Smart cities push increases exposure to threats, requires redoubling cyber security
The Indian government is expanding its Digital India initiative with a total of 100 cities in line to be converted to smart cities. The cities are expected to improve living conditions, provide facilities such as uninterrupted water and power supply, efficient urban mobility and public transportation, IT connectivity and e-governance. Yet the success of these smart cities hinges on the massive digitisation of utilities and critical infrastructure.
This growing digitisation will make our safety more dependent on IT networks, sensors and other devices. As our reliance on technology increases, so do our vulnerabilities to cyber-attacks. For instance, when a new power plant goes online, this not only makes it easier to manage remotely, it also creates new threat vectors which cyber attackers can exploit to inflict harm. It’s critical that we prioritise security in these efforts.
The stakes are high. When a person experiences a cyber-attack, their personal information or money may be stolen. When a power plant experiences a cyber-attack, lives hang in the balance.
This isn’t a distant problem. India’s geopolitical conflicts make it a very attractive target to multiple advanced threat groups around the world. FireEye has documented well-resourced campaigns by sophisticated adversaries targeting numerous
Another challenge is that many Indian organizations have dramatically underinvested in cyber security technologies and expertise. Without the technologies which can spotlight attacks and skilled professionals, Indian organizations will continue to trail those in many other countries.
The launch of governmental initiatives such as the Cyber Security Assurance Framework to assist national-level efforts to protect critical information infrastructure is a step in the right direction, but we need to do more.
Today critical infrastructure asset owners and governments around the world struggle to keep up with vulnerability notifications, assessing associated risk, and implementing mitigation. These challenges will only become greater. To ensure effectiveness and efficiency in dealing with these vulnerabilities, precautions such as the following need to be taken:
-Create and maintain an accurate inventory of industrial control systems
-Obtain structured vulnerability and patch feeds that cover a wide variety of sources and match inventories with disclosures
-Track vulnerable and unpatched products currently used in respective industrial environments
-Prioritize vulnerability remediation efforts by considering by considering factors such as ICS architecture location, simplicity of exploitation and possible impact on the controlled industrial process
The rise of Smart Cities creates new avenues for organised actors with malicious intentions to undertake sabotage, espionage and do other harm.
A city is not truly smart until it is also safe, but this will require making cyber security a national priority.