This is helped by increasingly sophisticated AI. With machine learning, it can find new patterns and logic, zeroing in on an answer to a tough question, say, the optimal way to transport the largest amount of people during peak hour with the smallest carbon footprint.
Indeed, by melding the physical and cyber worlds, city leaders are increasingly able to plan and optimise the way their city is run. In a digitally connected society, the benefits to citizens are clear.
At the same time, as opportunities flourish for citizens, so will openings be created for cyber criminals and state-sponsored threat actors. As more facets of a population are available digitally, the risks faced by citizens are higher as well. While remote access to the physical world may bring convenience, it also enables cyber attackers to gain easier access to critical systems.
In 2010, the world caught a first glimpse of Stuxnet, a malicious programme customised to attack the industrial systems used to operate Iran’s nuclear programme. It looked for certain control systems in a nuclear plant, then changed the settings to sabotage them.Believed to be written by state-backed authors, the software has been taken apart and reworked by others so it can now cause more damage elsewhere on machines that are not protected.
In the years since, the sophistication of malware targeting industrial systems, often those controlling critical infrastructure such as power plants or telecom networks, has only increased.
THREATS TO CYBER AND PHYSICAL WORLD
At the same time, the setting up of IoT and digitalisation of business processes have meant more connected systems over the past three years. While many also have more security in place today, the digitalisation and “sensoring-up” of systems may provide an attacker with a way to create major damage should he be able to connect to these systems remotely. This could be carried out through an exploit from other connected systems, for example.
Alternatively, an attacker could choose a softer target to create mayhem in a city. In a rush to deploy sensors and connected devices in the city, many planners may not have had set up an adequate level of security in place to prevent them from being hijacked.
One of the biggest distributed denial of service (DDoS) attacks in late 2016 occurred with the help of thousands of CCTV cameras and digital video recorders taken over by hackers. These devices were targeted by a malware called Mirai. It looked for devices that had factory- default usernames and passwords, which were then used to send massive amounts of traffic towards an online target to flood it and knock it out of action.