By 2050, 68% of the world will live in cities, the UN projects. With rapid urbanization, city planners are adopting technology to foster sustainable development and meet the demands of residents, transforming cities into “smart cities.”
Smart cities rely on IoT and AI technologies to collect data on various facets of city life, such as traffic, health, weather, and waste management, and automate processes. IoT devices include traffic cameras, utility meters, smart grid sensors, and air quality monitors. With successful implementation, city officials use the data collected to communicate quickly and effectively with residents, optimize city resources, and plan for a more sustainable urban future. However, with an explosive increase in technology deployed in public places comes unique IT security challenges.
IT Security Risks Run the Gamut
The spectrum of security risks is broad, ranging from individuals committing fraud by hacking ease-of-payment portals to cyber-physical risks such as malfunctioning traffic light cameras that could cause car accidents. Risks also include nation-state actors sabotaging the operations of an entire city.
Another, and perhaps larger concern, is the interconnectivity of smart systems. Any weak point in the infrastructure could threaten the entire system.
In addition, smart cities face risks around a lack of governance. Without clearly defined roles, smart city technologies rely on security in the supply chain and the assumption that city IT professionals will abide by IT security best practices.
“Unlike the corporate environment, in which there are usually quite clearly defined roles for security like a chief information security officer, data protection officer, [and] privacy officer, those types of roles don’t typically exist in smart cities within municipalities,” said NCC Group commercial researcher Matt Lewis. “As a result, there’s currently an uncertainty within local authorities around who’s responsible for security and risk.”
To address the potential threats in detail, Matt Lewis and the NCC Research group have developed “A Blueprint for Secure Smart Cities.”
Reduction of Smart City Security Risks
Local authorities are mostly in the trial phase with smart city technology today, but implementation will likely expand in the next five years. As a result, cities will become more reliant on various technologies as well as IT vendors.
A certain amount of risk can be mitigated in the design process and through rigorous security testing. However, an unwavering dedication to security is required. In addition, since smart city technology can affect the privacy of citizens, cities must develop data protection practices that consider consent and fair use.
Because each city has its own specific demands and visions, it’s difficult to prescribe uniform technologies across smart cities. However, Lewis suggested that city authorities and IT professionals focus on developing security working groups that involve a network of people with knowledge of smart city infrastructure. “For example, you might have representatives from legal, representatives from corporate IT, and [representatives] from urban planning,” Lewis explained. He added that working groups might also engage citizens.
“Within that group, there should be a better understanding of what the security objectives are and what the governance model should be for that city,” Lewis said.