Abstract
ABSTRACTIn this paper we examine the current state of play with regards to the security of smart city initiatives. Smart city technologies are promoted as an effective way to counter and manage uncertainty and urban risks through the effective and efficient delivery of services, yet paradoxically they create new vulnerabilities and threats, including making city infrastructure and services insecure, brittle, and open to extended forms of criminal activity. This paradox has largely been ignored or underestimated by commercial and governmental interests or tackled through a technically-mediated mitigation approach. We identify five forms of vulnerabilities with respect to smart city technologies, detail the present extent of cyberattacks on networked infrastructure and services, and present a number of illustrative examples. We then adopt a normative approach to explore existing mitigation strategies, suggesting a wider set of systemic interventions (including security-by-design, remedial security patching and replacement, formation of core security and computer emergency response teams, a change in procurement procedures, and continuing professional development). We discuss how this approach might be enacted and enforced through market-led and regulation/management measures, and then examine a more radical preventative approach to security.
Highlights
Over the past two decades there has been a concerted move to network urban infrastructures to utilize computation to try to solve urban problems and deliver city services more efficiently
In this paper we examine this paradoxical relationship in depth, detailing how smart city technologies designed to produce urban resilience and reduce risks are opening up the urban systems they are meant to augment to new forms of vulnerability and risk
Large public bodies that are operating the European Union have to institute an audit and risk committee that identifies vulnerabilities and monitors potential threats to an organization and oversees mitigation strategies. These are often broad in scope and could benefit from a sub-committee focused on software security and network threats. This sub-committee should oversee and audit the work of the core security team; advise on the work priorities and program; certify security assessments; certify that the city’s smart city technologies conform to legal and regulatory requirements; ensure that response and mitigation plans and processes are in place; and ensure there is clear communication to the public concerning the security of smart city systems (Nanni, 2013)
Summary
Over the past two decades there has been a concerted move to network urban infrastructures to utilize computation to try to solve urban problems and deliver city services more efficiently. The use of access controls (username/password, two-stage authentication, biometric identifiers), properly maintained firewalls, virus and malware checkers, end-to-end strong encryption, and procedures to ensure routine software patching and ability to respond with urgent updates to close exploits as they occur, audit trails of usage and change logs, and effective offsite backups and emergency recovery plans (See Table 2) Using these techniques, the aim is to reduce the attack surface as much as possible and to make the surface that is visible robust and resilient and quickly recoverable in case of failure. Audit trails Source: Authors, derived from Martínez-Ballesté et al, 2013 and Cerrudo, 2015
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
