Safeguarding Smart Cities Against Cyber Threats

Abstract: Safeguarding our upcoming Smart Cities in India against cyber threats is essential if we want to fully exploit the benefits of a smart city. IT infrastructure will form the backbone of Smart Cities’ infrastructure. Reliance on IT infrastructure makes it vulnerable to Cyber Threats if safeguards are not put in place in the planning stage itself.

Safeguarding our upcoming Smart Cities in India against cyber threats is essential if we want to fully exploit the benefits of a smart city. A few military stations are also likely to be upgraded to Smart City Military Stations in line with the Government’s ambitious project to have 100 smart cities. It is, however, prudent to expect that establishing Smart Cities, especially in military stations, should lead to tangible benefits and not result in increased vulnerability to cyber attacks.

Let us first try and understand the concept of smart cities before looking into the kinds of cyber threats these cities could face. As per the Government’s Draft Concept Note on Smart Cities [1], Smart Cities are those cities which have smart (intelligent) physical, social, institutional and economic infrastructure while ensuring centrality of citizens in a sustainable environment. It is expected that such a Smart City will generate options for all residents to pursue their livelihoods and interests meaningfully and with joy.

A smart city environment will have networked utilities such as power supply, water supply, e-governance for its citizens, intelligent traffic management system, networked emergency services etc. Majority of the Smart City implementation will have a networked ICT backbone requiring network security. Technology will play a key role in the development of smart cities which lends itself open to cyber threats if safeguards are not incorporated in the planning stage. The smart cities will have to be built with concurrent cyber threat safeguards.

Let us look at a few examples to illustrate this point. As per Homeland Security News Wire website [2], last December, cyber terrorists hacked into servers belonging to the Tewksbury Police Department (USA), encrypted the data stored, and later asked for a $500 bitcoin ransom to be paid before department officials could regain control of their files. The attack is known as the CryptoLocker ransomware virus, and it points to a new frontier in cyber terrorism. The police department did end up paying the $500 bitcoin ransom in this particular case. Our smart city program will have to ensure that the digitisation of police records and other government records, should incorporate cyber protection to avoid such an event occurring again. Similarly, as per Elise Viebeck’s article in thehill.com [3], computerised drug-infusion pumps can be hacked to make it easier to deliver a deadly dose to a patient. The discovery highlights the vulnerability of network-connected medical devices to tampering online. Cyber Murder becomes a distinct possibility in such cases. Even countries which have adopted the Smart Cities concept sometime gloss over the threats and fail to take corrective action. The Smart Cities Council[4] website informs that the city of San Francisco still hasn't plugged a security hole that was identified a year ago. That oversight could come back to haunt them if a cyber attacker exploits that weakness to cause economic or even physical harm. An angry litigant could seek damages by claiming the city knew about the problem and failed to take action. This is a pointer to the fact that government organisations tend to take cyber threats lightly and sometimes don’t even take corrective action when the loopholes are made known to them.

Our government should be careful of such threats when implementing the Smart Cities concept. The first 20 cities which will undergo the Smart Cities transformation should definitely include a pilot Cyber Security project which should be thereafter replicated for the balance 80 smart cities and many more which have to follow. Finance will have to be allocated accordingly if an effective implementation has to be achieved.

There is a clear and present danger of Cyber Threats to the IT infrastructure based Smart Cities. All the stakeholders in the Smart Cities initiative of the government should get together and take policy and implementation measures in this regard. Some of the measures which should be taken to mitigate the risks are as follows:

• Ab initio incorporate Cyber Security in the planning stage of Smart Cities;
• Establish a core cyber security team for each smart city;Build cyber protection infrastructure concurrently with the associated smart city infrastructure being built;
• Train people dealing in smart cities to defend against cyber attacks , guard against inadvertent compromise of critical data and avoid creating vulnerabilities due to lack of knowledge;
• Enhance capabilities of the police to deal with cyber crimes etc.

Police training is a very essential step in this direction. They need to be trained in things such as cyber forensics, cyber criminal investigation and understanding of the IT Act 2000 and IT Act (amendment) 2008. The IT Act has specific sections dealing with Cyber crimes such as Cyber Terrorism (Section 66F), Hacking (Section 65), Cyber Stalking (Section 66A) etc. Jurisdiction is also an issue in cyber crimes as invariably the person committing the crime resides somewhere else in the world. Though Section 75 of the IT Act does provide for jurisdiction over cyber criminals outside the territorial boundaries of India, prosecuting and implementing judgements of the Courts is quite difficult.

This emphasises the point that prevention is the best strategy and therefore Cyber Security should be part and parcel of the Smart Cities right from their inception and planning stage. A robust cyber-safe infrastructure with a capable and deterrent police force and cyber experts can reduce cyber threats to Smart Cities. They will then become a joy for living for its citizens as envisaged in the Concept Note on Indian Smart Cities.

The author is Senior Fellow at CLAWS. Views expressed are personal.