Get smart about your city's data security with 4 steps you can take today

Fri, 2015-07-10 06:00 -- SCC Staff

Are you tired of hearing all the warnings about security? Well, there’s something you can do about it. Four things to be exact.

Despite the threats, many cities are not taking action -- even when they’re aware of a threat. And the threat is real. North Korean hackers broke into computers running South Korea’s nuclear power plants, stealing blueprints and employee data. While you may dismiss that as an extreme case, there’s a known vulnerability that could allow hackers to take control of traffic signals in some of the world’s largest cities.

If the problem is simply that you don’t know how to get started, a blog post from Council Lead Partner Cisco may help. The post outlines four common security problems cities face and -- perhaps more importantly -- suggests steps they can start taking today to address them.

Tear down city silos
One of the biggest issues facing many cities is that they don’t have one person in charge of security citywide. That means security standards can vary quite widely from one department to the next. And that variation poses a huge risk.

Especially as more systems become interconnected, a city’s overall security is only as strong as the weakest system. A citywide security champion can help set and enforce standards and share best practices.

Put your networks behind a firewall
Twenty years ago, connecting traffic signals to the Internet may have seemed like a ridiculous notion; today, many find it’s a good idea. But as cities connect new devices, many aren’t giving adequate thought to the backbone that ties everything together.

Devices don’t have to be connected directly to the Internet for the city to be able to get real-time information from them. Dedicated, private networks can provide the same functionality with much less risk. But if you do elect to use the Internet for cost or other reasons, do make sure you’re using firewalls to protect the devices.

Monitor your network closely
These days, most electric utilities are monitoring their operations in real-time to immediately detect and respond to outages. But cities rarely put the same care into monitoring their data backbones.

While hackers try hard to cover their tracks, their activities leave behind telltale signs. There are a number of tools that monitor unusual attempts to access or changes files. Using and monitoring these tools in real-time allows gives you early warning about a threat and allows you to take immediate action to mitigate it.

Who really needs access?
Finally, experts encourage you to think about who really needs access to a network or a particular set of data and to restrict access to only those people who really need it. At a hospital, for example, someone in marketing wouldn’t be able to log in and look up detailed medical history of all the patients. Similarly, cities can reduce their risk by not giving blanket access to everyone.

Further, people who manage data should also be able to quickly see a list of everyone who has access to it. They should also get into the habit of regularly checking the access to make sure there aren’t any unauthorized users and to remove people who don’t need that level of access any longer.

Nothing is completely secure
It is important for cities to realize that nothing is ever 100% secure. If someone really wants to get your data or access your network, they will find a way. But experts say starting with these four steps will significantly reduce your risk and they will greatly minimize the damage a hacker can do.

The Council's Smart Cities Readiness Guide includes more expert guidance on establishing city-wide security policies and smart data management practices. It is available for download by registered members of the Council. Not registered? You can do so here; there is no charge.

More stories …
The security warning many cities are (stupidly) ignoring
Is your city prepared for a security breach? If not, it could cost you millions
Big data and security in the smart grid