Many cities are eager to become "smart," but in their rush to connect all kinds of assets, buildings, and other infrastructure components via sensors, software, and networks, are they neglecting to ensure the security of this new digital environment?
"Smart city security presents a new challenge for both city planners and IT professionals," said Seth Robinson, senior director, technology analysis, at global technology association CompTIA. "Digital capabilities are being added to physical infrastructure, introducing previously unseen vulnerabilities."
One example of this is the Dyn distributed denial-of-service (DDoS) attack in October 2016. A number of internet-connected devices were built into a botnet running Mirai malware and used to execute the DDoS attack.
"This event was troubling to security professionals, since the risk of unsecured IoT (Internet of Things) devices had been known for some time, but clearly steps were not being taken by end users to prevent a breach," Robinson said.
It should be troubling to city planners and executives as well. Every major city runs on a massive infrastructure that connects citizens to water, electricity, transportation, and other critical resources. As these systems become increasingly linked via networks and run by software that can manage power grids, waste management, street lighting, and public transportation systems, the risk of hacking and other attacks is real.
One of the biggest threats is that the sensors that gather data from countless devices and facilities will be hacked. That could allow cyber criminals to feed the systems false data. The falsified information could be used to cause harm or inconvenience to residents and businesses, such as shutting down transportation systems.
The primary issue when building intelligent infrastructure is the security expertise of vendors: "Vendors of physical devices that have never had computing capabilities have often not built the security expertise needed to secure those devices in a modern environment," Robinson said. "This can lead to obvious loopholes that are easily discovered by attackers."
As with much of modern IT, security for smart cities needs to be a multi-faceted approach starting with the overall objectives.
"Just as IT professionals in a corporate setting must start with the business goals, IT teams in municipal settings must start with city planners and various entities that provide city services," Robinson said. "As these groups define their vision, the IT function must describe the best technical solution -- including security -- advocating for the proper budget while also adhering to the overall objectives."
Smart cities can leverage newer technologies such as machine learning/artificial intelligence, robotics, other types of automation, and big data analytics to strengthen data security.
"One of the tenets of modern security is detection rather than pure prevention," Robinson said. "The threat landscape is too complex and dynamic to allow all attacks to be blocked. In an effort to improve detection and response patterns, IT professionals are turning to machine learning and data analytics to understand behaviors of interconnected systems and detect anomalies."
In a smart city, these proactive measures will be quite demanding, Robinson said, as many disparate pieces of infrastructure are being connected into a comprehensive system of interactions.
PREVIOUS AND RELATED COVERAGE
Barriers to adoption include resistance to change, and skepticism about whether new technologies will deliver.
Cognitive technologies can address challenges such as the industry's "brain drain."
New study says gaining competitive advantage and improving business processes are among companies' top goals.
Advisory firm says robotic programs free up tech pros to pursue more innovative work.