Put together Internet of Things devices with 5G broadband and you’ve got what industry marketers are calling smart cities.  That is hundreds of thousands of connected devices ranging traffic lights to emergency services, transport, civil infrastructure, CCTV and more all connected to and controlled over the internet.

Throw in ransomware and according to Theresa Payton, the former CIO at the US White House you’ve got a wide range of urban services, and infrastructure, ready to be hijacked. Payton doesn’t pull her punches and is predicting that two years from now we’ll see the first smart city held to ransom.

It’s a chilling thought but one that could easily become a reality.  More and more devices are becoming connected to 5G Internet of Things (IoT) services and sensors in order to collect data that can be used to provide better, more efficient services.

But while connected cities have the potential to improve urban services, any lack of security in IoT devices could make them a very appealing target for ransomware attacks. Ransomware attacks on large organisations are a near daily occurrence and IoT security can be a bit of an oxymoron, a self- contradiction. 

As Payton argues, in an interview with ZDNet, put the two together and you’ve got a big, high profile attack waiting to happen. As a former cyber defender of the White House, and without a doubt privy to the most sophisticated of attacks seen, she knows her stuff.

Yet her prediction is also an exercise in logically connecting the dots and taking into account the current cyber security landscape.

There have already been many cases of cities and public infrastructure being compromised by ransomware, especially in the US with employees reverting to pen and paper when services have been compromised.

Hospitals have also been a major target for ransomware over the past 18 months with many feeling that they have little option other than to pay the ransom.  

Guidance on smart city security from the UK's National Cyber Security Centre (NCSC) recommends:
  • Only use IoT devices (smart devices) from trusted vendors.
  • Ensure that IoT device on the networks don’t use the default username and password that come with smart devices.  This makes them easy targets for hackers who can easily discover default usernames and passwords.
  • This advice is also applicable to home users who use smart devices in their homes, such as baby monitors, cameras, door systems and so on.  Always change default usernames and passwords.