Why Aren’t We Talking More Proactively About Securing Smart Infrastructure?

Cyberattacks against smart cars, smart homes, and other smart devices are happening today, so it is easy to jump to the conclusion that we will soon be reading about smart buildings and smart cities being attacked.

I have to admit I have become somewhat desensitized to the topic of cyberattacks against infrastructure. Maybe it’s because I see the industry and media classifying the security of smart infrastructure under the topic of securing the Internet of Things. When I hear about IoT attacks, it just hasn’t been personal enough for me to get fired up.

An Intel colleague, Lorie Wigle, head of Intel’s IoT strategy, recently described how technology will be part of climate change efforts. Whatever the carbon goal, renewable energy, energy efficiency, smart transportation, and smart buildings will all play critical roles. After reading her blog, I started noticing other articles covering everything from the latest connected car hacks to suspicions of rigged Internet-connected voting systems.

Maybe you remember a US government exercise from just a few years ago, when a team of hackers used a cyberattack to make an electrical generator motor self-destruct. Or the attack against the Ukrainian electric power grid, which put the US grid on high alert last year.

Recently, the US Transportation Department released the first national guidelines to spur development of autonomous-vehicle technologies and ensure their safety. The day before that, a group of researchers showed that it was possible to control an Internet-connected car from a distance. These researchers said they were able to take over numerous functions of a specific make and model from as far away as 12 miles, manipulating the vehicle’s controls via a laptop computer. They locked the car's control screens, moved seats, activated turn signals, and opened doors without keys. While the car was driving, they used the laptop to turn on windshield wipers, open the trunk, and fold in exterior rearview mirrors. A researcher in an office building also 12 miles from the test track was able to activate the car's brakes while the vehicle was moving.

A June 2016 survey conducted by Dimensional Research assessed cybersecurity challenges associated with smart city technologies by interviewing over 200 IT professionals working for state and local governments. When asked if a cyberattack targeting critical city infrastructure posed a threat to public safety, 88% of the respondents said yes. In addition, 78% of the respondents stated there would likely be a cyberattack against smart city services in 2016.

Smart cities use IT solutions to manage a wide range of city services, including smart power grids, transportation, surveillance cameras, wastewater treatment, and more. Navigant Research anticipates that global smart city technology revenue will reach $36.8 billion this year. Despite growing profitability in the sector, many cybersecurity experts are wary that smart city technologies are being adopted faster than the technology needed to protect them.

I started this blog asking a question: Why aren’t we talking more proactively about securing smart infrastructure? I’ll end it with a request for action: Get seriously involved now. Let’s not repeat the mistakes of the past and perpetuate the vicious cycle of security complexity and failure by trying to bolt on security after the fact.  Build in a sustainable defensive advantage as part of your security reference architecture as you build your smart ecosystems.