As smart cities are most vulnerable to cyber attacks, governing bodies should empower the cities to deal with breaches, survive heavy attacks, and bounce back quickly. Hence, governments should consider implementing a cyber resilience strategy.
Everyone has been enthusiastic about smart cities for quite some time now. Developed and developing countries have already started creating strategies to turn their cities to become smarter, more resilient, and connected. While the definition of smart cities differs from person to person, the ultimate goal is to optimize city operations, improve people’s lifestyle, and boost revenue generation. A smart city is a place that considers all aspects of socio-economic development, where the inhabitants can enjoy ease and comfort through their day-to-day activities. To achieve success in the smart city mission, several incredible, sophisticated, and cutting-edge technologies like IoT, automation, AI, and big data analytics are aiding the government. As technologies evolve, they offer unprecedented levels of capabilities to transform the city’s digital infrastructure, making it smarter and more connected than ever. Not only the government but also several public sectors are innovatively thinking about concrete steps to make their cities smart. The amalgamation of innovation and new-age technologies will indeed go a long way to achieve these mission and goals. While countries are striving to transform the smart city ideas into reality, one challenge that obstructs their way to success is cybersecurity.
Though technologies offer great opportunities for countries worldwide to attain smart city success, they open up entry points for criminals to execute their malicious activities. Therefore, smart cities have to become resilient enough to not only readily survive any socio-economic variation, but also adapt to cyber attacks. And to achieve this level of sophistication, the government should plan to build a holistic, effective cyber resilience strategy, which will allow smart city operations to function well in the aftermath.
Along with connecting everything digitally for lifestyle improvement and economic benefit, smart cities should mandatorily consider cybersecurity in their smart city initiative. As mentioned earlier, smart city initiatives harness new-age technologies for driving economic growth. In a smart city, several devices and machines will be connected to each other over the Internet. A lot of data will be generated, which will be shared with the concerned authorities. As hackers are readily waiting to steal information for committing crimes, they may see this as an easy opportunity to get hold of a voluminous amount of data. By exploiting weakly secured touchpoints, criminals can easily get access to the centralized databases.
While leveraging advanced technologies for cities actually widens the possibility of cyber attacks, stakeholders should take concrete steps to secure the data that is collected from various data sources. Citizen privacy and data security should be considered mandatorily while creating strategies for smart cities. But do we really have a flawless, robust cybersecurity solution yet? What if cyber intruders use the newest technologies to break the security walls and gain control over the centralized systems? And what if the malicious actors get control rights, steal the data, and leave the government with millions in revenue losses? Given the pace at which cybercrimes are skyrocketing, we are pretty sure that there is no tough security solution yet. To deal with this issue, the government can consider cyber resilience strategy, rather than focusing only on cybersecurity practices. Now, since the term cyber resilience strategy is relatively new, let’s briefly discuss what its importance is and how it will impact smart cities.
Having a cyber resilience strategy determines the flexibility and robustness of businesses to data breaches. Now let’s understand the key difference between cybersecurity and cyber resilience. Cybersecurity refers to the usage of technologies and best security practices for protecting against cyber attacks. On the other hand, cyber resilience is the ability of businesses to not only be preventive or respond to hacker events but also adapt and quickly survive the attack. Until now, the focus of most of the organizations was to have a cybersecurity strategy in place, but what if a security breach hits inevitably? To deal with such instances, organizations should make their IT systems resilient enough that they withstand and bounce back from any attack. Now the question arises, how cyber resilience matters to smart cities?
As smart city initiatives harness digital technologies, data from various systems will be shared over the network to the cloud leaves cities exposed to cyber attacks. So, even though the city experts plan and spend millions on the best security practices, the likelihood of criminals attacking the system is high. Smart city initiatives, powered with cybersecurity and cyber resilience strategy, will be prepared with the right measures and strong security against hackers. With these pointers considered, the vision of smart cities will be accomplished successfully without having to compromise on citizen privacy and data security.
We know that no system is impenetrable, for now at least. And hence, smart cities cannot be 100 percent secure and safe from evil players. When a crisis hits, the city infrastructure should be robust enough to respond and deal with it effectively. Thinking about embracing cyber resilience is easy, but implementing it is harder. Understanding this, we offer some useful tips that city designers, the government, and professionals can take into account while building a cyber resilience strategy:
Having the necessary and most importantly the right personnel is essential while building a cyber resilience strategy. Hence, the government should hire the right person(s) who can carry out cybersecurity investigation, assess how city functions are operated, and also create an effective cyber resilience strategy.
Cities should conduct an assessment to understand the potential cybersecurity risks they have from hackers. Analyzing the identified possible threats and their impact on the city’s infrastructure, the city specialists can better understand the responsive nature of their infrastructure.
The concerned executives should identify the services that require classified information for their operation. Knowing which services are critical will help the authorities to execute the response strategy effectively.
After a crisis occurs, what measures should be taken, how they will be executed, and how impactful these actions will be, should be considered by cybersecurity officers. One of the few cities that have already embarked on their journey to building a cyber resilience strategy is Rotterdam, Netherland's second largest city. The city not only appointed a Chief Resilience Officer who was responsible for checking the required operations but also planned for a cyber resilience strategy with Microsoft. Other developed and developing countries who endeavor to build smarter cities should take inspiration from cities like Rotterdam. Countries worldwide should learn the strategy implemented by Rotterdam, analyze how it will match their cities, and design their plan accordingly.
Naveen is the Founder and CEO of Allerin, a software solutions provider that delivers innovative and agile solutions that enable to automate, inspire and impress. He is a seasoned professional with more than 20 years of experience, with extensive experience in customizing open source products for cost optimizations of large scale IT deployment. He is currently working on Internet of Things solutions with Big Data Analytics. Naveen completed his programming qualifications in various Indian institutes.