As a city’s management network increases to include streetlights, water and electric meters, traffic signals, security cameras and more, these growing numbers of connected devices and sensors augment services and complexity. This raises concerns around whether smart cities are also secure cities.
The smart cities concept is intended to improve the lives of city residents, make governance more effective, and resource consumption more efficient through a digital transformation. However, as digital tools become more prevalent in managing smart city development these same tools are vulnerable to security threats and risks. As cities across the world strive to modernise infrastructure to levels that are fully integrated, the complexity of multiple systems connecting and sharing data through the network grows. Essential to the success of secure smart cities is the near-instantaneous collection, analysis and sharing of large quantities of data from various sources. Thus, the primary purpose of smart cities technologies is to make cities data-driven; allowing city systems and services to be responsive and actionable in real-time.
The smart functional areas (refer to the graph) of a city require reliable and secure communication among its systems and utilities. Essentially, a smart city is one enormous Internet of Things (IoT) system, communicating with infrastructure devices, sensors and residents’ smartphones or wearables. This heightened state of IoT necessitates the need for cities to implement cybersecurity across all areas and to coordinate Information Technologies (IT) with Operational Technologies (OT).
Securing the telecom networks across IT and OT will require collaboration of departments as well as interoperability of technology. It’s important to remember that cybersecurity is a citywide issue and not just a technology risk. Since many opportunities for IoT will arise through technological integration and collaboration, it is important to build the processes, by-laws and policies with cybersecurity in mind. Note too that cybersecurity will continue to increase in complexity.
ICT for critical infrastructure
Smart cities’ infrastructure must include activities relating to governance, planning and management of a city. ICT has provided a new facet to this infrastructure making it citizen-centric, efficient, accountable and transparent. Electric, gas and water utilities play a crucial role in the security of critical infrastructure. The communications networks within utilities, while generally quite secure, can now impact multiple smart city services. Utilities now have an even greater responsibility to secure their communications networks against ‘bad actors’.
A threat could enter a smart city’s infrastructure at any compromised point, and the risk can quickly grow as one system can then compromise the next. In a classic weakest-link scenario, one seemingly innocuous connected device, when hacked and injected with malware, could potentially affect an array of other devices, causing cascading damage throughout the entire infrastructure. For example, a breach of the street lighting system could ‘infiltrate’ the servers managing this part of the city, thereby penetrating the security measures of other systems to gain wider access. These hacked systems could contain valuable data about individual customer behaviour, and eventually access to financial information or other personal information. Officials can no longer effectively protect smart city infrastructure and citizen data by simply reacting to security incidents.
As with the IoT in consumer products, citywide connected systems also need security protocols. In September 2018, the National Institute of Standards and Technology (NIST) based in the US released its first report on A Consensus Framework for Smart City Architectures. This Internet-of-Things-Enabled Smart City Framework (IES-City Framework) is the product of an open, international public working group seeking to reduce the high cost of application integration through technical analyses of existing smart city applications and architectures. Frameworks and open discussions among city leaders, utilities and communications network providers are a step in the right direction toward securing smart city growth.
Planning for the future
Connected technology in cities is opening more access points for hackers, which means city officials must adopt a proactive cybersecurity mindset in which IT teams actively monitor networks and quickly respond before a breach does serious damage. As the backbone of any smart city project, the communicating networks must remain protected to ensure all other parts of the city remain safe.
To keep residents, the city and the network safe proactive identification and response policies need to be in place. The best proactive security plan is one developed by city officials who rely on a multi-tiered security approach to keep all sensors, devices, and the network infrastructure safe. With multiple layers of security in place, threats from all points can be stopped before harming the entire network infrastructure. As connected technologies advance, city planners must move from a reactive stance to the proactive management of cybersecurity.
City officials who are prepared for an inevitable cyber breach will not only keep their infrastructure safe, but residents as well. ESI
About the author
Bobbi Harris is a utility telecommunications and smart city industry expert and the founder of Smart Water, Smart City, LLC. She focuses on utility issues, business drivers and telecom technologies to address water and energy challenges for smart cities. Bobbi has been profiled as an industry leader in the 2019 Global Smart Energy Elites journal.