- Trend Micro, a software security firm, released a report identifying security risks for smart cities and a 10-step cybersecurity checklist.
- The checklist includes: establish a municipal computer emergency response team; ensure the consistency and security of software updates; plan around the life-cycle of smart infrastructure; process data with privacy in mind; encrypt, authenticate, and regulate public communication channels; always allow manual override; design a fault-tolerant system and ensure the continuity of basic services.
- The report found the security of a smart city hinges on the limitations of the technologies used and how well they are implemented.
The report, dubbed "Securing Smart Cities: Moving Toward Utopia with Security in Mind," identifies energy, transportation, connectivity, the environment and systems used for governance as areas that hackers could assault using numerous entry points. Typically, the hackers would start by using publicly available resources like firmware, codes and apps to do analyses of where the system or devices might have vulnerabilities. They would then do a scan of those systems or devices to find a point of entry, followed by intelligence gathering and eventually an attack.
The attacks could be as small as using consumer technology to read smart meters to disrupting electric power distribution, to interfering with emergency medical services. The points that weaken to these types of attacks include outdated software, which is often easy to hack. Also, devices like switches and routers have limited computing power and lack the ability to encrypt. Poorly done implementation can also leave backdoors to attacks.
The cybersecurity checklist provides ideas on how to prevent these attacks, like ensuring software updates are done regularly and planning deployment around the life cycle of infrastructure. There are also tips for ensuring privacy for residents, like a clear policy for what data can be shared and to whom, and encryption for communication channels.