Smart City and cybersecurity, an essential combination

City administrators and their technology decision makers must keep cybersecurity at the forefront. "Secure by design' should be the mantra of all smart city initiatives.

30
smart city Pixabay

by Haider Pasha*

The concept of the smart city is gaining in importance, not least as an innovative way of responding to the global epidemic. global pandemic Covid-19. Smart urban planning could slow future epidemics by using technology to prevent the spread of disease and help ensure the availability and safety of critical resources such as water, transport and healthcare.

There are several examples of technologies that are finding their usefulness in this scenario:

  • Using drones with facial recognition technology to track infected people to ensure they do not break quarantine and risk spreading the virus.
  • Technologies to communicate and enforce social distancing guidelines and monitor the delivery of medical supplies.
  • Real-time data collection and sharing, using smartphone data and crowd sourcing for location tracking.
  • Remote temperature sensing using artificial intelligence and autonomous last-mile management of critical equipment and supplies.

Research conducted prior to the pandemic indicated that $189 billion would be spent globally on smart city initiatives by 2023. Moreover, more than half of global spending on smart city projects is concentrated in three use cases:

  • resilient energy infrastructure
  • data-driven public safety
  • intelligent transport.

Cybersecurity must be a priority

City administrators and their technology decision makers need to keep cybersecurity at the forefront of their minds, because the more objects are connected, the greater the opportunity for hackers to infiltrate systems, extract sensitive data and disrupt potentially critical systems in law enforcement, public health and other municipal applications.

According to one study, the number of active Internet of Things devices in Europe alone is expected to grow to 53 million by 2025. The key is to improve the resilience and responsiveness of cyber security. Smart cities are a classic case of the vital importance of 'secure by design'. Connected systems for first responders, environmental controls, public internet access, traffic management, green energy and more must be based on robust, intuitive and automated security protocols and policies from the start. Security that is addressed after systems have been installed (and perhaps after data breaches have already occurred) is almost useless. Hackers are resourceful and very cooperative with each other. Additional security initiatives do not work and the potential consequences are frightening. One of the main reasons is the proliferation of endpoints at the edge of municipal networks and as gateways to the cloud: these are not just laptops, tablets and smartphones, but various forms of sensor-based systems and devices. This expansion of the attack vector is even more problematic when one considers that IoT devices, whether for commercial or industrial applications, bring with them inherent security issues, as they often cannot support the memory requirements for many cybersecurity protocols. Nor should we forget the reality that users - municipal workers, citizens, visitors and business people using municipal WiFi systems - are often the weakest link in the cybersecurity chain.

Ensuring cyber resilience

A major problem for local, state and national governments is, ironically, governance. The lack of governance on smart city initiatives, on a wide range of issues such as data management, privacy policies, access privileges and more, is highly problematic. For example, take something as seemingly innocuous as hiring a vendor to install smart streetlights. If government officials, and their technical teams, don't have the right governance policies in place to ensure that the vendor has designed in security so that hackers don't creep into the back-office systems through the digital lighting systems, we could find ourselves dealing with data theft - or worse. All components of a smart city must also practice good cyber security hygiene: good authentication policies, such as frequent and regular password changes, multi-factor authentication and increased adoption of biometrics, are essential. Obviously, this needs to be a personal commitment on the part of everyone accessing smart city digital services, but it also has automated policies imposed and installed by governments. In addition, municipalities need people who are in charge of smart city programmes and have experience and expertise in cybersecurity. This doesn't necessarily mean that you need to hire an army of security engineers, but you need leaders and professionals for whom cybersecurity is a familiar discipline. They need to be able to see the big picture and ensure that the technical and operational details are in place.

Four main elements

Finally, there are key questions that municipal leaders must be prepared to ask their CISOs, CIOs, and other technical leaders who have oversight of cybersecurity. These include:

  • Do we have a documented incident response plan? If so, what is it? Many city leaders often think their organisation has a plan, but then are surprised to learn how ineffective that plan actually is.
  • What are our governance strategies for the security of systems, applications, data and identities?
  • Should we allow our legacy systems (and presumably less inclined to 'protect by design') to connect with other systems and devices at the edge?
  • What kind of IT security tests are we carrying out? What results do we receive on these tests and how do we react?

In the end, successful smart city initiatives require four main elements: visibility, to make sure we can see what is really happening in those systems;analysis, to identify risks and anomalous systems and network behaviour; control, to manage and, if necessary, isolate key systems against threats; and coordination between all key components to ensure that security is an integral part of smart cities. "Secure by design" should be adopted as the mantra of all smart city initiatives.

Smart City Haider Pasha_Palo Alto Networks

*HaiderPasha, head of security for the Middle East and Africa at Palo Alto Networks

Previous articleGrant Thornton data on how Italian companies see the future
Next articleMedical: new Murata modules for data intensive applications

LEAVE A COMMENT

Please enter your comment!
Please enter your name here