The Five Eyes intelligence alliance comprising agencies from five nations led by the US has issued a warning on the cyber risks technologies such as 5G and the Internet of Things pose to smart cities.
The Five Eyes includes agencies from the US, UK, Australia, Canada and New Zealand, and has issued new guidance to smart city stakeholders from local government to waste services providers to reconsider the wisdom of connecting objects from rubbish bins and traffic lights to the internet.
“Integrating public services into a connected environment can increase the efficiency and resilience of the infrastructure that support day to day life in our communities,” the guidance says.
“However, communities considering becoming ‘smart cities’ should thoroughly assess and mitigate the cybersecurity risk that comes with this integration.”
The Five Eyes alliance has issued Cybersecurity Best Practice for Smart Cities, warning that smart cities are attractive to “malicious cyber actors” lured by sensitive data from governments, businesses and private citizens, and also by vulnerabilities in the “complex artificial intelligence powered software systems.”
The guidance upgrades 2020 advice from the US National Security Agency which warned that 5G smart city implementations could create new attack vectors for hackers, including the potential to disrupt critical infrastructure.
While intelligence agencies are warning of the cyber risks, IT analysts Frost & Sullivan have also issued a report on the market for 5G smart city solutions, forecasting a boom in demand.
Frost & Sullivan’s analysis, Smart City Solutions Growth Opportunities, finds that the sector is evolving from aiming to create traffic management solutions to converging with industry participants creating solutions for data simulation, the sharing economy, social media, and mass transit.
“In every smart city project, one of the most important layers is connectivity, which is the city-wide network infrastructure that facilitates the data flow between devices and the central monitoring platform,” said Avishar Dutta, mobility senior research analyst at Frost & Sullivan.
At the same time, the Five Eyes document notes that cyber threat activity is increasing and smart city infrastructure “increases the attack surface and heightens the potential consequences of compromise.”
Successful attacks could lead to a disruption of infrastructure services, financial losses, exposure of citizens private data, an erosion of public trust and “physical impacts to infrastructure that could cause physical harm or loss of life.”
There were also risks from the digital supply chain and vendors, which could enable data theft and network failures.
The guidance includes recommendations on best practice for smart cities across a number of principles: secure planning and design, applying the principle of “least privilege” for users to have minimum access for their roles, multi-factor authentication and zero trust architecture.
The supply chain risk across hardware, software and cloud providers was another focus, with smart city administrators advised to maintain a risk register which identifies vendor reliance on cloud computing and externally sourced components.
Organisations should also manage changes to internal architecture risks, maintaining awareness of their evolving network architecture and the personnel accountable for the security of the “whole and each individual segment.”
“Administrators should identify, group and isolate critical business systems and apply the appropriate network security controls and monitoring systems to reduce the impact of a compromise across the community,” the guidance says.
