Lackluster cybersecurity in smart cities puts future IoT in peril – Technologist

Digital security investments in smart cities are severely lagging, thus seeding the future vulnerabilities of the IoT ecosystem, according to ABI Research.

“Smart cities are increasingly under attack by a variety of threats. These include sophisticated cyberattacks on critical infrastructure, bringing industrial control systems (ICS) to a grinding halt, abusing low-power wide area networks (LPWAN) and device communication hijacking, system lockdown threats caused by ransomware, manipulation of sensor data to cause widespread panic (e.g., disaster detection systems) and siphoning citizen, healthcare, consumer data, and personally identifiable information (PII), among many others,” said Dimitrios Pavlakis, industry analyst at ABI Research.

“In this increasingly connected technological landscape, every smart city service is as secure as its weakest link,” he added.

Projected smart city cybersecurity spending not enough

Based on ABI Research’s Smart City Cybersecurity application analysis report, the financial, ICT (Information and Communication Technologies) and defence industries will account for 56% of the US$135 billion projected total cybersecurity spend in critical infrastructure in 2024.

The remaining 44% of the 2024 spend will be split between the Energy, Healthcare, Public Security, Transport and Water & Waste sectors – leaving them woefully underfunded and incredibly vulnerable to cyberattacks.

Smart cities are comprised of a highly complex, interdependent network of devices, systems, platforms, and users.

Smart energy, utilities, water and wastage, parking and automotive, industrial and manufacturing, building automation, e-government and telemedicine, surveillance and public safety are just some of the verticals that vendors and governments must secure.

WAN smart-city connections to reach 1.3 billion

ABI Research identified cloud service powerhouses like Microsoft, security leaders like Entrust Datacard and Rambus, cellular communication experts like Sierra Wireless, certification authorities like Globalsign, and multi-vertical service providers like Huawei as some of the key vendors providing smart city-specific solutions.

The analyst firm that there will be about 1.3 billion wide-area network smart city connections by 2024, with almost 50% of those connections expected to be LPWA-LTE and LPWA Proprietary.

While some LPWA protocols like the NB-IoT are attempting to tackle at least some digital and communication security challenges, ABI Research pointed out that these intrinsically lightweight cellular versions aim toward lowering bandwidth cost, increasing coverage, and lowering latency and are not, in general, capable of handling the increased number of cyber-threats in the interconnected smart city environment.

“Lack of cryptographic measures, poor encryption key management, non-existent secure device onboarding services, weaponised machine learning technologies by cyber-attackers, poor understanding of social engineering, and lack of protection versus Distributed Denial of Service (DDoS) attacks are just are some of the key issues contributing to the amplification of cyber-threats in smart city ecosystems,” said Pavlakis.

“This is further exacerbated by the lack of digital security investments and will, unfortunately, jeopardise the key elements of intelligence, efficiency, and sustainability of future smart city deployments,” he said.