Lack Of AI Investment To Leave Smart Cities Exposed To Cyberattacks
Cities are getting smarter and more connected with the help of technology, but that also means they are becoming increasingly vulnerable to cyberattacks, according to ISACA’s 2018 Smart Cities Survey.
To stave off future attacks, ISACA reports municipalities and the federal government need to begin investing in preventive controls like artificial intelligence to limit cybercrime and minimize risks for residents.
"Smart cities are emerging across the globe, cities which are leveraging technology to drive services to constituents," Xebialabs Chief Product Officer and ISACA International Director Robert Stroud said.
"At such scale, the attack surface is vast. With all constituent services — including power, water, transport, garbage collection — and the scale of the population, any successful attack such as a denial of service attack on power, or a ransomware attack on citizens' records, would represent a catastrophic event."
Previously known as the Information Systems Audit and Control Association, ISACA is an international professional association focused on IT governance. For its latest research, the organization polled about 2,000 IT governance professionals worldwide in early 2018, asking about the risk of cyberattacks on smart cities.
Seventy-one percent of surveyed respondents flagged the energy sector as the critical infrastructure system most susceptible to cyberattacks, followed closely by communications (70%) and financial services (64%).
"Smart cities will need to tackle the issues of cybercrime head-on, investing in effective controls that leverage preventative controls," Stroud said, adding that 78% of respondents agree that AI will be important for the security, resilience and preparedness of cities and municipalities. But only 36% expect AI for cybersecurity to be widely deployed in the next five years.
"Unfortunately, the delay in investing in AI technologies will leave smart cities exposed," Stroud said. "An example is power generation, which is increasingly at the forefront of the evolution into smart cities.
"Increasingly, power generation may come equally from other constituents, along with [traditional] generation capabilities," he said. A deliberate power outage would cripple services to a smart city, everything from elevators to pumping fuel, and most residents wouldn't have backup generation capacity."
The ISACA survey shows that malware/ransomware and denial of service are the two most concerning types of smart infrastructure attacks for IT governance professionals. Also, the respondents noted that cities’ smart infrastructure is most likely to be targeted by malicious nation-states (67%) and hacktivists (63%).
Despite the many threats for which cities are specifically vulnerable, only 15% of respondents consider local governments to be equipped with the tools needed to contend with cyberattacks against smart infrastructure. Many more — 55% — think the national government would be better suited to deal with the threats.
The majority of respondents consider implementing new tools and techniques, such as smart grids and AI for cybersecurity, to be important in protecting smart cities. Will these steps be taken? Less than half of respondents consider anything likely to be done in the next five years.
Lack Of Resident Education
The need for more effective communication with residents living in a developing smart city also is apparent, with three-quarters of the respondents saying that municipal governments haven't educated residents well about the benefits of living in smart cities. Namely, tapping into smart technology can modernize parking, ID systems and other city services to create efficiencies and lessen congestion.
"One of the primary issues facing smart cities is informing those who reside within," Stroud said. "Smart cities appear to be a concept that residents are open to adopting, but 75% say municipal governments have educated residents 'not well at all' on the benefits of living in smart cities.
"The benefits need to be articulated, as well as the need to invest in security awareness, training, techniques and tools to ensure that the cyberthreats are minimalized, and vulnerabilities proactively dealt with."