Dive Brief:
- A lack of spending on cybersecurity could leave smart cities vulnerable to attacks, especially given the variety of networks and devices that could be targets for hackers, according to a new report from ABI Research.
- The report estimates that $135 billion will be spent in the U.S. on cybersecurity in 2024, with 56% of that going to the Financial, Information and Communication Technologies (ICT) and defense industries. That leaves just $59.4 billion to be spent among the energy, health care, public security, transportation, water and waste sectors, a figure that leaves them "woefully underfunded," according to the report.
- With a variety of different networks, sensors and technology providers interacting in a smart city, governments are "only as powerful as the weakest link," report author and cybersecurity analyst Dimitrios Pavlakis told Smart Cities Dive. "The moment connectivity comes on line, like flipping a switch, that whole system is vulnerable."
Dive Insight:
Smart cities rely on gobs of sensors and tools to collect data and increase efficiency of city functions. Smart meters on Wide-Area Network (WAN) connections are expected to cross the half a billion mark by 2020, according to ABI Research, and there could be some 1.3 billion WAN connections by 2024 — with only half of them on networks set up to protect against cyberattacks.
Pavlakis said those meters and sensors have been rightly promoted as positive civic improvements, but behind that "facade" is "a lot more vulnerability if it is not implemented carefully."
Many cities, however, lack robust cybersecurity budgets and staff to prepare for that vulnerability. A 2018 Deloitte-NASCIO survey of 50 state officials found that nearly half of states do not dedicate a budget line to cybersecurity, and most states allocate less than 3% of their IT budgets to cybersecurity. Most vendors have also prioritized cybersecurity when producing smart cities products, leaving many cities without an obvious point person to protect networks.
A potential worst-case scenario is a hack that intrudes utility networks connected by smart meters, similar to the 2015 cyberattack that hit Ukraine’s power grid. In recent months, smaller ransomware attacks have struck several cities in Florida and at least 23 government entities in Texas, shutting down some city functions and freezing data.
"Cost is an issue, we’re not saying that every [internet of things] device should be protected, because that’s not practical," said Pavlakis. "What we are saying is that protocols can be changed."