aspects. On the other hand, a process definition must also be made to ensure that these guidelines are applied entirely and consistently.
IoT and OT systems as components of the Smart City have weak points that open up numerous avenues for hackers to attack. The challenges from a security point of view are complex and keep getting bigger, if only because of the high number of endpoints and sensors,” explains Marcus Giehrl, Director Digital Transformation, NTT Ltd. »Since the success of smart city initiatives depends to a large extent on the acceptance of the population, which can only be achieved with a high level of data protection, especially of their data, and a high level of data security, adequate security measures must be of the highest priority. Security has to be an integral part of every smart city project from the start. ”
According to NTT, the following security measures are in principle indispensable in the smart city context:
- Inventory of all IoT and OT environments and devices
- Implementation of security risk assessments for all smart city core components
- Conception and application of security guidelines for smart city environments
- Securing communication between IoT and OT devices and the connected IT systems
- Securing and monitoring of maintenance access
- Performing regular penetration tests.
NTT knows the specific security challenges for smart city solutions from numerous successfully implemented projects. The company recently received the Smart Cities Award at the World Communication Awards for a transformation project in Las Vegas’ Innovation District.
In addition, NTT is committed to the “Business Avenger” in achieving the 17 global goals of the United Nations for sustainable development. The technology service provider supports the actors at the federal, municipal, and economic levels with platforms, solutions, and consulting services to fill the vision of a smart city with life. Another primary focus is on research: NTT supported the Bitkom industry association with the Smart City Index. For the index, all German cities with more than 100,000 inhabitants in the five categories of administration, IT infrastructure, energy/environment, mobility, and society were analyzed and rated for their degree of maturity in terms of digitization.
