Cyberattacks against state and local governments increased significantly from 2022 to 2023, says a review by the US nonprofit organization Center for Internet Security. The report compared the first eight months of 2022 and 2023, finding that malware attacks increased by 148%, ransomware incidents by 51%, and non-malware cyberattacks by 37%. The investigation also reported a notable 313% rise in endpoint security services incidents including data breaches, unauthorized access, or insider threats.
Recent publicly disclosed cases – such as the ransomware attack that disabled key IT systems of the City of Hamilton, Canada – confirm that municipalities are increasingly in cybercriminals’ sight. The more digitalized and connected a city becomes, the more exposed it is to possible violations that may result in data thefts and even in the disruption or paralysis of critical services.
Any IoT device in a Smart City may be the entry point for an hacker, for instance a connected video surveillance camera, an environmental sensor, a streetlight controller. Single or grouped devices may be attractive to illicitly acquire data (think of an IP camera providing access to the images of people living or moving in a certain area) or to hijack and assume control of specific features (hackers may, for example, tamper with data generated by a flood sensor to trigger false alarms, or sabotage traffic light patterns to block mobility).
Also, the violation may grant visibility on the infrastructure to which the device is connected and pave the way to a wider network issue, resulting for instance in a Distributed Denial of Service (DDoS) and the unavailability of essential services like energy distribution, streetlighting, public transportation, or waste collection.
Achieving 100% cybersecurity is an unrealistic goal for a Smart City, unless fully giving up on innovation and digital transformation. However, Cities can improve their defense and preparedness to possible attacks by selecting and properly managing secure technology, establishing adequate internal processes, and educating people.
At Paradox Engineering, we endorse open, standard-based Internet of Things technologies and matured a security-by-design approach, which means having security built into our solutions from their very inception. In our experience, security can’t be added at the final stage of development or demanded just as reaction after delivery. We think about infrastructure and application protection from the beginning and provide cities with intrinsically secure network systems.
Want to learn more? Ask our cybersecurity experts!
Photo source: Adobe Stock