These are not only mobile banking applications, car rental applications, scooters, but also plans to give a certain subjectivity to these devices so that they themselves can determine better, more economical and ecological solutions. In Smart Cities, everything has to live together as in a symbiosis. This is the concept of creating a coherent organism in which everything works like a Swiss watch. However, what about the current problems of cybersecurity of such projects? How to strengthen the security of systems that are already undergoing so many attacks?

Hackers attack every day, even now. This problem also affects numerous projects that are precisely aimed at creating a coherent, intelligent and at the same time safe city. It concerns data leaks, from urban transport companies' databases, parking meters, traffic control systems to manipulation of CCTV monitoring and this is only a part of all the possibilities on attacks on vulnerable elements. The development of modern cities based on network and IT communication is already exposed to cybercriminals!

Examples are countless and include such cases as U.S. Customs and Border Protection exposing registration plates and photos of around 100 000 travelers going in or out US; attack on CCTV surveillance system of Washington DC police with intend to extort money from citizens; or numerous ransomware attacks, such as the one in Baltimore in May 2019. Hackers demanded a ransom, threatening to release sensitive data of city residents. People are not aware of such situations on a daily basis. They trust that whoever designs or operates the systems of smart cities is maintaining the highest level of security. Yet, sensitive information about us, our behavior, preferences, financial status are constantly collected and analyzed in databases, which sooner or later will lead to huge privacy violation.

We are all constantly being exposed to some extent – monitored by city cameras that come with face recognition and citizen tracking. On the other hand, we all know that paradoxically all these measures are helpful in fighting crime and increasing the overall feeling of security. Yet, from a study by Vasilios Hioureas of Kaspersky Lab and Thomas Kinsey of Exigent Systems Inc., it follows that monitoring systems can also be used for harmful purposes. Due to the lack of adequate cybersecurity measures in place, one can manipulate the recording, alter facial recognition results or just disable the monitoring system at all.

Mike Jankowski-Lorek
... is a Cybersecurity Expert and Director of Consulting at CQURE.

That said, it is important to take appropriate steps to this end and make the communities aware of the importance of protecting personal data. There are already organizations who have started to support the cyber security associated with Smart Cities and oversight over new solutions introduced by municipal administration.

Investments in security are severely delayed and unattended, hence systems are not secured sufficiently from the moment they are created, especially the IoT (Internet of Things) ecosystems are considered as the most vulnerable. Start-ups often do not plan for security at the beginning of their projects simply because of insufficient funds and time. Therefore, during the rapid growth phase or first major deployment, solutions are vulnerable and require thorough testing. This applies as well to the innovative projects for smart cities which have never been used before at a larger scale. "Secure by design" is one of the most important concepts in achieving good security but unfortunately this is overlooked far too often. Nevertheless, all systems require full and thorough regular evaluation of their security posture, or in other words penetration testing.

The security of an intelligent city should be extensive – attacks can take place at the level of the human factor (operational and controlling unit), at the level of software or even hardware. In this broad perspective, we can only imagine the types of risks and threats. Consequently, municipal administration, same as private organizations, should pay special attention to securing their systems and conducting regular penetration tests, which are controlled and legal attacks on the company's system, simulating the activities of potential cybercriminals. As a result, the tester can pay attention to the weakest aspects and as a result the organizations can increase the overall cybersecurity posture.

Another important aspect are organizations’ employees. It is usually simpler to "hack" people then well designed or protected services. One of the most common trick is so called "Business Email Compromise" just like in the case of Polish national airlines PLL LOT, where one of the accountants transferred over 700 000 USD to the attackers bank account instead to the producer of the airplanes.

This example shows that employees are not trained regularly in basic cybersecurity procedures or usage of the company's equipment, telephones and computers. One should also realize why it is important to increase knowledge about possible threats such as phishing and importance of VPN usage when working from home. But not only that. Due to the recent COVID outbreak it has been getting more and more common phenomenon to use private devices and home WiFi networks for work purposes. Organizations should always provide training for their employees in this area to protect their own resources. In addition, Security Awareness Training Series which are suited to employee functions in order to illustrate how to build cybersecurity strategy in an organization, should also be of basic necessity.

The most important aspect in the development of smart cities based on IoT is the positive impact on the economy, ecology and general simplification of the everyday life. Cyber security issues take a further place on the list of priorities, but should they not be at the top of it as our personal data and finances rely on the network? Even improving the protocols or connectivity standards used by IoT does not address the problems of cyber-attacks. Therefore, security enhancements should be comprehensively implemented in the smart cities’ ecosystem. Unfortunately, the situation is further aggravated by the lack of proper investment in cybersecurity, and this may threaten the efficiency and stability of its future.

Author: Mike Jankowski-Lorek

Opinions expressed by Forbes Contributors are their own.