Intelligence Agencies: Beware of Smart City 5G and IoT Risks
- By CDOTrends editors
- May 24, 2023
The Five Eyes intelligence alliance comprising agencies from five nations led by the U.S. has warned about the cyber risks technologies such as 5G and the Internet of Things pose to smart cities.
The Five Eyes includes agencies from the U.S., U.K., Australia, Canada and New Zealand, and has issued new guidance to smart city stakeholders from local government to waste services providers to reconsider the wisdom of connecting objects from rubbish bins and traffic lights to the internet.
“Integrating public services into a connected environment can increase the efficiency and resilience of the infrastructure that supports day-to-day life in our communities,” the guidance says.
“However, communities considering becoming ‘smart cities’ should thoroughly assess and mitigate the cybersecurity risk that comes with this integration.”
The Five Eyes alliance has issued Cybersecurity Best Practice for Smart Cities, warning that smart cities are attractive to “malicious cyber actors” lured by sensitive data from governments, businesses and private citizens and vulnerabilities in the “complex artificial intelligence-powered software systems.”
The document notes that cyber threat activity is increasing, and smart city infrastructure “increases the attack surface and heightens the potential consequences of compromise.”
Successful attacks could lead to a disruption of infrastructure services, financial losses, exposure of citizens' private data, an erosion of public trust and “physical impacts to infrastructure that could cause physical harm or loss of life.”
There were also risks from the digital supply chain and vendors, which could enable data theft and network failures.
The guidance includes recommendations on best practices for smart cities across several principles: secure planning and design, applying the principle of “least privilege” for users to have minimum access for their roles, multi-factor authentication and zero trust architecture.
The supply chain risk across hardware, software and cloud providers was another focus, with smart city administrators advised to maintain a risk register that identifies vendor reliance on cloud computing and externally sourced components.
Organizations should also manage changes to internal architecture risks, maintaining awareness of their evolving network architecture and the personnel accountable for the security of the “whole and each individual segment.”
“Administrators should identify, group and isolate critical business systems and apply the appropriate network security controls and monitoring systems to reduce the impact of a compromise across the community,” the guidance says.
Image credit: iStockphoto/weerapatkiatdumrong