A lack of investment in cybersecurity protections could imperil the future of smart cities and the Internet of Things devices on which they run, a new report from ABI Research warns.
ABI anticipates there will be 1.3 billion wide-area network smart city connections by the year 2024. Of the $135 billion projected to be invested into critical infrastructure cybersecurity in 2024, ABI expects that the financial, information and communication technologies (ICT) industry and the defense industry will account for 56 percent of that spend. That leaves just 44 percent left over for energy, health care, public security, transport and water and waste – an insufficient share to adequate protect these sectors, the report asserts.
An executive summary of ABI report asserts that cyber investments are rarely discussed during the development process as smart cities grow in complexity, an oversight that will eventually catch up to governments, forcing them to correct past mistakes. Furthermore, the summary notes that developing an effective security framework for smart cities is not easy because "myriad issues will appear in each step of the value chain."
ABI expects that by 2024, almost 50 percent of WAN smart city connections will run on LPWA-LTE (low power wide area LTE) and LPWA Proprietary technology. In its press release, the research firm acknowledged that certain LPWA protocols, including Narrowband IoT, are "attempting to tackle at least some digital and communication security challenges." But "the fact of the matter remains that these intrinsically lightweight cellular versions aim toward lowering bandwidth cost, increasing coverage, and lowering latency and are not, in general, capable of handling the increased number of cyber threats in the interconnected smart city environment," ABI concludes.
"Smart cities are increasingly under attack by a variety of threats. These include sophisticated cyberattacks on critical infrastructure, bringing industrial control systems (ICS) to a grinding halt, abusing low-power wide area networks (LPWAN) and device communication hijacking, system lockdown threats caused by ransomware, manipulation of sensor data to cause widespread panic (e.g., disaster detection systems) and siphoning" sensitive data, said Dimitrios Pavlakis, ABI industry analyst and report author, in a company press release. "In this increasingly connected technological landscape, every smart city service is as secure as its weakest link."
"Lack of cryptographic measures, poor encryption key management, non-existent secure device onboarding services, weaponized machine learning technologies by cyber-attackers, poor understanding of social engineering, and lack of protection versus Distributed Denial of Service (DDoS) attacks are just are some of the key issues contributing to the amplification of cyber threats in smart city ecosystems," Pavlakis stated. "This is further exacerbated by the lack of digital security investments and will, unfortunately, jeopardize the key elements of intelligence, efficiency, and sustainability of future smart city deployments."
For smart cities, investing in cyber defense means being able to support a cyber workforce capable of supporting their IoT initiatives. "We've seen many failures with widespread deployment of IoT devices, whether due to insecure authentication methods, static passwords, or a lack of centralized and automated patch distribution. As city governments look to the future, they need to consider how they'll attract a workforce capable of managing, securing, and monitoring millions of always-on devices," said Kayne McGladrey, IEEE member and director of security and IT at Pensar Development. "This will be a hard sell for many cities, both due to the compensation requirements of the cybersecurity workforce and the perception that municipal jobs are rife with bureaucracy. Cities that succeed will have a vibrant and diverse workforce and realize the cost savings associated with the smart management of cities."