Siloed systems and insufficient commitment to cybersecurity fundamentals can expose vulnerabilities even in the current infrastructure, a new report says.
The rapid growth in the smart cities could widen the cybersecurity divide and expose fragilities in the current infrastructure, according to The Economist’s 2021 Safe Cities Index.
Digitalization has increased the number of secure servers in the U.S., but it has also created worrying trends. More departments now have their own IT budgets, for example, but no senior figure carries the overall responsibility and authority for cybersecurity, MIT Professor of Urban and Environmental Planning Lawrence Susskind explained in the report.
“Each functional department has its own IT budget, but security can’t be the responsibility of individual departments because all the systems are connected,” Susskind said. “If you don’t have an emergency action plan then, when there is an attack, nobody has the power to shut down the system.”
With malware attacks on the rise, state and local governments have had to spend millions of dollars in order to restore lost data and repair systems, yet only half of the U.S. cities listed in the Safe Cities Index -- Los Angeles, New York and San Francisco -- explicitly focus on cybersecurity in their smart city infrastructure.
Metropolitan hubs like Chicago, Dallas and Washington D.C. – which, after the Colonial Pipeline ransomware attack, was left without fuel at nearly 90% of its gas stations – remain exposed. Susskind said that although some cities are expanding their cybersecurity initiatives, overall the commitment is still minimal.
Gregory Falco, assistant professor of civil and systems engineering at Johns Hopkins University, added that there could be stark implications to this low attention to security. As the number of vulnerable targets grows, so do the kind of attacks. Improvements to digital security related to physical infrastructure “should be done, but we are not even seeing advanced cities thinking about this,” Falco said in the report.
A holistic approach, however, could prove challenging. Falco noted that since cities have often chosen to digitize their systems differently, each would need its own unique security strategy.
The report concluded by advocating cities empower residents to become architects and creators of their own technology systems, citing Toronto, which puts the onus on the public to determine the priorities of the program, according to Alice Xu, head of the city’s connected communities and smart cities programs.
“A big question for people is who feels safe and who doesn’t,” Xu said. “Security is a natural inclusion. The public expects that to be front and center. There is no debate.”