THE promise of smart cities is clear: a more liveable space for citizens which in turn, fosters a better environment for businesses to flourish and grow, leading to greater economic growth. Governments in South-east Asia have been building up critical infrastructure and rolling out technologies to support their vision of smart cities. Indeed, Singapore is one of the strongest advocates for smart cities, and has been key in proposing the establishment of the Asean Smart Cities Network.
Yet, the race to fulfil this vision is not without its risks. Increased connectivity means more opportunities for cybercriminals to launch attacks and with the interconnectivity of smart systems, self-propagating malware can easily take down key systems rapidly and lead to breakdowns of critical services.
Case in point, the most recent ransomware attack launched on the United States’ fuel pipeline operator Colonial Pipeline caused the shutdown of its entire network – the source of nearly half of the US east coast’s fuel supply. While the damage of such magnitude caused by cyberattacks has not surfaced in Singapore, these incidents hammer home a valuable lesson in the importance of having a clear, effective cyber defence strategy.
In today’s connected landscape, how can governments mitigate the risks of cyber threats and build secure and safe smart cities? Here are four key considerations that are critical for smart cities to mitigate digital risks and better position themselves against cyber threats.
#1 Stay ahead with strategic cyber intelligence
>Staying one step ahead of these cyberattacks will require a thorough understanding of knowing where to look, who the threat actors are, what they are after, when they are planning to launch an attack and how they intend to do so. Smart city cyber-defenders must be proactive to gain a pre-emptive advantage. They need to be looking into the deepest, darkest corners on the Internet.
Over 94 per cent of the world’s information reside in the deep and dark Webs, which are frequented by cyber-threat actors trading restricted information ranging from academic and research data, to financial and medical records.
To minimise the fear of data breaches and cyberthreats, smart cities must adopt an intelligence-centric mindset and leverage deep technology to monitor these platforms. Predictive detection capabilities will take the element of surprise away from these cyberattacks, allowing cybersecurity agencies to take action swiftly and prevent data exfiltration and loss.
#2 Fight AI-powered attacks with AI-powered self-defence systems
Similar to how our immune system continuously self-monitors, learns and heals when faced with anomalies, the next frontier of cybersecurity solutions should have the ability to identify abnormal foreign activities or programmes through adaptive machine learning.
An automated, self-defence cybersecurity system powered by AI and predictive analytical technologies will be able to define normal and abnormal statuses, monitor the system 24/7, and respond to and recover from new threats. Having such a system will reduce the risk of attacks significantly and reduce the attractiveness of being a hacking target for threat actors.
#3 Rethink regulatory environment for cybersecurity
While governments may have enacted cyber laws, many are proving to be challenging to enforce. There are a few areas where improvements can be made and scaled.
For a start, incident reporting can be made mandatory. This will create a body of research data that can provide insights on threats to the nation (and cities) and inform the government on strategies it can undertake to strengthen their cyber posture. Imposing mandatory risk and vulnerability assessments will also be helpful in identifying threats early and conduct remediations to close any cybersecurity gaps. Commencing attack vector assessments can help uncover new attack surfaces as businesses adopt new digital formats and services.
Additionally, nations can cultivate a cyber reward culture where the discovery of bugs and vulnerabilities are rewarded, providing an incentive for the cybersecurity community to share their knowledge and promote joint solutioning.
#4 Adopt a people, technology, process and governance framework
As much as cybersecurity is a technology problem, we (humans) are part of the equation contributing to it. Cyber hygiene needs to be emphasised and practised religiously. Employees and individuals need to be educated on cyber threats and risks, given the prevalence of phishing attacks and social engineering hacking campaigns.
From the technology perspective, the public sector and businesses alike should incorporate layered defences with data and endpoint security, gateway-based security, automating scanning, monitoring and malware removal. Antivirus solution, data loss detection and protection, and VPN solutions must not be overlooked.
With processes, cybersecurity teams should conduct threat profiling, creation of threat segmentation, zoning and risk containment. A habit of backing data daily would be a good policy to adopt too.
Finally, when it comes to governance, a good cyber threat visibility and intelligence programme will be vital in completing a well-rounded cybersecurity strategy.
Cyber threats and risks will always be present in our increasingly connected world. Nonetheless, given the immense potential that smart cities can bring to the economy and in bettering the lives of citizens, nations should not let the risks be a factor that derails their smart city initiatives.
By understanding and gaining intelligence of where threats lie, adopting effective cybersecurity measures and putting up strong cyber walls, cities can become smarter and safer.
