Smart cities connect everyone with everything – and cybersecurity has become integral to keeping our cities, critical infrastructure and daily lives running smoothly, while loopholes could have far-reaching and dangerous consequences. What are the new and emerging threats and opportunities, and how can we stay ahead of the risks?
1. Cybersecurity risks are everywhere
The value of our data just keeps on going up. And data breaches are also becoming more frequent according to Europol, with cybercriminals using more aggressive methods. Phishing, ransomware, malware and social engineering are among the typical threat scenarios afflicting smart cities. Meanwhile cybercrime is becoming its own thriving “as a service” industry. Skilled hackers are selling their know-how to aspiring criminals, while everything from malware to stolen credentials can be purchased in underground marketplaces.
2. Attack surfaces are expanding
Ever-faster 5G internet and the growing "internet of things" – connected devices ranging from toys to thermostats, scooters and cars – mean a massive increase in exploitable attack surfaces. A weak or default password on your smart fridge or TV makes it easy for cybercriminals to get their hooks into your data. On a larger scale, a hacker could disable a whole building’s power network to demand a ransom or, worse yet, a massive cyberterrorist attack on critical infrastructure – as seen in Ukraine – can pose a grave threat to national security.
3. Artificial Intelligence – Opportunity and threat
Generative AI has made many things possible today that seemed like science fiction only a couple of years ago. So many of us are racing to take advantage of what AI can offer, and that includes cybercriminals. AI enables more convincing and sophisticated phone scams – such as using technology to clone the voices of loved ones in distress to extract ransom payments. On the upside, AI is a defense tool for effectively detecting and monitoring security threats. For KONE, AI-based analytics help enhance predictive maintenance: anticipating future servicing needs and identifying issues before they cause problems.
4. We’re all becoming cyber-citizens
All these lightning-fast advances might make cybersecurity seem purely a technology issue, but it’s equally a matter of human fallibility. A clever fraudster can get you to click on virtually anything if they know the right things about you. Cybersecurity is nowadays everyone’s responsibility, as one person’s negligence can place a whole community at risk. That means we all have to stay informed and embrace cybersecurity awareness to keep our valuable data protected.
The EU’s Cyber Citizen initiative aims to enhance cybersecurity awareness and skills among European citizens. It includes the development of a learning portal and cyber-related education material.
5. Physical safety meets cybersecurity
We all understand why we need smoke detectors and burglar alarms, but in today’s smart cities, that same approach is vital when it comes to digital security too. At KONE we understand that an elevator’s cyber-defenses are just as important as physical safety measures, which is why our products and solutions are developed with cybersecurity front and center right from the start.
6. Our changing approach to privacy
IoT devices and smart tech undeniably make our lives easier, but along the way, they collect huge amounts of data on anything from our location to our health, lifestyle and spending habits. Many users have become more conscious of their privacy settings and are aware of the potential risks associated with smart devices. But how can smart buildings and cities balance the use of all this information in order to improve residents’ quality of life, while also respecting individuals’ right to privacy? For KONE, the answer to this complex question means making sure that our connected devices collect data in a proportionate and anonymized way, and that all information is handled securely and in line with the relevant data protection regulations and principles.
7. Bringing law and order into cyberspace
The technology already exists for preventing many forms of cybercrime – but legal incentives would make this protection more widespread. A number of threats could be thwarted if device vendors were legally mandated to provide cybersecurity solutions and software fixes. The European Union has taken significant steps to protect critical infrastructure with the NIS2 Directive and the proposed Cyber Resilience Act, but the governance of cyberspace remains a patchy and debated issue, and there are no uniform cybersecurity standards.
8. Building resilience with cybersecurity standards
Thanks to industry collaboration, the IoT market has seen welcome improvements recently, a pioneering example being the first-ever ISO cybersecurity standard for elevators, escalators and moving walkways introduced last year. KONE played a key role in creating this standard, which ensures that best-in-class cybersecurity is built into the design of every new unit of equipment. In a KONE elevator, you ride securely in the knowledge that the risk of malicious interference is minimized by default.
9. The growth of ethical hacking
Not all hackers are criminals. The fast-growing and highly skilled ethical hacking community is made up of individuals and groups who use their cyber skills to help organizations find vulnerabilities in their products, services and systems before the bad actors do. KONE enlists friendly ‘white hat’ hackers to test its cybersecurity defenses at meetups such as the Disobey Nordic Security Event, and through so-called ‘bug bounty’ programs, where computer whizzes win rewards for identifying IT weaknesses, which are then fixed before they can be exploited.