Staying cyber-safe as cities get smarter
Dr Steve Kerrison and Ms Shazina Zaini explored the cybersecurity risks that the public, businesses, and government face as smart technologies become increasingly widespread.
The second instalment of James Cook University (JCU) in Singapore’s Emerging Leader Series — “Staying cyber-safe as cities get smarter” — took place on 7 April 2022, following the first webinar in the series which celebrated International Women’s Day by exploring the challenges that women face in the workplace and what we can do to drive positive change.
In “Staying cyber-safe as cities get smarter”, Dr Steve Kerrison — Senior Lecturer of Cybersecurity at James Cook University, Singapore — and Ms Shazina Zaini — Senior Software Developer at cybersecurity company MicroSec — explored the cybersecurity risks that the public, businesses, and government face as smart technologies and the Internet of Things (IoT) become increasingly widespread.
Various parts of the world are pursuing smart city initiatives, by weaving advanced technologies into their systems of government, to improve efficiency, quality of life and environmental aspects of city living. But what are some of the potential problems that could take place in a smart city? In 2021, a criminal hacker group took down an oil pipeline in the United States, which supplies about half of the East Coast’s gasoline, resulting in gas panic-buying, shortages, and price spikes in some states. In 2017, ransomware affected an array of machines in the National Healthcare Service in the United Kingdom, affecting hospitals and GP surgeries across England and Scotland and slowing down their processes.
Dr Kerrison believes that there are three benefits to having a smart city, that could also pose as weaknesses:
- Scale: Smart city infrastructures can scale up to become larger, denser, and more capable, to accommodate denser populations. However, this increases the interdependency between the components that make up a smart system, thus making the system more complex and potentially harder to manage.
- Connectivity: Connectivity enables devices to communicate with each other and share data to make decisions that make our lives better. However, this exposes assets in a smart city, making devices more accessible to attackers because of their connection to other devices.
- Efficiency: Smart systems enable us to do more things more productively. However, this encourages people to rely on smart systems such that reverting to the non-smart method can be disastrous.
Current cybersecurity protocols often lend a false sense of security. For example, biometric authentication can in fact be more vulnerable than passwords — if someone manages to steal your fingerprint authentication, you have no practical way of changing it as opposed to changing a password.
It is also difficult to know if an IoT device is trustworthy and uncompromised. Moreover, an IoT device is often not an attacker’s final target, but instead a stepping stone to other devices in the same wi-fi network such as a router, phone or computer. The prevalence of IoT and work-from-home arrangements increase the diversity of devices, exposing people and the companies they work for to greater threats. Home networks especially tend to be very flat and trusting, often using the same password for multiple devices. This means that the weakest smart device in a home can be comprised, making it easy for attackers to move laterally between devices and access more sensitive information.
That said, there are industries where IoT is absolutely critical, such as the healthcare industry, where IoT devices increase preventative medicine opportunities and reduce the load on hospitals. This presents a need to leverage Healthcare IoT devices without introducing significant new risks to patients or the healthcare system. Through the support of companies like MicroSec, James Cook University can explore solutions to Healthcare IoT devices such as making use of lightweight blockchain technology to secure Healthcare IoT data.
It is crucial to note that cybersecurity — and the risks that accompany it — is not simply an information technology problem, but encompasses multi-disciplinary issues like human behaviour and governance. Therefore, collaboration (across industries, governments, and academics) is key to tackling the problem. As we push further towards building smart cities and more interconnected systems, it is important to have robust discussions to understand the risks and to grow ideas, in order to determine future courses of action.
View the full recording of the webinar “Staying cyber-safe as cities get smarter ”.
Find out more about the Bachelor of Cybersecurity at James Cook University in Singapore.
Discover further information on areas of research and research strength at James Cook University in Singapore.