As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.

Todd Thibodeaux, President & CEO, CompTIA

June 14, 2017

5 Min Read

In the not-so-distant future, smart cities will weave the Internet of Things (IoT) and interconnected devices into existing technology infrastructure to bring entire communities online. Singapore, for example, recently launched its Smart Nation program, deploying citywide sensors and monitors to collect data on everyday living. Using an online platform dubbed Virtual Singapore, the city-state plans to use the information to improve livability and enhance government services.

But like all things digital, smart city networks have the potential to be breached by malevolent intruders. In Ukraine, hackers targeted a power grid and took an entire city's substations offline, leaving thousands of residents without power. Cybercriminals can also disrupt emergency response systems. In Texas, hackers triggered all of Dallas' emergency sirens, eventually prompting government officials to shut down the city's security system.

Bringing cities online invites a new type of threat that most government agencies are unprepared for. From traffic lights to power grids, smart cities are full of entry points that could fall victim to hackers' exploits. As cities design their digital future, government agencies need to prioritize cybersecurity protocols to mitigate attacks that have the potential to cripple entire communities.

Smart Cities Must Strengthen Security Protocols
As the number of IoT devices grows, security sits atop the list of government policy concerns. But today, only one in three governing bodies says they are prepared to manage IoT security. While 12% of government respondents believe they have the resources to respond to cybercrimes, 47% say they are only well-equipped in some areas and ill-equipped in others. Some cities, such as Dallas, discover the hard way that they lack the skills needed to protect their residents in the wake of crises.

Check out the all-star panels at the 'Understanding Cyber Attackers & Cyber Threats' event June 21 and get an in-depth look at your cyber adversaries. Click here to register

Part of the security challenge stems from a shortage of dedicated professionals. Although the majority of states have developed some type of cybersecurity response plan, 83% of government agencies say only 1% to 2% of their IT departments are security experts. The absence of dedicated security professionals is a problem for state CIOs, who struggle to keep up with evolving cybersecurity best practices. Government agencies should strongly consider offering certification or supplemental training courses to prime their in-house security teams for the challenge of protecting smart cities.

In addition to the knowledge gap, some cities are hamstrung by reliance on outdated technology used to manage industrial systems. Several years ago, Iranian hackers were able to infiltrate a water dam near New York City when city officials connected its control system to poorly protected office computer networks. Public sector groups attempting to digitize their city operations with aging infrastructure create security risks that that can easily be penetrated online. Governing bodies need to modernize each IT component within a smart city's ecosystem to keep hackers from accessing essential services.

Security Starts with a Resilient Infrastructure
As the number of IoT-connected devices swells and cyberattacks become more complex, municipalities, counties, and states considering smart solutions need to rethink their security approach.

Protection begins with building a resilient infrastructure. Before moving essential services online, a robust response protocol and disaster recovery plan for worst-case scenarios must be established. Including additional layers of security can help mitigate the fallout from a cyber attack on one system and ensure associated services continue to function. Steps like incorporating end-to-end encryption, using blockchain technology, or deploying decentralized applications are also strategies to consider using when securing essential municipal services.

Government leaders and urban planners should also consider utilizing artificial intelligence tools to help detect anomalies in city networks and accelerate government response times during a hack. Unlike human security workers, machines can process huge volumes of data quickly, reducing the time it takes to identify and negate threats. Once security measures are in place, public sector teams should routinely test for loopholes and broken patches that can be fixed immediately before intruders discover them first.

The complexity of the security challenge associated with smart cities may challenge even the most tech-savvy government staff, which may quickly find themselves in unfamiliar territory when it comes to systems integration. Moreover, pilot projects that were manageable with existing internal staff quickly become unmanageable when it's time to expand to full deployment. That's where the technology industry comes in.

Tech firms with expertise in integration, APIs, cloud computing, data, and security are essential to facilitating smart cities' growth. Expect to see concepts such as "smart cities-as-a-service" to gain traction as a means for providing efficient and effective end-to-end solutions. With economies of scale, standardization, and commoditization, smart city technologies will become more accessible and affordable over time. The smart cities-as-a-service approach brings it all together into what many city planners will view as an appealing option. 

Smart cities are quickly becoming a reality that many governments are looking to embrace. But as cities become smarter, they also become more vulnerable. As communities continue to push for digital transformations, governing bodies will need to double down on cybersecurity to keep smart cities, and their residents, safe.

Related Content:

About the Author(s)

Todd Thibodeaux

President & CEO, CompTIA

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development and growth efforts for the association. Before joining CompTIA in July 2008, Mr. Thibodeaux spent more than 17 years with the Consumer Electronics Association, where he served in a wide range of roles culminating as its senior vice president of industry relations.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights