TV
Smart cities are emerging as a crucial aspect of modern urban development, particularly in a rapidly expanding economy like India. These cities integrate advanced technologies with urban planning to enhance the quality of life for residents while promoting sustainability and economic growth.
A major advantage of smart cities is their ability to provide sustainable solutions for urban living. By leveraging technology, data analytics, and green initiatives, these cities ensure better waste management, energy efficiency, and eco-friendly transportation systems.
The Smart Cities Mission was launched by the Prime Minister on 25 June, 2015. The main objective of the Mission is to promote cities that provide core infrastructure, clean and sustainable environment and give a decent quality of life to their citizens through the application of ‘smart solutions’.
Smart Cities use the digital network as the platform to offer urban services and to be sustainable. The Indian Computer Emergency Response Team (CERT-In) and M/s Kaspersky have jointly come up with comprehensive guidelines for smart city infrastructure.
Cybersecurity plays a role in Smart Cities and it is essential for maintaining public trust, ensuring safety, and preventing operational disruptions.
Threat Landscape for Smart Cities
The Smart City ecosystem, with its integration of IoT, cloud computing, and artificial intelligence, creates a complex attack surface vulnerable to a wide range of cyber threats.
By interconnecting different systems, a smart city creates a “system of systems”. Primary challenge with respect to the security solution for Smart cities is the heterogeneity of data types, interfaces, and carrier types.
The complexity of such collaborating systems increases exponentially to manage the data and privacy of a Smart City implementation. This creates a huge and complex attack surface with a cascade effect as there are numerous points of attack because of the interconnected sensors and devices creating an Internet of Everything.
Another major threat is data privacy and breach risks, as Smart Cities handle large volumes of sensitive data on citizens, making them attractive targets for hackers seeking to steal or misuse personal information.
Denial of Service (DoS) attacks pose another critical risk, where essential city services can be rendered inoperative, causing widespread disruption to daily life. Similarly, malware and ransomware attacks can infiltrate Smart City systems, encrypt data, and demand ransom payments to restore access, potentially crippling municipal operations.
There is no common risk assessment framework for Smart Cities. For each and every Smart City operation, ar risk assessment exercise should be done.
The risk assessment helps to identify high-priority risks, assess vulnerabilities, and determine their potential impact on the Smart City infrastructure. It is essential for developing tailored security controls that align with the unique needs of each Smart City.
CERT-In carried out an analysis of 20 smart cities located in different parts of the country to understand the types of malware and vulnerable systems for the year 2024.
In Western India, Central India, and Northern India, the majority of the malware was trojans (a malicious digital pest whose sole aim is to wreak havoc on its victims' computers unnoticed.
In Southern Indi,a the majority of the malware was botnets (networks of hijacked computer devices used to carry out various scams and cyberattacks. They serve as a tool to automate mass attacks, such as data theft, server crashing, and malware distribution – as defined by Kaspersky).
Cybersecurity Standards and Frameworks for Smart Cities
Smart Cities Mission (SCM), under Ministry of Housing and Urban Affairs (MoHUA), Government of India has undertaken several initiatives including, inter alia, projects that use digital technologies extensively for various facets of urban governance. One such initiative is establishment of Integrated Command and Control Centres (ICCCs), being set up in many smart cities to act as decision support systems in day-to-day and emergent situations.
As per the Advisory on Standard Operating Procedure for cyber security of smart city infrastructure (Advisory no.22) released by Smart Cities Mission (SCM), under Ministry of Housing and Urban Affairs (MoHUA), ICCCs were advised to adopt an end-to-end security model that protects data and the infrastructure from malicious attacks, theft, natural disasters etc.
The advisory also provides the baseline Security Measures that need to be taken at the Sensor layer, the communication layer, the Data and Application layer.
