At the (ISC)2 Congress in Dublin, Ireland, on October 19, security analyst Megha Sharma presented her research and risk assessment of the three key areas in a smart city
In order to implement efficient controls in smart cities, Sharma tells Infosecurity, “you need to understand the systems and their challenges.” The study focusses on the risks of the three major areas in a smart city - smart energy, smart transport and open data – and how they should be approached from a security and risk perspective.
Sharma explains a smart city as a “city that uses the internet and communication technologies to overcome the issues faced in a conventional city, such as traffic congestion, over-population and energy sustainability.”
The first step in assessing a smart city’s risk is characterizing it, says Sharma. Is it a virtual city, a knowledge-based city, a broadband city, a mobile city, a digital city, an intelligent city, a ubiquitous city or an eco-city? “No smart city is similar to another one. So as the cities and technologies differ, so do the controls.”
Using Bristol, UK, as an example, Sharma delves deeper into the risks associated with smart transport, smart energy and open data.
Smart Energy
Sharma declares smart energy the most valuable element of a smart city, but admits it has the highest risk factor, with most of the threats posing high risk to the assets.
Smart energy produces huge sets of data, and one of the biggest challenges is maintaining that data confidentiality. “The data usage needs to be monitored to ensure it is being used in the right way. It’s important to consider who has access to that data, as there are a lot of third-parties involved, and ensure that the data is tamper-resistant.”
Auditing should be transparent, Sharma tells Infosecurity, giving an example: “Users want to use off-peak energy consumption to save money, which is an incentive of a smart city. However, energy providers could modify that data to benefit their own profits. Service providers should be monitored, audited, and made to be transparent with their data and pricing.
Sharma adds that people need to be educated about that data usage and how it effects their privacy.
Sharma also points to the issue of smart energy data availability, which she calls “a crucial issue. In the case of a DDoS attack, availability of services must be maintained,” she insists.
Traditional cyber-attacks are the biggest risk to smart energy. (See slide 1 for further risk factors).
No tags.
