Securing Smart Cities: What You Need to Know | The State of Security
Due to urbanization, which involves a complex set of economic, demographic, social, cultural, technological, and environmental processes, governments are developing smart cities to address some of the challenges unique to urban areas. This development occurs through the transmission of data using wireless technology and the cloud.
Smart cities are powered by technologies such as the Internet of Things (IoT), Information and Communications Technology (ICT), and Geographical Information Systems (GIS). Each technology works together to collect and contextualize massive amounts of data that can be used to improve the components and systems running within a city. Smart cities may also utilize artificial intelligence (AI) and blockchain technology for certain systems. This article will focus primarily on IoT, the vast network of connected physical devices that’s making cities smart.
What Are Smart Cities?
Smart cities collect and analyze mass quantities of data from a wide variety of industries and across domains like healthcare and transportation. To accomplish this, a complex network of interconnected sensors, devices, and software must be built, maintained, and secured.
The ultimate goal of a smart city is to facilitate a more sustainable and efficient environment for its residents. Smart cities use digital technology to improve the safety and quality of the lives of citizens as well as the effectiveness and efficiency of businesses. Some of the benefits of smart citizens include citizen engagement, optimized operations through real-time data intelligence, and urban planning informed by data and technology. Smart cities utilize technology to provide solutions to the following areas:
- Parking
- Public Wi-Fi
- Safety security
- Transportation
- Urban mobility
- Waste management
How Do Smart Cities Work?
Smart technology allows cities to become more sustainable and efficient. Smart cities are powered by IoT sensors, which deliver large amounts of real-time data. The cities then use this data to improve infrastructure, transportation, emergency services, public utilities, and more.
The IoT infrastructure bridges the digital (cyber) world and the physical world. In this context, the physical world is the real-life consequence of a cyberattack that disrupts critical services or takes control of an IoT device for a nefarious purpose. Consider an attack where a cybercriminal takes control of city traffic lights and turns every light at a four-way intersection green. This would have dangerous real-world consequences.
Cyber Risks and IoT Infrastructure
While the promise of what technology can do to improve urban areas is exciting, this growing area raises data privacy and security concerns for citizens. Securing smart cities is challenging due to the nature of IoT, the substantial collection of sensitive data by interconnected but insecure devices, as well as the gravity of the harm that may result if a cybercriminal disrupts critical infrastructure or services such as healthcare, utilities, and transportation. Conceivably, the average smart city may have millions of devices connected to its network as governments continue to plan, develop, and scale their IoT infrastructure. This all but guarantees a million entry points or more for cybercriminals who wish to carry out an attack.
A smart city collects and analyzes data from IoT sensors and video cameras. Much of the data collected is private, sensitive data. Information sharing and open data support the development of smart cities. The collection of data raises privacy and security concerns and questions for citizens. For example, given recent cyber events, citizens will want to know whether the data collected is securely stored and whether the data is secure when transmitted.
Interoperability
Interoperability between legacy systems and new systems may result in inconsistent security policies between less modern systems and new systems. Large networks of legacy systems, combined with new IoT-based sensors and systems, can make it challenging for smart cities to manage all these different data sources and turn the data into useful, actionable information. Interoperability issues among devices in different domains is difficult due to the lack of common standards and the increase in the risk of cyberattacks.
As more and more devices connect to a smart city’s network from various vendors and geographical locations, each device will require a certain level of interoperability with one another to effectively utilize their capabilities and add value to the smart city ecosystem. Due to a lack of common standards and policies, many cities are experimenting with new vendors and products, which create integration problems and exacerbate cyber risks.
Integration
Integration of services that have been traditionally independent from each other will require cities to review and adhere to the relevant regulatory requirements, reconcile varied security protocols and develop new ones, as well as address data ownership, usage, and privacy.
In addition to interoperability and integration challenges, many IoT devices are manufactured without security in mind. The result is increased security vulnerabilities. It also demonstrates that there is a much-needed push for collaboration between vendors, device manufacturers, and governments to secure smart cities.
Holistic and Integrated Approach to Securing Smart Cities
To become a smart city, many governments realize that they will need to integrate information from disparate systems into a single, overarching system to provide a holistic view of the overall performance and vulnerabilities associated with the connected devices and applications. Securing smart cities will require governments and businesses to look at the challenges holistically and to use an integrated approach to enable city stakeholders to view threats and vulnerabilities in their entirety rather than react to specific services or devices. According to a recent report by Deloitte Insights, an integrated approach to securing smart cities includes:
- Digital trust platform
- Privacy-by-design
- Cyberthreat intelligence and analysis
- Cyber response and resilience
- Cyber competencies and awareness program
As part of the holistic approach to securing cities, governmental bodies that aggregate all the information collected by IoT devices must use transparent practices to help assure the public that their data is not being misused. This will build trust and support for smart city initiatives, planning, and growth. Also important is a formalized set of security standards for connected devices. A single IoT platform which can provide a complete picture of an entire smart city IoT deployment will provide governments with the ability to remotely control and manage all IoT devices, helping mitigate cyber risks.
Conclusion
Technology is powering the rise of smart cities, digitally transforming necessary services from public parking and public safety to traffic and waste management. This new wave of digital transformation also brings new cyber risks that could fundamentally impact the existence of smart cities. Smart city developers (e.g., government entities and businesses) must position themselves to effectively monitor and manage their IoT infrastructure. It will be important for developers to not only mitigate risks but also to ensure the cyber resilience of the IoT infrastructure.
About the Author: Ambler is an attorney with a background in corporate governance, regulatory compliance, and data privacy. She currently consults on governance, risk, and compliance; enterprise data management, as well as data privacy and security matters in Washington, DC.
LinkedIn: https://www.linkedin.com/in/amblertjackson/
Twitter: @amblerjackson
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.