Cyber Security

Keeping smart cities safe

Are smart cities vulnerable to supply chain attacks?

Paul Mah

Paul Mah

2 min read
Keeping smart cities safe
Photo Credit: Unsplash/Jason W

Smart cities are utterly reliant on IT systems. Could hostile actors crash them via supply chain attacks?

The supply chain compromise that saw pagers rigged with military-grade explosives has undoubtedly prompted security reassessments by governments worldwide.

Closer to home, countries like Singapore, Malaysia, and Indonesia are embarking on plans to build modern smart cities to benefit their residents.

But are smart cities safe from supply chain attacks?

From inconvenience

Developments this week and Singapore's unveiling of its OT Cybersecurity Masterplan 2024 in August reminded me of an interview with Andre Shori last year.

At that time, we talked about how the line between Operational Technology (OT) and IT is blurring, potentially posing a danger to smart cities.

He pointed to the profusion of OT systems around us today:

  • Public transportation systems
  • Air-conditioning, lighting.
  • Elevators.

Certainly, having these fail would lead to great inconvenience.

... to something worse

But what if an attacker could do worse? Such as crashing an entire power grid for a protracted period.

While most critical systems are hooked to backup power, they will eventually run dry and stop working.

  • Water treatment plants.
  • Mobile phone towers.
  • Water pumps.

Cascading failures

What's worse is the danger of cascading failures, as risks that were minor or routine barrel towards disaster.

  • Logistic sector grind to a halt - what goes where?
  • Taps run dry in some regions.
  • Perishables spoil.

Dwindling food, no water, and mass confusion about how to get them.

As Andre told me then, the very interconnectedness of OT systems could well culminate in a national catastrophe as failures cascade towards a tipping point.

Supply chain attack

Let's throw some oil into the fire here. Instead of the god-like hackers you see in the movies - they don't exist by the way, assume the threats are embedded within.

  • Hostile actors work in secrecy for years to compromise key IT or OT systems with tampered devices or software backdoors.
  • At a chosen moment, they trigger whatever digital switch they embedded to crash or destroy crucial hardware.

Of course, this is just a thought exercise. But I think we do need to urgently give more weight to establish the supply chain security of smart cities.

What do you think?

Read more