Smart Cities Must Be Secure Cities

Friday, April 14, 2017

Jack Huffard

E14ebc073505fd5a94f8c16d9be81ec2

If you’ve never heard the term “smart city” before, you are soon going to be hearing it a lot. Smart city technology uses data sensors and analytics, the IoT, information and communication technology to improve the efficiency of city services and the quality of our lives. Smart cities monitor and manage physical assets, infrastructure, connectivity, and information services that affect citizens on a daily basis.

The smart city vision

You have probably already experienced a small sample of what smart city technology can do for you. For example, have you ever approached a highway on-ramp that is controlled by a smart traffic light that manages traffic flow, alleviates congestion and reduces idling time? Do you have a smart meter at home that monitors your daily energy consumption and recommends scheduling appliance usage during non-peak hours? Have you used a smartphone app that tells you where the empty parking spaces are in an airport garage? On a very small scale, those are all examples of smart city technology at work.

On a grander scale, imagine a city in which autonomous buses shuttle employees to work via the most efficient route, reducing individual automobile emissions and improving rush hour traffic flow. Or a virtual grid of sensors that relay data to a central processor to determine where air pollution is at critical levels, or where earth tremors are signaling a potential quake, warning the public of an impending emergency. Or Dedicated Short Range Communications (DSRC) devices in cars that eliminate the need for parking meters.

Does that sound like the Jetsons? Think again. This is reality, in places like Singapore, Columbus Ohio, and Barcelona where smart city technology is being deployed. As more people move into cities and urban sprawl increases, integrated services and system efficiencies are critical to our quality of life. Smart city technologists envision community-wide free Wi-Fi, autonomous public transportation, DSRC traffic flow control, smart street lighting, energy efficiencies, data sensors across the city to collect and analyze metrics, and IoT devices in every smart building.

Public/private partnerships

Smart city initiatives are being planned and funded by both government agencies and commercial firms, with many projects undertaken as public/private partnerships. For example, the U.S. Department of Transportation’s Smart City Challenge is working with Columbus, Ohio (and other finalist municipalities) to implement smart transportation systems that improve traffic flow, reduce transportation costs, and create more efficient systems. The state of Illinois is going after the title of “first smart state” with the 2016 creation of a statewide agency overseeing smart technology across the state, from digitizing public health care services to installing energy efficient street lights.

I recently had the privilege of meeting with Governor Terry McAuliffe of Virginia. As chair of the National Governors Association (NGA), McAuliffe has announced that Meet the Threat is his focus for the NGA this coming year to improve cybersecurity strategies and practices nationwide. He is also working with mayors from four Virginia cities who have submitted proposals to the ongoing DOT Smart City Challenge program. McAuliffe’s initiatives illustrate the reality that cybersecurity is no longer an IT issue – it is a public safety issue, an infrastructure issue, an executive issue that touches all aspects of our lives. Security must be planned for and funded as an integral part of each and every technology initiative.

The technology

Clearly, smart cities are welcome if the technology truly improves our lives. But it can be alarming if our privacy is at further risk. Since these smart city initiatives are just beginning, we have an opportunity and obligation to take the time to make sure that security is an integral part of the overall design. If smart city technology is not secure, we are not only putting our systems at risk, we are risking the safety and lives of the citizenry as well.

In many respects, smart city technology is simply a scaling of our existing technology – an expansion of networks, data repositories, the IoT, and wireless communications. That means bigger networks, expansive cloud-based services, more IoT devices and interconnected devices – infrastructure that moves beyond enterprise walls and permeates all aspects of our lives. That also means more opportunities for adversaries to take advantage of security weaknesses.

Smart technology is not smart enough without security that is completely integrated into the smart devices and applications from the outset. And smart security must scale along with the technology and infrastructure changes.

Smart security at the city level

Take the City of San Diego as an example. As the eighth largest city in the U.S., San Diego operations include 24 networks and 40 departments all running 24/7, from traffic control to library services, from the police department to waste management. With over a million cyberattacks per day, the city’s infrastructure cannot afford anything but the most comprehensive and trustworthy security to prevent potential disruptions and catastrophic losses. With the help of Tenable’s security solutions, the city inventoried all of their systems, deployed active and passive scanning, identified hundreds of at-risk devices to patch or decommission, and implemented continuous security monitoring to protect all assets across the city. City officials estimate that they are saving over one million dollars per year by reducing their threat exposure and strengthening their security against potential breaches. And with the continual development and expansion of Tenable services, security is growing as San Diego enters the smart city era. No asset goes live without a thorough scan and configuration audit.

“Design in” security

There is an old adage that says, “plan, plan, plan and then execute.” I urge all politicians, state and local officials, urban planning and development organizations to take a step back, collaborate and design security into the vision of the smart city. The time spent to get it right out of the gate will save taxpayers significant sums in the future by not having to compensate for security issues later with people, technologies and programs when it could have been designed in from the start.

About the author: Jack Huffard is the president and chief operating officer of Tenable, where he is responsible for driving all global revenue growth and leading the company’s corporate strategy and organizational growth.

Possibly Related Articles:
48271
SCADA Security Awareness
Cyber Security smart city at-risk devices
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.