Smart cities and cyber risk management: are we there yet?

Smart cities and cyber risk management are we there yet RiskXchange The leader in Third-Party Cyber Risk Management

As urban cities continue to increase in population, many are becoming ‘smart cities’ through digital transformation. This transformation intends to make resident lives more convenient, governance more effective, and resource consumption more efficient.

Smart cities are also increasing economic efficiency, reducing public expenditure, and decreasing environmental output. They are, therefore, a very necessary model for the resource-strapped future we’re facing.

Even with these added benefits, one question remains unanswered, however: Are the cities of the future as cyber safe as much as they are smart?

In this post, we explore the potential cyber risks smart cities will face (and are facing) and assess what measures can be explored to mitigate these risks.

Smart cities are increasingly under attack

The sophisticated cyberattacks that target critical infrastructure in smart cities are creating a unique security-threat paradigm.

Unlike the conventional security issues of the past, the cybersecurity requirements of smart cities are new and evolving constantly in line with the latest trends in technology and innovation.

A breach of street light systems, for instance, can not only cause road accidents but also compromise access to servers that store data on individual customer behaviour, financial information and other personal information about citizens—possibly even their health records.

That’s not all. Given the need to speed up service delivery and facilitate integration and interoperability, most companies provide access to critical organisational assets and information to third-party vendors with little to no security review.

This access even extends to fourth and fifth parties, whose involvement in the smart city ecosystem makes the management of smart city security risks even more challenging.

Smart London lacks third-party cybersecurity measures

The concept of Smart London has been underway for over a decade with successful projects including widespread Wi-Fi, smart transport, and the prevalent use of mobile applications.

The smart city plan, however, only focusses on implementing projects and initiatives with no guidance on stakeholder or security management.

Even in the national cybersecurity strategy for 2016-2021, there is no inclusion of security requirements specific to smart cities. The only guidelines on cybersecurity are for connected and automated smart vehicles. There is no information on how London’s smart city initiative will manage its cybersecurity requirements including third-party risks.

We’re compelled to comment, in this case, that as ambitious as the initiative is, it does not have comprehensive, long-term strategies in place to manage security risks, comply with industry standards or implement effective third-party risk management.

Risk mitigation must be a top priority for smart cities

Smart cities are heavily reliant on technology, which opens the door to cyberattacks that lead to significant losses. Smart cities also comprise a highly complex, interdependent network of devices, systems, platforms, and users with several key and non-key actors.

As a public entity, the complexity of the ICT supply chain of smart cities also includes vulnerabilities that could pose a threat to the entire ecosystem.

Until concrete standards to mitigate cyber threats are set up, the following are a few best practices that can keep smart cities secure:

  • Create policies around IoT data privacy and use them to ensure protection against unintended misuse.
  • Ensure secure access for all connected devices by synchronising access credentialing—and eliminating weak points—to protect residents’ identity information.
  • Ensure cybersecurity compliance across all interdependent networks of devices, systems, and platforms not only with leading regulations and industry standards but also following international standards, where necessary.
  • Secure information at the source by ensuring that all third-,fourth-, and fifth-party stakeholders involved have secure access, secure cybersecurity protocols, and practices to ensure data safety.
  • Integrate practices like cybersecurity ratings to enjoy a clear overview of the security posture of the entire ecosystem.

Make smart cities safe with effective risk management

Understanding and evaluating risks in smart city systems require a pragmatic approach to cyber risk management due to the high level of interconnectedness of smart services and the rapidly evolving nature of constituent systems.

Get in touch with RiskXchange to access our accurate, 360-degree security risk rating management system and take a step towards third-party risk management in any smart city.

RiskXchange is a company founded and led by recognised experts within the security industry, who have held leading roles in companies like IBM Security.