Securing smart cities

Over the next decade or so technology will make cities easier, safer and healthier to live in. Features such as sensors that can anticipate and warn against bad weather or charge drivers extra fees during rush hour, as well as controlling street lighting more intelligently, have the power to improve the lives of city dwellers.

However, this integrated network, based on the internet of things (IoT), also provides new opportunities for hackers and cyber criminals. Hacking smart city systems so traffic signals cause chaos, opening sewage and wastewater treatments at the wrong time or simply switching off street lighting could, for instance, create opportunities for hackers and criminals to hold city authorities to ransom.

It’s a challenge that’s keeping Andrey Nikishin busy. “The risk is increased here because there are so many different apps and devices that have access to these networks,” says the future technologies projects director at Kaspersky Lab UK. Kaspersky works closely with Securing Smart Cities, the not-for-profit global initiative that addresses the cyber-security challenges of smart cities.

The only way to secure a device is to concentrate on its operating system, in other words the software running on these devices

“The other problem is that the IoT is a very exciting market and there are a lot of small companies entering it,” he explains. “They want to release a product as soon as possible; sometimes it’s still just proof of concept. There’s an understandable desire to conquer the market quickly and ensure that the apps become widely used. But often these small companies have to sacrifice an element of security to increase their speed to market. Security for them and for their customers is complicated and acts as a distraction – it’s easier to focus on the essential elements.”

Mr Nikishin also has a warning for the city authority IT managers who commission these devices and the software that supports them. “The main problem is that they frequently regard security as a one-off project, when in reality it’s a process,” he says. “They need to start thinking about security during the architecture stage and not just as something to be bolted on at the end. Often it’s difficult to add security at a later stage, especially with devices such as smart cameras. You can’t retrofit it in these cases.”

The IoT might be in its infancy as a means of transforming city infrastructure, but already hackers are targeting it. Last October, a form of malware called Mirai, the Japanese word for “the future”, which turns computer systems running Linux into remotely controlled “bots”, was used to attack Dyn, an internet performance management company. It disrupted internet service in many areas of North America for several hours, affecting millions of users in city authorities.

To support the growing number of cities that are already adopting this new technology, Kaspersky is applying its vertical, integrated solution. “The only way to secure a device is to concentrate on its operating system, in other words the software running on these devices,” explains Mr Nikishin. “You have to consider the whole system. For example, you can’t treat a connected car as a device on its own; you have to look at the control centre and its operations in the cloud. We take a whole infrastructure approach. After all, if you miss one link in the chain then the entire system will be compromised.”

The IoT as an enabler of smart cities is evolving rapidly and so are the threats to it, with ransomware and terrorism of particular concern. Mr Nikishin concludes: “We talk about ‘smart cities’ but the smartest cities are those that are thinking about security at the start of this process – and then constantly reviewing it to protect their citizens.”

For more information please visit