Why a smart city must also be a cybersecure city

OVER the past decade, smart cities have moved from being a buzzword to a reality. From cashless societies to autonomous vehicles and intelligent surveillance systems, the world's reliance on data and connectivity has risen dramatically.

While a city's smart infrastructure improves the quality of life for citizens, it also brings the unwelcome consequence of increasing its security vulnerabilities. Cyber criminals continue to exploit a city's interconnectedness to carry out malicious activities, and cyber threats are further magnified as data becomes integral to a city's operations and interdependent social and economic systems.

Governments are challenged to respond quickly and efficiently. Despite an increase in the magnitude of cyberattacks such as the recent breach at SingHealth, or reports of undetected breaches by up to 75 per cent of Asia-Pacific (APAC) businesses, smart cities need to be safe cities, and secure and protect their infrastructure against the barrage of more sophisticated threats.

The future of our digital cities remains dependent on securing the data and critical systems that power them. For smart cities to be truly smart, governments, private organisations and individuals alike must ensure cybersecurity remains a top priority. Organisational concepts such as Wirearchy play an important role in driving a "smart city, safe city" initiative.

Coined by Jon Husband in 1999, the Wirearchy concept focuses on a dynamic flow of power and authority through interconnected technology and people to make better, informed decisions, as compared to traditional hierarchical organisational structures and access to knowledge for decision-making. The concept of Wirearchy, when applied to cybersecurity strategies, can be the game changer that businesses need. Incorporating insights from local governments in different parts of the world, security professionals within private enterprises, citizens and even other smart cities in Asia can help overcome cyber threats.

While no organisation or government can predict or prevent all attacks, collaboration using the Wireachy principle increases a smart city's resilience and makes it less attractive as a target.

The first product of a Wirearchy-inspired cyber threat intelligence strategy could take the form of a Smart City's security operation centre (SOC). SOCs aid in the monitoring and analysis of an organisation's security posture, with a goal of detecting and responding to cybersecurity incidents.

A Smart City's SOC could comprise experts and advisers from both private organisations and public institutions for increased resilience and action to potential breaches. Artificial intelligence (AI) and machine learning (ML) can be used to augment the Smart City SOC by analysing large data sets - resulting in faster threat detection, and greater efficiency in determining the best response strategy and reducing response time in the process. Early detection of such security breaches reduces the economic impact - and can save a city up to US$4 million and allow a city to return to normal operations as soon as possible.

In today's turbulent landscape, governments, companies and individuals within smart cities must collaborate to take on a cyber-economic approach using the Wirearchy principle - using cybersecurity as an enabler of business processes and investing specifically to protect critical assets.

IT training for employees and observation of proper cybersecurity hygiene is also required for the smooth running of a Smart City SOC. Stakeholders must be equipped with the required knowledge and skills for the smooth operation and implementation of smart city initiatives. For example, stakeholders involved in smart city projects should consider performing a monthly cybersecurity technology audit - enhancing automated patch management and necessary software updates to keep cyberthreats at bay.

As smart cities become smarter, government agencies will be more at risk. The Cyber Security Agency of Singapore (CSA) warns of continued threats against organisations such as the Inland Revenue Authority of Singapore and Singapore Police Force, among other organisations that form our smart city.

As smart cities evolve at a rapid pace, there are no easy answers to how they could cope with an increasingly complex cybersecurity landscape. A city cannot be smart if it isn't safe. Governments, private organisations and individuals will have to collaborate in creating a smart city of the future, with each playing a key role to implement security controls and practices to overcome possible attacks in the world of Wirearchy.