Security: If you don’t address it, you will be a target

Thu, 2016-04-14 13:20 -- Kevin Ebi

If you were told that someone could hack into your traffic control system, bringing absolute gridlock to your downtown, would you do anything about it? What if they showed you that a hacker could easily do that with only a few hundred dollars of equipment?

That was the dire warning given to San Francisco. And it did nothing about it. Just like many other major cities that use identical traffic systems. And it’s not just traffic. It may not be much harder for a determined hacker to shut off power to your entire city.

With every sensor, camera or other device that you connect to an operations center, your city becomes a little bit smarter. Your city also becomes a bigger target. Your intelligent network is also what security experts call an attack surface. That attack surface grows as your network does.

The thing is, even the security experts agree that smart technologies can be worth it. When sensors and analytics combine, cities can transform in truly meaningful ways. But cities do need to understand the security implications – and take steps to address them. If your city doesn’t get smarter about security, it won’t really get smarter.

When there is an issue, do something
The only reason San Francisco’s traffic lights continued to function properly is that the people who understood the vulnerability chose not to exploit it. A year after the city was notified of the problem it had nothing to fix it.

The city wasn’t helped by its technology vendor. Instead of doing anything, it deflected blame and argued semantics. Instead of helping to find a solution, it tried to deflect attention, arguing that anyone who exploited the vulnerability was a data vandal, not a hacker. Meanwhile, if someone — whether they’re a data vandal or a hacker — wanted to cause traffic chaos, they could. In the end, if something goes wrong, it’s not the vendor citizens will blame — it’s you.

Understand it’s a difficult job
Cities do get some sympathy from security experts. Cities are unlike any other organization. Cities have to work with all other levels of government. They have to work with businesses. And they work with private interest groups.

Each of those levels of interactions has different standards. That variation introduces risk.

Try for consistency whenever possible, but when it isn’t, understand the risk associated with different standards and take extra care to safeguard the data.

Learn what you don’t know
The technology backbone that runs cities is changing rapidly and it can be hard to understand the implications and the related best practices. It’s important to know what you don’t know so that you can design a truly effective security strategy.

It’s even more critical since cybercriminals are working harder than ever to evade detection. It’s not a matter of keeping up with them, it’s a matter of getting ahead and staying ahead.

Council Lead Partner Cisco puts together regular security reports to make you aware of the latest threats and trends. The latest report also includes a security quiz to assess your knowledge of threats. Take it.

More stories …
Get smart about your city's data security with 4 steps you can take today
How do we ensure safe smart cities? Work with the security pros
Big data and security in the smart grid