The entire world is striving towards becoming digitally smarter to maintain economic, social and

environmental sustainability. India is also not behind and is driving the aspiration “digital india”
campaign. The smart city mission was started as a part of this digitization venture in 2015. Our
country is in the midst of a massive wave of urbanisation as millions of people move into towns and
cities each year. Enormous investments are being made to meet soaring aspirations and to make
towns and cities more liveable

Why smart cities?

 Information and communications technology has become indispensable to the modern
life, we critically depend on information and communication infrastructure in governing
our personal lives, our societies, conducting business and running critical infrastructure.
Hence more governments are taking an interest in adopting “smart” concepts, for
management of energy, water, transportation, waste, surveillance and security etc.

What is expected out of the mission?

 The Smart Cities Mission is expected to drive economic growth and improve the quality
of life of people by enabling local development and harnessing technology to create
smart outcomes for citizens.

Challenges?
Smart cities move from being a buzzword to reality as the market has evolved into its
next stage. As more governments begin to adopt “smart” concepts, most find it
challenging to keep pace with rapid changes in the digital world and the continued
evolution of their service delivery models. The increased complexity of city’s systems,
interdependencies, globally connected social, economic and political sub systems has
increased the vulnerability of a city’s security.

 The base of a smart city network is interconnectivity- of people, digital devices, and
organizations; which opens up new vulnerabilities — access points where the cyber
criminals can get in.

 Citizen and organizational data makes an integral component of a smart city network.
This includes highly sensitive and critical information such as biometric, health, financial
details of individuals. Privacy and appropriate protection of this data is of utmost
importance as the cyber threats get magnified as infinite supply of data becomes more
integral to a wide array of operations.

 However, the most critical challenge is identifying the need of a robust cyber security
and data protection regime. As of now, there is no security organisation responsible for
ensuring cyber security within smart cities. Additionally, there is no or limited
consideration of cyber security during the various phases of smart city development.

 Smart city stakeholders have low awareness of cyber security risks and vulnerabilities.
Further, the stakeholders responsible for securing the smart cities, have limited cyber
security capabilities.
  According to EY India’s Information Security Survey 2018-2019, more than three-
quarters (81%) of organizations do not yet have a sufficient budget to provide the levels
of cybersecurity and resilience they want. Smart cities also face the same roadblock:
Limited budget is allocated for cyber security in the overall smart city budget. Even when
a budget is allocated, it does not match the risk profile of smart cities, thereby making
the process of setting up adequate defences a difficult proposition.

 One of the major concerns about smart cities sensors in the equipment; buildings etc.
are insecure and not tested thoroughly. Owing to lack of standardization of IoT devices,
the sensors are prone to hacking. Notorious individuals can hack the sensors and feed
fake data, causing signal failures, system shutdowns etc.

Recent security breaches in smart cities around the world

 In April 2018, Atlanta’s smart city network was locked down by a ransomware attack where
the attackers encrypted digital working files, locking employees out of the smart city
network completely, while the rest were forced to shut down to prevent the virus from
spreading. It is believed that the cyberattack destroyed 'years' worth of police dash cam
video footage.
 Hackers targeted Singapore’s largest healthcare institution, SingHealth in December 2018
and stole the personal profiles of 1.5 million patients along with the details of prescriptions
for 1,60,000 others.
 In April 2017, some miscreants played a pornographic video on an advertisement screen
installed at a metro station in New Delhi and the entire sequence was shot by a few
commuters on their mobile phones, after which the incident went viral on social media. It is
believed that the LED TV system was under commissioning and the Wi-Fi port was accessible
due to lack of password controls.

Solutions?

 Smart city technologies have large attack surfaces that have a number of vulnerabilities,
especially in systems that contain legacy components using old software which has not been
regularly patched. Technology solutions aim to use best practices to mitigate these risks This
includes:
o End-to-end encryption
o Strong password policy
o Up-to date firewalls, anti-virus
o Isolation of trusted resources from public resources (DMZ)
o Implement manual over rides on all systems The aim is to reduce the attack surface
as much as possible and to make the surface that is visible as robust and resilient as
possible.

 Since data centres are the pillars of a smart city, effective measures shall be taken to ensure
their security and resilience. Data back-ups should be done regularly, and according to the
 best practices, should be done off site. This helps in data protection in case of physical
security breach at the data centre.
 Cyber security and privacy acts shall be made more stringent to ensure security is given the
foremost importance. Existing regulations have been updated at periodic intervals to
incorporate the smart city security perspective.

What is India doing?

 The Indian personal data protection bill is a revolutionary step towards India’s aims to build
a robust data protection framework.
 The Ministry of Housing and Urban Affairs (MoHUA) released a model framework for cyber
security in smart cities on 20 May, 2016, which covers the security of smart cities across
different layers, namely sensor layer, communication layer, data layer and application layer.
 Draft Digital Information Security in Healthcare Act (DISHA): The draft DISHA document was
recently released in the public domain for comments. It aims to set up a National Health
Authority in India which shall be responsible for enforcing privacy and security measures for
electronic health data, and to regulate storage and exchange of the same.