(Source: VideoFlow /stock.adobe.com)
Since 2016, Columbus, Ohio, has been at the forefront of the smart city revolution, making digitalization a cornerstone of its cyber infrastructure to deliver improvements in a variety of public services. But in July 2024, the city faced an unfortunate side effect: A ransomware attack on the digital infrastructure compromised the data of half a million residents.[1] In August 2024, another ransomware attack created havoc in the Port of Seattle with multiple outages in systems.[2]
Such breaches are just one of the many cyber challenges smart cities face. Data theft, distributed denial-of-service (DDoS) attacks, vulnerable supply chain links, and device hijacking are problems that can cripple essential services. The situation becomes especially worrisome when attacks target facilities like nuclear power plants or air traffic systems.
In addition to the most immediately apparent harmful effects of cyberattacks, the ripple effects can be lasting. Privacy concerns and compromised data can create a sense of mistrust among citizens and lead to non-participation, which might undermine the effectiveness of smart city programs.
In this blog, we take a look at the cybersecurity measures smart cities can implement to help protect critical infrastructure.
A smart city uses an array of digital technologies—including cloud computing, the Internet of Things (IoT), machine learning (ML), and more—to deliver efficiencies and make services automated and responsive. For example, improving traffic flow through smart lights and optimizing bus routes contribute to smart mobility (Figure 1), while smart buildings regulate energy efficiency depending on occupancy and time of day.
Figure 1: Smart traffic lights can optimize bus routes and traffic flow. (Source: zaheer/stock.adobe.com; generated with AI)
For a smart city to work, several technologies must function together. The foundation for a smart city starts with a number of IoT sensor-embedded devices that measure various parameters, including temperature, air quality, traffic congestion, and more. Information from a wide sensor network feeds into algorithms that process live data and make decisions in real time. The sensor network needs ubiquitous connectivity to relay the data, so a wireless local area network (WLAN) or similar connectivity solutions come into play. Data processing algorithms, often through cloud computing servers, direct the action to be taken, which then routes to the designated endpoint: the devices themselves, individual smartphones for residents, or dashboards at control centers.
A connected infrastructure is only as strong as its weakest link, and smart city technology has a few vulnerabilities that need addressing.
IoT devices do not often prioritize cybersecurity and form easy points of access for botnets to infiltrate smart city infrastructure. Smart traffic lights, sensors, and systems controlling public transportation are also susceptible to hijacking, as are energy management systems.
Despite the vulnerabilities that can plague smart cities, governments can institute a number of safeguards to prevent or stall cyberattacks and limit the fallout if a breach were to occur. These safety mechanisms might include one or more combinations of zero trust architecture (ZTA), identity and access management (IAM) systems, network segmentation, and supply chain security. Let’s consider what each of these involves.
ZTA principles assume that every device trying to gain access to a network is inherently suspect. Users need to be authorized and vetted at all times, no matter where they might be located geographically. Such a blanket approach applies an overarching rule to all network endpoints, making them less vulnerable to breaches.
A strong IAM program will only let authorized users access sensitive data. IAM programs can be fine-tuned depending on the specific functions assigned within an infrastructure. For example, a government worker in the public health department will only be able to access related data instead of being granted access to the entire network of interconnected systems.
Despite the best precautions, if data breaches do occur, smart cities should have mechanisms in place to rapidly reduce the extent of the damage. Network segmentation enables smart cities to isolate the breached area and block lateral movement of the damage. Such segmentation can occur at the physical level, through virtual local area networks (VLANs) to separate logical networks, or even at the individual device node if spotted early enough.
Smart cities typically use multiple vendors for services, any of whom can form a weak link in cybersecurity defenses. Vetting service providers and ensuring they do not have access to critical infrastructure helps decrease the risk of a cyberattack. Providing clear security guidelines for software and hardware vendors will ensure adequate protocols are in place.
While many of these mechanisms contribute to safe ongoing practice of digital operations, smart cities will benefit from designing security and cyber resilience into all frameworks from the outset. This is easier said than done, since cities might be working with technical debt and not building systems from scratch. Nevertheless, keeping cybersecurity in mind for all processes instead of adding safeguards as an afterthought is the best way to go.
Growing global populations and increasing urban migration will only add to the strains on resources in cities worldwide. A smart foundation leverages digitalization and advanced technologies to optimize resources while improving the lives of citizens. Instituting a robust and proactive cybersecurity plan will help governments harness the benefits of emerging smart technology with minimal disruptions and protected sensitive data.
The future of urban living is undeniably smart, with technology leading the way to automation and efficiency, improved public services, and an enhanced overall quality of life. However, as smart city initiatives expand, so do the cybersecurity risks that threaten to undermine their progress. Proactive measures, including zero trust architecture, network segmentation, and supply chain security, are essential to safeguarding critical infrastructure. By embedding cybersecurity into the foundation of smart city planning rather than adding it reactively, governments and stakeholders can ensure that digital transformation is innovative and secure. The goal is clear: build cities that are not only smarter but also more resilient in the face of evolving cyber threats.
[1] https://www.cybersecuritydive.com/news/columbus-ohio-ransomware-500k/732154/ [2] https://www.cybersecuritydive.com/news/seattle-port-ransomware-attack/727098/
Poornima Apte is an engineer turned writer with B2B specialties in robotics, AI, cybersecurity, smart technologies and digital transformation. Find her on Twitter @booksnfreshair.