Security experts have been warning us about for years: increasingly sophisticated cyberattacks are coming — and more of them. A recent study and last month's denial of service attack that shut down several high-profile websites underscore how important it is for cities to not only recognize cybersecurity threats, but to take definitive action against them as they build their smart city projects. We've said it before, but it bears repeating: If cities fail to protect their smart city investments, their chances for success are very limited. — Doug Peeples
A study focused on smart city technology has yielded some alarming results: cities still aren't doing enough to protect themselves against cyberattacks, and aren't verifying the security of the technologies they're using.
The study, conducted by security and compliance technology solutions company Tripwire, is based on a survey of 203 IT security professionals working in US state and local governments.
Here are a few key takeaways:
- 23% of survey participants said cities don't understand the risks of the technology
- 27% said public Wi-Fi networks are the most vulnerable, and 19% identified smart grids
- 13% said traffic management systems are the most vulnerable, while 11% identified security cameras
- One third of the participants said cities aren't providing enough funding to ensure their technology is safe
"Municipalities are dazzled by the promises of the Industrial Internet of Things, which can bring cost savings and improved efficiency. However, the dazzle will wear off quickly if smart city initiatives can't keep up with new threats, regulatory requirements and hidden costs. In order to succeed, smart cities must actively protect their critical infrastructure," said Rekha Shenoy, VP and general manager of Industrial Cyber Security for Belden, Tripwire's parent company.
Cities don't need to go it alone
While many city officials and staffs are aware of and working on those security issues, there is help for those who need it.
Following last month's denial of service attack, the White House announced the Department of Homeland Security is developing a set of principles to ensure connected devices comply with security standards and that devices include more security features.
The Cloud Security Alliance, a large organization focused on promoting best practices for a secure cloud computing environment, offers training, research and education programs among others. Council Partners Microsoft, Cisco, Deloitte, Huawei, IBM, Intel and ZTE are all alliance members.
In addition to being involved in security-related organizations and initiatives, many Smart Cities Council Partners offer security solutions of their own. A few examples include Council Lead Partner Cisco's Smart+Connected Safety and Security offerings, Lead Partner Microsoft's CityNext seven-step cybersecurity strategy, Lead Partner IBM's Watson for Cyber Security project. And there are more.
For more on securing smart cities...
Developing a security framework is one of the essentials for cities planning smart city projects, one that should be addressed at the earliest planning stages. The importance of a secure network and recommendations for implementation are addressed throughout the Smart Cities Readiness Guide. Skim through the guide to chapters that correspond to projects your city is considering, for example the Energy chapter, to learn about important first steps for ensuring your technologies and investments are secure.
Doug Peeples is a Portland, Oregon-based writer specializing in technology and energy. Follow @smartccouncil on Twitter.