Cybersecurity: Tourist Safety in Smart Cities

Smart cities are an attractive target for criminals and cyber threat actors to exploit vulnerable systems to steal critical infrastructure data and proprietary information, conduct ransomware operations, or launch destructive cyberattacks.

Smart cities may create safer, more efficient, more resilient communities through technological innovation and data-driven decision-making; however, this opportunity also introduces potential vulnerabilities that, if exploited, could impact national security, economic security, public health and safety, and critical infrastructure operations.

With the increase in organised cybercrime globally, businesses and organisations are prioritising cybersecurity best practices to protect themselves. As a provider, it is essential to be well-informed in order to address any questions that arise from travellers. 

What is a Smart City?

And how is this linked to tourist safety in-destination?

It is important to note that there is not a universal definition or determining factor that categorises a city as 'smart' over another. The maturity of technology and infrastructure play a key role in identifying a smart city. For instance, a city with a well-established and long-standing integration of technology into its infrastructure would be considered smarter than a city with a newly implemented scheme that is just beginning.

So when thinking about what makes a smart city, this can refer to communities or settled areas that:

• Integrate information and communication technology (ICT), community-wide data, and intelligent solutions in order to transform its infrastructure or optimise community decisions, in response to community needs.
• Connect operational technology (OT) - used in smart cities to monitor, control, and adjust any machines and systems that run a city's infrastructure including traffic lights, smart cars, and smart buildings - with digital networks and apps that collect and analyse data, like Internet of Things (IoT) devices, artificial intelligence (AI), 5G and cloud computing.

Common Cybersecurity Risks in Smart Cities

While many risks are not unique to smart cities due to the widespread integration of technology in our daily lives, it is important to acknowledge the specific cybersecurity risks that may arise when visiting destinations known for their advanced technology. These risks should be carefully considered to ensure a safe and enjoyable travel experience.

Learn more about common cyber-attacks and their potential impact on travellers by exploring the information provided here.

Data Theft, Interception and Surveillance

Smart cities collect large amounts of sensitive data, such as traffic flow, waste management, and facial recognition. This data can be used for identity theft, ransomware, and device hijacking.

Certain countries may actively monitor and/or intercept digital communications made by travellers. This can include emails, messages, or any data which is sent via the internet.

Privacy Breaches

Smart city public safety systems that use AI-powered surveillance technologies may be susceptible to hacking, leading to privacy breaches.

When it comes to the process that travellers can take if they do think their privacy has been breached while abroad, here are a few steps that can be taken:  

• Change passwords/secure devices – depending on the breach, and if it can be mitigated this way.
• Report any fraudulent activity – when it comes to banking and credit, for example, initiating a ‘fraud alert’ can ensure that your customers’ account is monitored for any future fraudulent activity.
• Lodge a complaint – with the local data protection agency in-destination. For example, if a traveller is in the European Union (EU), the DPA of the destination they were visting is the main point of contact, even if the company in question processes data in another EU member state.
• Take legal action against the company or organisation – while it is required that the compromised organisation contacts those involved in a privacy or data breach, individuals can still file an action directly against a company or organisation in court if they have violated data protection rights.

Disruption of Services

Smart cities are constantly striving for greater efficiency, often achieving this through the automation of operations that were once manual. One key example of this is in areas like wastewater management and traffic control systems. However, it is important to note that connecting more components within a system can also lead to potential vulnerabilities, a truth that applies even within the context of smart cities.

The integration of multiple separate infrastructure systems into a single network or digital environment increases the potential 'attack surface.' This allows cybercriminals more opportunities to infiltrate the system, exploit weak points, and move across the entire network. As a result, there can be significant disruptions across sectors or operations within the city.

This is called a ‘disruption of services’ and when cyberattacks of this type happen, they usually involve critical services like traffic lights, power grids, and water management systems.  

For example, cybercriminals may be able to access a local government's Internet of Things sensor network, and from there they can move laterally to access the emergency alert systems if these two systems are interconnected.

Or, a cybercriminal could use a distributed denial of services (DDoS) to access and overtake the parking meters within a city, if these are an Internet of Things (IoT) device, rendering them unusable, and then use this system to overtake another system within the city.

Malware and Spyware

If travellers are connecting to unfamiliar networks, then they may be more susceptible to malware and spyware being installed without their notice. Devices can be remotely accessed via public networks, and can result in malicious software being installed which can monitor activities, access personal data or damage the device’s system.  

Here are some recommendations you can provide to travellers for when they’re in-destination:  

• Install security software – like anti-virus, anti-malware, and anti-spyware.
• Use a Virtual Private Network (VPN) – this encrypts user data, helping to protect users while on shared WiFi networks.  
• Use public WiFi safely – avoiding activities which handle sensitive data like checking online banking or making payments. Connecting through a VPN can help! 
• Use secure apps – only downloading apps from trusted sources/providers can mitigate against accidentally installing malicious software.
• Back up their data – to another device or to a cloud storage platform before departure.
• Update their software – keeping operating systems, apps and anti-virus software up to date, and avoid downloading software while away.

Unsecure Networks

In light of informing travellers about the dangers of malicious software, it is equally important to address the issue of unsecure networks. With the widespread use of the Internet of Things (IoT) in various cities globally, the number of unsecure networks available for user connection has risen. Therefore, it is imperative for travellers to be cautious of these potential risks.

Public Wi-Fi networks, particularly those offered in hotels, cafes and airports, can be considered hotspots for cyber criminals. Data which is sent or transmitted via these networks can be more easily intercepted and can be potentially used to access sensitive information.

Should a traveller not have a SIM card that allows for data roaming or pay-as-you-go data for worldwide destinations, then sometimes using public WiFi is the only choice. In these cases, travellers should use these networks sparingly, turning off their devices ‘auto-join’ function, and avoiding using public WiFi to make transactions.  

Supply Chain Attacks

Within a smart city, instances of software or hardware components being hacked within these interconnected are more common than in a community wherein this infrastructure is not as connected.  

This is often because of reliance on a third-party vendor to provide and integrate, these hardware and software elements, that connect previously separate systems.  

This leaves these very same components vulnerable to attack as a result of this supply chain – either intentionally developed by cybercriminals who may have access to this chain, or through poor security practices.

This puts individuals who visit or reside in these communities at a higher risk for:

- Data and intellectual property theft
- System or network failure due to operational technology availability disruption

In the event of a system being breached, cybercriminals could potentially disrupt city infrastructure, compromise or steal sensitive data from emergency service communications, surveillance technology, or utility networks responsible for gas, water, grid, or lighting services.

Keeping Travellers Safe Before and After Travel

Book their Experiences Before Departure

For travellers who have a clear plan for their activities at the destination, or are willing to take suggestions, pre-departure booking is the perfect option. 

This not only guarantees a better experience for the customer by arranging all their activities at once, but also maximises your revenue.

Booking your clients’ experiences alongside their accommodation also means that they won’t have to make these purchases in-destination, which mitigates the risk of becoming vulnerable to data interception while making payments for experiences online during their stay.

With Hotelbeds you can choose from:

• 250,000+ hotels and resorts in must-visit global destinations.
• Over 23,000 tours, activities and experiences in 170+ countries worldwide.
• A network of 3,500 tour operators.

and more!

Post-Departure and Return

When it comes to your clients’ personal devices, here are a few tips that you can offer to travellers for them to put into action upon their return:  

• Encourage travellers to check their devices for interference – running a full malware scan is advisable, as is following any steps to cleaning their devices of any suspicious software.
• Reset passwords – for all accounts which were accessed during their trip.
• Report any suspicious activity – especially when it comes to any activity on banking apps or accounts that isn’t recognised! This can be done via a travellers’ unique provider.
• Remain alert – if any sensitive data is compromised, this can pose a risk to travellers long after their return. Cybercriminals can use any gained information to launch targeted phishing efforts to gather more data, or access financial accounts.

Discover more about the most common cyber-attacks here.

Many smart cities regularly test for any security vulnerabilities on a regular basis, to help identify and resolve any potential weaknesses. This process includes routine system audits, threat modeling techniques to identify potential risks in simulated environments, and the implementation of intrusion detection and prevention systems to detect suspicious activities. These measures help to proactively address any weaknesses and maintain a secure environment.

While cybercrime remains a prevalent threat globally, traveling to destinations with highly interconnected infrastructure can present a diverse range of risks. 

One effective method to minimise these risks is to avoid transferring personal information, particularly when conducting online payments during travel. This simple precaution can significantly enhance the safety of travellers and their personal information.

Do this by booking any of their in-destination experiences prior to their departure with Hotelbeds, and offer travellers peace of mind while simultaneously increasing your revenue opportunities.