Cities Would Be Smart to Deploy Strong Cyber Security Measures as They Build More Connected Infrastructures

We’re hearing more and more about smart cities, as the Internet of Things, artificial intelligence, sensors, higher bandwidth, and other technology advancements make it more feasible to modernize population centers.

Smart cities promise great benefits for citizens as well as government entities, such as enhanced services and more efficient use of infrastructure resources. But they also come with a new set of threats to data security and privacy.

City planners and managers will need to address these issues in the coming months in order to ensure that their metropolitan areas are not only smart, but safe and secure as well.

A recent report by technology industry association CompTIA sheds some light on the security issues of smart city projects. The study, “Building Smarter Cities and Communities,” is based on a survey of 1,000 U.S. households and 350 U.S. government officials on their awareness and interest in the concept of smart communities. The survey was conducted in September 2017.

From the standpoint of citizens, six in 10 said they would be interested being a resident of a smart city, although only about one quarter said they are familiar with the smart city concept. Improved public Wi-Fi and broadband connectivity; air quality monitoring; better water resource management; energy efficiency; and disaster monitoring and response lead the list of smart city use cases citizens are most interested in, according to the report.

The biggest areas of concern for citizens are funding and competing budget priorities, cyber security and privacy, and the reliability of the technology.

Among government officials, nearly three-quarters have a positive view of smart city developments. The expected benefits of smart city solutions include cost savings from operational efficiencies; optimizing use of resources; improved government services and interaction for citizens; better stream of data to improve decision-making; and the opportunity to attract technology-savvy workers and businesses.

As is the case with their constituents, government officials are most concerned about funding and cyber security.

“Cyber security is perhaps the most [critical] component of any successful smart city initiative,” said Liz Hyman, executive vice president of public advocacy at CompTIA. “Our nation’s smart cities initiatives will require a new contingent of cyber workers. We must ensure that both private and public entities are deploying policies and initiatives that provide the supply of IT workers to meet the soaring demand.”

Indeed, 40% of government officials and personnel cite skills gaps and a lack of necessary expertise as a primary area of concern affecting the expansion of smart city initiatives.

The next phase of smart cities growth will be contingent on expanding the depth and breadth of expertise among government IT staff and

expanding their workforce, said Tim Herbert, senior vice president, research and market intelligence at CompTIA.

The report identifies factors that will shape the future direction of smart cities, and one of these is ensuring that smart cities are cyber safe by providing the needed resources and a commitment to shared responsibilities for security.

Significant practical obstacles remain, Herbert said, and those factors and others make it likely that the move to smart communities will happen in measured steps rather than great leaps.

As smart city initiatives move into the realm of critical infrastructure and tapping into new streams of sensitive data, the consequences of inadequate defenses become even more dire, the report said. To mitigate the risk of worse-case-scenarios, a concerted effort will be required to implement strong cyber security fundamentals, includingcyber security training coupled with the agility required to address emerging threats.

Security threats will get worse, the study notes. While there have been improvements to security defenses and the ways organizations manage cyber threats through policies and employee training, the cyber security “arms race” continues to tilt in favor of the aggressors.

That’s why it’s somewhat reassuring that government officials and personnel rank cyber security as a top concern affecting smart city initiatives as they transition from the pilot stage to the full production stage.

“What this means when the time comes to devote resources to best-in-class technology, robust end-to-end processes, and on-going training for staff remains to be seen,” the report noted. “As seen time and again, a misstep in just one area—a patch not updated in a timely manner, an employee that falls for a phishing email, or a sloppy partner with network access—can quickly compromise security defenses.

The report recommends that cities leverage existing planning resources. For example, the U.S. National Institute of Science and Technology (NIST) has published two cyber security frameworks that every municipality embarking on a smart city initiative should be familiar with: the Framework for Improving Critical Infrastructure Cybersecurity, and the Cybersecurity Workforce Framework.

Also, in anticipation of smart city rollouts, cities should begin early with staff training and talent retention efforts. And finally, cities should engage with technology partners strategically to bolster security.