A smart city made efficient by smart lighting and traffic controls, connected cars and smart transportation systems, and smart water and waste management systems is a utopia we may soon realize. However, IoT security concerns for smart cities must be addressed to truly create a connected city.
The issue of scale
Just as an enterprise needs to consider a number of factors when introducing new technologies into the business, city officials must do the very same thing. Yet, a city is significantly more complex than a company.
Under the construct of a city, government and citizenry come together with public and private organizations that cross several industry verticals. Not only do these create unique dynamics, they also open the opportunity for IoT to a much broader scale and variety of devices, applications, systems, connections, data points and so much more.
With so many more devices in play, cities must go beyond testing integration and functionality of new products. As new smart devices come onto the network, they need to be tested from a cybersecurity vantage point, resolving any vulnerabilities to avoid access to other devices and systems on the network.
Governments, business leaders and consumers remain lax in their attitudes of technology security, accepting the vulnerabilities as a cost of the capabilities, efficiencies, and cool-factor the device brings to their lives. However, bringing insecure products into the smart city greatly broadens security and privacy risks.
Without taking time to close any open access points in new smart devices and sensors could leave other areas of the city vulnerable to attacks. Be it a prank hack that shuts down the transit system for an hour or a large-scale attack to the water system, the impact of the attack could have real implications for the people and businesses in the city. For example, a shutdown bus system could keep people from getting to their jobs or a system could be fed fake data that could compromise traffic lights, putting pedestrians and drivers in harm’s way.
Overseeing a smart city
First foremost, when it comes to a smart city there are many players working and living there, each with their own, and often times competing ideas and structures, and responsibilities and goals. Municipalities also often lack cybersecurity experts on hand who can identify possible points of attack and develop strategies to handle attacks.
Without an individual or department responsible for overseeing and protecting the smart city ecosystem, cities will remain vulnerable from a security and privacy perspective. Such a department could set city-specific standards that every smart product must uphold before joining the network, it would perform assessments and testing and manage over the ecosystem as a whole.
To support such a department, and the security of a smart city ecosystem, cities should consider a single, horizontal IoT platform that minimizes the possible angles for attack with end-to-end security at every layer.