Lack of investment in cybersecurity could jeopardise the core goals of smart cities, warns ABI Research.
Cybersecurity investments in smart cities are “severely lagging” and are “seeding the future vulnerabilities of the IoT ecosystem,” according to new analysis from ABI Research.
ABI finds that the financial; information and communication technologies (ICT); and defence industries will account for 56 per cent of the $135 billion projected total cybersecurity spend related to critical infrastructure in 2024. The remaining 44 per cent of the 2024 spend will be split between the energy, healthcare, public security, transport and water & waste sectors.
This leaves the latter sectors “woefully underfunded and incredibly vulnerable to cyberattacks,” the research warns.
Dimitrios Pavlakis, Industry Analyst at ABI Research, said: “Smart cities are increasingly under attack by a variety of threats. These include sophisticated cyberattacks on critical infrastructure, bringing industrial control systems (ICS) to a grinding halt; abusing low-power wide-area networks (LPWAN) and device communication hijacking; system lockdown threats caused by ransomware; manipulation of sensor data to cause widespread panic (e.g. disaster detection systems); and siphoning citizen, healthcare and consumer data and personally identifiable information (PII), among many others.”
"Every smart city service is as secure as its weakest link."
“In this increasingly connected technological landscape, every smart city service is as secure as its weakest link,” he added.
According to ABI Research, there will be approximately 1.3 billion wide-area network smart city connections by 2024. Almost 50 per cent of those connections are expected to be LPWA-LTE and LPWA Proprietary.
Some LPWA protocols like NB-IoT are attempting to tackle at least some digital and communication security challenges. However, ABI Research notes that these intrinsically lightweight cellular versions are focused on reducing bandwidth cost, increasing coverage and lowering latency and are not, in general, capable of handling the increased number of cyber-threats in the interconnected smart city environment.
1.3 billion wide-area network smart city connections are expected by 2024.
Pavlakis said: “Lack of cryptographic measures; poor encryption key management; non-existent secure device onboarding services; weaponised machine learning technologies by cyber-attackers; poor understanding of social engineering; and lack of protection versus Distributed Denial of Service (DDoS) attacks are just are some of the key issues contributing to the amplification of cyber-threats in smart city ecosystems.
"This is further exacerbated by the lack of digital security investments and will, unfortunately, jeopardise the key elements of intelligence, efficiency and sustainability of future smart city deployments."
The findings follow a spate of recent cyberattacks in cities. Last week, 23 Texas government agencies were hit in what appeared to be a co-ordinated ransomware attack. This followed local government hacks in Florida, New York, Louisiana, Baltimore and, last year, Atlanta.