October 7, 2019
The Internet of Things (IoT) has created new opportunities to address economic, social, and environmental challenges on a city level. From a broad perspective, the IoT can be viewed as a relationship between the internet and the smart devices which make our lives easier.
The internet connects with the objects around us, where information can easily be sent from one device to the next. From this the concept of the smart city was birthed, but what exactly is a smart city?
In the broadest sense, a smart city is one which incorporates the latest technologies to elevate various public services, from transportation to utilities and many more. By leveraging the power of the IoT, a smart city can enhance the quality of living for its inhabitants.
The smart city concept is a fascinating one because there’s potential to overcome the challenges which hold society back. The prospect of smart lighting, traffic controls, smart water, waste management and so much more is, without doubt, intriguing, but IoT security concerns must be accounted for to create a truly connected city.
Most consumers take a lax attitude towards the security threats devices bring with them, but this is perceived as all part and parcel with the experience. Governments and other relevant parties must, however, be vigilant with technology security.
Though the vulnerabilities of technology are often a cost of its capabilities, security risks are amplified considerably when products amalgamate to form a smart city. A lax attitude could leave cities open to various privacy and security risks, one of the biggest concerns when formulating a smart city.
Negligence could easily leave other cities vulnerable to attacks, especially when proper time hasn’t been taken to open access points within smart devices. When smart technology scales vastly, a security breach means more than simply a website going down or some information being phished, but the shut down of a transit or water system.
Security threats can have real implications for the city, where the transmission of fake data can easily lead to compromised traffic lights, incorrect waste drainage and various other outcomes.
Imagine the intricate planning that goes into incorporating new technologies on a corporate level. On a corporate level, you’ll find introducing technology on a wider scale is far more complex.
There are several industry verticals to consider when introducing smart technology across a city, with special regards to the way the government and citizenry interact under the current constructs. The more the IoT is scaled up, the more security concerns can pose a genuine risk to society.
There is scope for the introduction of various devices, systems, applications, connections, and data points on a considerably large scale. But, this creates demand for advanced testing integration and functionality of new devices.
With so many devices installed within a city set up, and various new devices being integrated over time, the need for cybersecurity tests is greater. Without advanced security measures that resolve vulnerabilities in networks and systems, it can potentially endanger the lives of citizens within the city.
A smart city must be overseen accordingly, with considerable stakeholders embracing different responsibilities, goals, and overarching ideas. A lack of oversight from cybersecurity experts can leave cities exposed to threats, which is why it’s essential for elite experts to address security concerns.
They should be on hand to identify attacks, and most importantly formulate strategies to combat attacks. Vulnerabilities will remain unless there is either an individual or faction responsible for overseeing the ecosystem of the smart city in question.
By setting up a department to tackle cybersecurity issues, a smart city can uphold specific standards and perform advanced assessments to ensure it runs effectively as a whole.
This department can be assisted with a horizontal IoT platform, which will secure the smart city by minimizing the angles for attack through end-to-end security.
When IoT devices are introduced across smart cities, advanced security planning must be factored into the discussions. This is especially important if cities are to ward off attacks from botnets.
One of the most important controls a city can use is network segmentation tools. These function to isolate IoT devices from the internet, thus limiting attacks on IoT vulnerabilities. On a segmented network, external traffic can’t reach IoT devices, thus reducing the chances of a DDoS attack.
It’s wise to introduce a layer of segmentation which prevents the average worker from interacting with IoT devices running the smart city.
When a network is designed with this level of security in mind, you safeguard against the risk of someone hacking an employee’s computer to disrupt the IoT that connects the city.
Departments must additionally deploy intrusion detection solutions and network monitoring to safeguard against DDoS attacks.
These can measure when botnets are trying to connect with command and control servers, particularly when compromised networks are scanning for vulnerabilities. But unfortunately, this is more of a reactive than a preventative system since it will usually only detect issues once a series of devices has been compromised.
When a botnet poses a threat, network monitoring and diagnosis should be performed by city network managers. One of the best and most common sense approaches to mitigating IoT concerns is to not deploy devices with vulnerabilities in the first place.
Working with vendors to consolidate principle cybersecurity practices will prevent devices from being flawed to begin with. Basic measures like ensuring devices have hard-coded passwords should never be neglected.
Cities should understand how quickly they can update and patch IoT devices in the event of a vulnerability, to create a level of protection if vulnerabilities go public. Attackers have a tendency to target all devices of a particular type once they’ve infiltrated one, so devices must be easy to update.
That’s why it’s important for smart cities to collaborate with vendors in the early stages of development. They should also ensure proper coding practices are used to generate the software necessary for each smart device.
Alongside these advanced measures, there are some basic cybersecurity safeguards organizations should implement across all devices. The NIST has provided a draft list of cybersecurity and privacy capabilities which are well worth considering.
Other basic measures include having an inventory of the software for every device while being able to control configuration changes and securely patch your IoT items. Having remote access to each device is a great security advantage, though network-based security controls might be necessary rather than relying on individual controls.
As outlined throughout this article, IT security is a pressing concern in many walks of life. That’s why Nexusguard is the perfect solution for all your IT security services, especially to secure smart cities!
https://www.techopedia.com/definition/31494/smart-city
https://www.centreforcities.org/reader/smart-cities/what-is-a-smart-city/