Dive Brief:
- Global annual smart city cybersecurity revenue is anticipated to grow from $7.6 billion in 2021 to $26 billion in 2030, according to a report from research firm Guidehouse Insights.
- The growth in smart city technologies is exposing many services to new cybersecurity threats and "the risk of cascading failure across key city systems," the report writes. Securing the technologies is "often an afterthought," according to the report.
- The neglect or absence of proper cybersecurity measures increases the likelihood of "greater damage or harm, critical public service outages, and financial losses resulting from a cyber incident," the report writes. Cities could bolster their capabilities by conducting a third-party audit of their systems and vulnerabilities, and creating a central policy surrounding their technology, said report author and Guidehouse Insights Senior Research Analyst Danielle Jablanski.
Dive Insight:
As global investments in smart city technologies are expected to reach $327 billion by 2025, many cities across the world are still falling short on basic cybersecurity governance policies.
According to a recent World Economic Forum report, less than a quarter of 36 global cities have conducted privacy impact assessments when deploying new technologies despite 80% of those cities acknowledging their legal obligations for privacy and data protection. Cybersecurity vendors are also competing for already strapped city IT budgets, according to the Guidehouse Insights report.
However, as cybersecurity threats become more prominent and as cities become more aware of the associated risks with new technologies, the report anticipates that investments in cybersecurity will also increase.
For city leaders who want to strengthen or reevaluate their local security practices, Jablanski said her first recommendation is simple: "Start with what you have."
An audit of municipal and public networks is a great starting point, in addition to evaluating the existing protocols, according to Jablanski.
Local leaders can bring in a third party to create a map of the network, she said. They could also conduct a threat landscape analysis, which means evaluating the critical systems and determining what a worse case scenario would look like.
"The process of auditing determines what products, solutions and services that you might need based on the risks and priorities of your own network, and the stakeholders in your city or community," she said.
Cities should also create a central security policy, according to Jablanski. Such a policy would ensure technologies and vendors abide by the city’s established security practices and principles. Part of that central policy should also include training local citizens, business owners, critical infrastructure owners, transportation operators and others, to raise the caliber of understanding for inter-connectivity and security, she said.
The general lack of smart technology security also comes as many government services and staff have moved their work online due to the COVID-19 pandemic, making governments even more vulnerable to attacks.
Some smart city technologies are more vulnerable than others. Emergency alert systems, street video surveillance and certain types of traffic signals are the most vulnerable to an attack, according to recent research from the University of California at Berkeley. Whereas, smart waste systems and satellite water leak detection are among the safest from an attack.
Those vulnerabilities can also result in big price tags.
New Orleans spent $7.2 million to recover from a December 2019 cyber attack. The city of Atlanta also “entered emergency contracts worth $2.7 million,” following a 2018 cyber attack, the Atlanta Journal Constitution reports.