City infrastructure has increasingly become a favoured target for cyberattacks driven by threat actors seeking to cause disruptions for attention or ransom. Photo: Michelle Kroll.
As more Australian cities adopt technology for data analysis, decision-making and resource allocation, urban infrastructure becomes increasingly interconnected. The proliferation of millions of new devices and sensors introduces more potential vulnerabilities that cybercriminals may target and exploit.
Cyberattacks targeting cities present dual threats, jeopardising both the seamless operation of urban infrastructure and the well-being of residents. To proactively address these challenges, city administrators should anticipate potential weaknesses in their interconnected systems, collaborate closely with cybersecurity experts to safeguard the entire ecosystem and strengthen physical security measures for critical control systems. These are just some of the strategies city authorities can employ to mitigate cybersecurity risks when considering evolving their city into a smart city.
Smart cities come with higher cybersecurity risks
City infrastructure has increasingly become a favoured target for cyberattacks driven by threat actors seeking to cause disruptions for attention or ransom. The techniques employed by cybercriminals to breach these networks vary in sophistication.
In extensive interconnected systems, it is a common tactic for cybercriminals to probe the network in search of vulnerable entry points. Their ultimate objective is to secure initial access and subsequently navigate through other linked systems to reach their intended target.
When left unprotected, even the most seemingly benign connected device can be a potential entry point for cybercriminals to launch attacks or infiltrate highly sensitive systems. An illustrative instance of this vulnerability occurred in 2016 when a significant quantity of commercial-grade video surveillance cameras sourced from an undisclosed manufacturer were compromised. These hacked cameras were then used to assemble a “cyber army” that targeted Liberia’s premier mobile phone and internet service provider, ultimately causing a crippling disruption to the nation’s internet connectivity.
This example illustrates that malicious actors accessing a local government internet of things (IoT) sensor network might be able to attack (or obtain lateral access to) more critical systems if the systems are interconnected and not secured by the appropriate measures.
Smart cities need to adopt a collaborative approach to defence
Cities need to establish well-defined IT policies to ensure no vulnerabilities are detected with IoT devices’ security and network endpoints’ security. Achieving this level of security necessitates close cooperation between city authorities and external stakeholders to ensure proper system design, implementation and the appropriate utilisation of cybersecurity solutions.
The responsibility for securing products and data extends throughout the supply chain. Manufacturers must add supplementary layers of security to promote accountability within the broader security ecosystem. Axis offers training programs to its partners and customers, ensuring the proper utilisation of its products. Axis Edge Vault cybersecurity platform provides built-in features in its devices to safeguard device identification and deliver the highest level of cybersecurity.
Securing physical access to critical control systems
Every city centre has a control room, a hub where a city’s numerous interconnected systems and data from these systems feed into. Safeguarding these hubs is a key aspect of the cybersecurity strategy of any city.
City authorities need to consider reinforcing physical access to control rooms to prevent unauthorised access to critical control systems and the unauthorised introduction of systems designed to cause hardware manipulation or communications eavesdropping, among other things.
Integrating video surveillance with access control systems, like secure entry solutions, effectively minimises unauthorised access to sensitive areas. Integrating video and access control systems can serve the purpose of visually verifying the identity of visitors. Simultaneously, advanced video analytics powered by AI can provide real-time insights by identifying and filtering out inconsequential incidents. AI-driven analytics are proficient at recognising anomalies, unusual patterns, or any specific and suspicious behaviours, enabling security personnel to respond promptly to significant events.
Two-factor authentication, such as linking a temporary QR code to a physical access card, enhances security by requiring both elements for site access. By addressing smart city cybersecurity risks, working with security partners, and adopting physical security measures, city authorities can maintain safety and efficiency for their citizens.
Cities will continue to be an attractive target for cyber attacks. Ensuring that all network entry and end points are as secure as possible is critical. Daily diligence in detecting and understanding potential threats is key, and collaboration with an ecosystem of technology partners helps to foster an approach of collective responsibility and accountability.
Wai King Wong is the Regional Director at Axis Communications
