This article first appeared in Digital Edge, The Edge Malaysia Weekly on June 24, 2024 - June 30, 2024
From optimising street lighting and traffic flow to managing public parking and camera surveillance, Internet of Things (IoT) powered sensors enable smarter, real-time responses and improved city services. However, this integration into a single infrastructure poses significant cybersecurity challenges.
The vast volume of diverse data generated by the IoT sensors creates a space for the malicious activities of cybercriminals, necessitating a balance between advancing smart city initiatives and ensuring robust cybersecurity measures.
“Dealing with the consequences [of a cyberattack] can be even more devastating. Cyberattacks on IoT ecosystems could result in unpredictable outcomes because they are more likely to have physical consequences, such as safety risks, financial loss, privacy violations and damage to reputation and trust,” says Eddie Yong, Asean country manager at Utimaco Safeware GmbH.
As much as high-tech smart cities promise efficiency by monitoring everything from bins to bridges, they cannot escape the threat of cyberattacks due to their heavy reliance on IoT devices for various functions such as traffic management, energy distribution and public safety.
Yong observes that these devices often lack robust security measures, making them vulnerable to hacking and exploitation, especially smart grids.
“Smart grid networks consist of hundreds or even thousands of connected end points. Each end point can be the loophole for an attack, affecting not only that end point but the entire smart grid network. Therefore, complete protection of the smart grid is crucial to effectively prevent any incidents,” he says.
Cryptography is one of the major components in hiding or coding information so that only the person a message was intended for can read it. Cryptography has been used to code messages for thousands of years and continues to be used in bank cards, computer passwords and e-commerce, according to Fortinet.
Yong says that hardware security modules (HMS) are one of the most secure methods for cryptographic use cases.
“These [HMS] are physical devices that perform cryptographic operations such as key generation and storage, identities and database management, key exchange and encryption and decryption to keep IoT systems safe.”
Moreover, he notes that although HMS devices play a crucial role in safeguarding IoT systems, relying on outdated technology presents significant challenges to cybersecurity and overall system performance, hindering the development of smart cities.
“Outdated technology may lack essential security features and patches, making it more vulnerable to cyberattacks and exploitation. Legacy systems may also not be compatible with modern security standards and protocols, further exacerbating security risks,” he says.
One of the steps to mitigate this is fostering collaboration between government agencies, private sector partners and technology vendors to address cybersecurity challenges and implement technology upgrades effectively.
In addition, Yong highlights that implementing the “zero trust” approach is an effective method for monitoring and detecting suspicious activities or intrusions within the infrastructure.
The “zero trust” model is an IT security approach that demands strict identity verification for every person and device trying to access resources on a private network, whether they are inside or outside the network’s boundaries.
“The concept of ‘zero trust’, meaning ‘Never Trust, Always Verify’, has been around for some time. This concept entails not automatically trusting in any user, device, application or service that seeks access to data. Instead, it relies on a contextually-aware and least-privileged access approach that undergoes continuous evaluation and adjustment,” says Yong.
In the context of smart cities, incorporating “zero trust” principles into a security strategy enhances its ability to address critical threat use cases by reducing attack surfaces, implementing strict access controls and continuously monitoring and analysing user and device behaviour.
For instance, unauthorised access to surveillance cameras and data leads to privacy breaches or tampering with surveillance footage.
Through the “zero trust” implementation, all surveillance cameras and storage systems will be accessible through secure and authenticated connections.
“This can be done through implementing encryption for data at rest and in transit, and continuously analysing access patterns to detect and respond to unusual activity that might indicate a security threat,” says Yong.
Smart city development
Malaysia’s urbanisation rate has tripled over five decades from 28.4% in 1970 to 75.1% in 2020 and is projected to reach 85% by 2040, which is stipulated under the 4th National Physical Plan (NPP-4), according to the Department of Statistics Malaysia.
To handle the increase in urbanisation, the government introduced the Malaysia Smart City Framework (MSCF) in 2018.
Smart cities, the government believes, are the future approach to urban planning, development and management that can provide solutions to urban challenges such as the inefficient delivery of urban services, environmental pollution and traffic congestion, thus improving the quality of life of urbanites.
The MSCF was developed taking into account the importance of smart city development and implementation. The MSCF was also established to meet national and global agendas, especially towards achieving the objectives of the sustainable development goals and to ensure that Malaysia is keeping abreast with the global urban development trends.
Currently, at least five cities are targeted to be recognised as smart city early adopters by 2025, during the remaining 12th Malaysia Plan (12MP) period.
Prime Minister Datuk Seri Anwar Ibrahim has committed to transforming the federal territories of Kuala Lumpur, Labuan and Putrajaya into smart cities by 2030. With just a little more than five years to go, Selangor, Negeri Sembilan, Melaka and Johor have started pilot projects and industry development programmes to enhance the cities within their boundaries.
“The future of smart cities in Malaysia holds immense potential for innovation, sustainability and economic growth. Cybersecurity must be a foundational element of smart city development, harnessing the benefits of digital transformation while mitigating the associated risks to privacy, security and trust,” says Yong.
“Cybersecurity solutions are crucial for a robust smart city development and building trust and confidence among citizens, businesses and stakeholders. This trust is fundamental to the success and acceptance of smart city solutions, fostering collaboration and participation from all sectors of society.”
Save by subscribing to us for your print and/or digital copy.
P/S: The Edge is also available on Apple's App Store and Android's Google Play.