Smart cities are an attractive target for criminals and cyber threat actors to exploit vulnerable systems to steal critical infrastructure data and sensitive information, conduct ransomware operations, or launch destructive cyberattacks.

Smart cities may create safer, more efficient, more resilient communities through technological innovation and data-driven decision-making, which ultimately can improve many aspects of quality of living for citizens and visitors.

However, this opportunity also introduces potential vulnerabilities that, if exploited, could impact national security, economic security, public health and safety, and critical infrastructure operations.

We explore some of the more common potential risks for travelers visiting smart cities, to better improve awareness around this global issue, and ensure that as a provider you can better answer any questions on this topic during your consultations. 

This is crucial, considering that organized cybercrime is on the rise on a global scale, and many businesses and organizations are putting cybersecurity best practices at the forefront of their concerns. 

Discover more about the most common cyber-attacks and what forms they can take here! 

What is a Smart City?

And how is this linked to tourist safety in-destination?  

Well, first thing’s first, there’s not a one-size-fits-all definition or determining factor that makes one city ‘smart’ over the other. So a smart city can be defined or identified more by how ‘mature’ the technology is, or the infrastructure – a more developed and longer-standing integration of technology into a certain part of the cities’ make up would be a better determining factor, for example, than a newly implemented scheme that has just taken off.

So when thinking about what makes a smart city, this can refer to communities or settled areas that:

• Integrate information and communication technology (ICT), community-wide data, and intelligent solutions in order to transform its infrastructure or optimize community decisions, in response to community needs.
• Connect operational technology (OT) - used in smart cities to monitor, control, and adjust any machines and systems that run a city's infrastructure including traffic lights, smart cars, and smart buildings - with digital networks and apps that collect and analyse data, like Internet of Things (IoT) devices, artificial intelligence (AI), 5G and cloud computing.

Common Cybersecurity Risks in Smart Cities

That travelers and agents should be aware of!

Not all of these risks are specific to smart cities, as there are cybersecurity risks no matter where you are given the increasing integration of technology in our daily lives, but there are certainly some risks that need to be taken into consideration when traveling to destinations that are renowned for their use of technology and how this may potentially impact a travelers’ experience while in-destination.

Data Theft, Interception and Surveillance

Smart cities collect large amounts of sensitive data, such as traffic flow, waste management, and facial recognition. This data can be used for identity theft, ransomware, and device hijacking.  

Certain countries may actively monitor and/or intercept digital communications made by travelers. This can include emails, messages, or any data which is sent via the internet.

Privacy Breaches

Smart city public safety systems that use AI-powered surveillance technologies may be susceptible to hacking, leading to privacy breaches.

When it comes to the process that travelers can take if they do think their privacy has been breached while abroad, here are a few steps that can be taken:  

• Change passwords/secure devices – depending on the breach, and if it can be mitigated this way.
• Report any fraudulent activity – when it comes to banking and credit, for example, initiating a ‘fraud alert’ can ensure that your customers’ account is monitored for any future fraudulent activity.
• Lodge a complaint – with the local data protection agency in-destination. For example, if a traveler is in the European Union (EU), the DPA of the destination they were visting is the main point of contact, even if the company in question processes data in another EU member state.
• Take legal action against the company or organization – while it is required that the compromised organization contacts those involved in a privacy or data breach, individuals can still file an action directly against a company or organization in court if they have violated data protection rights.

Disruption of Services

Smart cities are often seeking efficiency and achieve this by automating operations which would previously have been manual – one prime example is wastewater management, or traffic control systems.  

Of course, connecting more previously separate components of any system increases the potential ‘weak spots’ in that system, and the same rings true within smart cities.  

Integrating a larger number of previously separate infrastructure systems into a single network, or single digital environment, means that the potential ‘attack surface’ is bigger. Meaning, cybercriminals have more opportunities to infiltrate this system – more weak points to exploit – and more chances to move across the whole network from one connection to the next. The result can sometimes be huge disruptions across whole sectors or operations across the city.

This is called a ‘disruption of services’ and when cyberattacks of this type happen, they usually involve critical services like traffic lights, power grids, and water management systems.  

For example, cybercriminals may be able to access a local government's Internet of Things sensor network, and from there they can move laterally to getting access to the emergency alert systems if these two systems are interconnected.

Or, a cybercriminal could use a distributed denial of services (DDoS) to access and overtake the parking meters within a city, if these are an Internet of Things (IoT) device, rendering them unusable, and then use this system to overtake another system within the city.

As well as impacting your clients’ experience in-destination, this can lead to more potentially harmful circumstances which can include compromised sensitive data, public facilities, or even issuing city-wide alerts which can put citizens and visitors at risk.

Malware and Spyware

If travelers are connecting to unfamiliar networks, then they may be more susceptible to malware and spyware being installed without their notice. Devices can be remotely accessed via public networks, and can result in malicious software being installed which can monitor activities, access personal data or damage the device’s system.  

Here are some recommendations you can provide to travelers for when they’re in-destination:  

• Install security software – like anti-virus, anti-malware, and anti-spyware.
• Use a Virtual Private Network (VPN) – this encrypts user data, helping to protect users while on shared WiFi networks.  
• Use public WiFi safely – avoiding activities which handle sensitive data like checking online banking or making payments. Connecting through a VPN can help! 
• Use secure apps – only downloading apps from trusted sources/providers can mitigate against accidentally installing malicious software.
• Back up their data – to another device or to a cloud storage platform before departure.
• Update their software – keeping operating systems, apps and anti-virus software up to date, and avoid downloading software while away!

Unsecure Networks

In the same thread as ensuring that travelers are aware of the risks of malicious software, the same consideration needs to be given to unsecure networks.  

Given the prevalence of the Internet of Things (IoT) in so many cities around the world, and the resulting increase in unsecure networks that users can connect to, it’s important that travelers are aware of the risks.  

Public Wi-Fi networks, particularly those offered in hotels, cafes and airports, can be considered hotspots for cyber criminals. Data which is sent/transmitted via these networks can be more easily intercepted and can be potentially used to access sensitive information.

Should a traveler not have a SIM card that allows for data roaming or pay-as-you-go data for worldwide destinations, then sometimes using public WiFi is the only choice. In these cases, travelers should use these networks sparingly, turning off their devices ‘auto-join’ function, and avoiding using public WiFi to make transactions.  

Supply chain attacks

Within a smart city, instances of software or hardware components being hacked within these interconnected are more common than in a community wherein this infrastructure is as connected.  

This is often because of reliance on a third-party vendor to provide and integrate, these hardware and software elements, that connect previously separate systems.  

This leaves these very same components vulnerable to attack as a result of this supply chain – either intentionally developed by cybercriminals who may have access to this chain, or through poor security practices.

This leaves people visiting or inhabiting these communities more vulnerable to:

• Theft of data and intellectual property
• A system or network failure through a disruption of availability in operational technology.

If a system were compromised, cybercriminals could disrupt or break down city infrastructure, compromise or steal sensitive data from emergency service communications, surveillance technology, or even utility networks used to provide and monitor gas, water, grid, or lighting.

Keeping Travelers Safe Before and After Travel

Book their Experiences Before Departure

If travelers have a firm idea of what they want to do in-destination – or even if they’re open to suggestions – then pre-departure booking is ideal! 

Not only can you ensure that you’re giving your customer an enhanced experience by booking their experiences in one go, but you’re also able to maximize your revenue during your consultation or booking process.

This is where Bedsonline comes in.

With an expansive global portfolio of accommodation options, in-destination activities, tours and local experiences, as well as global transfer coverage and car hire, you’re in the perfect position to offer your clients the end-to-end experience they want, and deserve.

Booking your clients’ experiences alongside their accommodation also means that they won’t have to make these purchases in-destination, which mitigates the risk of becoming vulnerable to data interception while making payments for experiences online during their stay.

With Bedsonline, you can choose from:

• 250,000+ hotels and resorts in must-visit global destinations.
• Over 23,000 tours, activities and experiences in 170+ countries worldwide.
• A network of 3,500 tour operators.

And more!  

Discover more about the Bedsonline Booking Engine and our global portfolio here:

Post-Departure and Return

When it comes to your clients’ personal devices, here are a few tips that you can offer to travelers for them to put into action upon their return:  

• Encourage travelers to check their devices for interference – running a full malware scan is advisable, as is following any steps to cleaning their devices of any suspicious software.
• Reset passwords – for all accounts which were accessed during their trip.
• Report any suspicious activity – especially when it comes to any activity on banking apps or accounts that isn’t recognized! This can be done via a travelers’ unique provider.
• Remain alert – if any sensitive data is compromised, this can pose a risk to travelers long after their return. Cybercriminals can use any gained information to launch targeted phishing efforts to gather more data, or access financial accounts.

Discover more about the most common cyber-attacks here!  

Many smart cities regularly test for any security vulnerabilities on a regular basis, to help identify and resolve any potential weaknesses, including: routine system audits, threat modelling techniques to ascertain any risks in mock-environments, the installation and use of intrusion detection and prevention systems, all of which help spot suspicious activity.

Though cybercrime is a risk for many all over the world, heading to destinations where infrastructure is more interconnected can pose an increased number of different risks.  

Mitigating instances where travelers need to transfer any personal information, such as payments, is one way of easily reducing the risks for travelers, specifically when it comes to making payments online in-destination.

Do this by booking any of their in-destination experiences prior to their departure with Bedsonline, and offer your travelers peace of mind while simultaneously increasing your revenue opportunities.