Three Factors to Smart City Security (Contributed)

No city official wants to see the growth of their smart city initiatives hindered by poor cybersecurity. Here are three ways CIOs can ensure security while benefiting from connected technology.

by , / March 7, 2019

A smart city seems to be the goal that many city officials are striving for today, the sign that a city has enough advanced technology to support its citizens’ needs. Yet, what exactly is a smart city? To us, it’s not just the use of technology to make things work more quickly; rather, it’s the use of a variety of technology — such as IoT devices, data and services — to break down silos across a city to be more efficient. Whether it be a parking kiosk, road sensor or smart traffic signal, the use of technology to improve a service and connect is when a city truly becomes smart.

Yet, there is no one way to build a smart city. Utilizing connected technology for energy, transportation or public safety components is a jumping off point to become a larger connected city. The key is that all technology works together across a single network to allow for visibility of all endpoints and devices in a secure way. When security is properly accounted for in the early stages of smart city design, city leaders can confidently focus on achieving the outcomes and benefits smart cities deliver rather than suffer from a cyberbreach. Here are the three essential factors to security that can ensure smart city growth. 

Factor No. 1: Expertise 

When making that first step to becoming a smart city, city officials should use expertise to ensure security is integrated into the plan of the city. Security experts can be engaged early to perform risk and baseline assessments with city officials, which can include network penetration assessments, as well as automation and control system risk assessments to better understand the network that will support the smart city. Their expertise should also be leveraged to design, effectively deploy and support security solutions that will keep the city’s network running before, during and after a potential breach.

These discussions can include how to protect endpoints and increase visibility of the network, as well as how to prepare for a potential cyberattack and how to respond if there is one. An important step is to create a breach readiness and response plan to help with proactivity in event of a breach. By clearly outlining the steps needed to stop a breach, city officials can be sure any network intruders are stopped quickly. Security professionals working with the city can also contain and remediate the incident almost instantly, as they know the network’s ins and outs. The more involved they become with planning, the less time an intruder can be on the network and the safer a city’s technology remains for future growth.

Factor No. 2: Endpoint protection

As smart cities continue to expand and introduce new IoT devices and sensors to their network, ensuring the security of these endpoints should be a priority. The introduction of each new endpoint (e.g., a road sensor that detects weather conditions) is an expansion of a smart city’s reach, but it is also an expansion of the potential attack surface. City officials must prepare for increases in data, devices and vulnerabilities as technology expands. A robust, flexible security solution must be in place to protect the growing network. 

To help mitigate threats, city officials must segment different parts of the network to ensure that if one device is hacked, then not every device on the network is at risk. By segmenting different sets of sensors, cities can minimize risk. For example, segmenting the sensors that control streetlights from devices that speak to first responders can ensure that a breach of a traffic system does not affect public safety, and vice versa. Segmentation can also help quarantine dangerous devices on the network if they occur by containing them to one area of the network until mitigated.

Beyond segmentation is the importance of protecting all endpoints across a network, no matter how big or small. At times, city officials can become enamored with the new IoT devices and sensors available to them, adding more devices as they become available. Yet, it’s important to remember that with the addition of devices comes the addition of endpoints, which means more vulnerabilities. 

While adding the newest technology to a city can be beneficial, it is also important to keep in mind that many of these smart city sensors are created with efficiency — and not security — in mind. By thinking holistically and creating a security platform that is flexible and can build with each addition of an endpoint, officials can be sure their endpoints are protected. The key is having the right security platform in place to handle the influx of devices and data. 

Factor No. 3: Architecture

Once a smart city’s security platform is up and running, it’s not only protecting the network from a breach, it’s also ensuring visibility of the network. In order to monitor the network, city officials need a security architecture that sees everything. With the complexity and scale of smart city networks, visibility is a critical element to enabling continuous operation and optimizing services for the city. As we say, you cannot protect what you cannot see; therefore, you need to see everything.

By building into the architecture the capability to have visibility in what’s on the network, city operators can easily profile users, devices, data and traffic. If something looks harmful, they can quarantine it, learn from it and prevent it from causing damage.

With visibility comes analytics used to assess threats and block attacks. Essentially, analytics can see a threat once and block it everywhere it can across the network. With a security architecture that offers visibility and analytics, city officials can be certain any malicious behavior on the network is detected and remediated, as effectively as possible.

Good security equals smooth growth

As a smart city continues its growth to support more advanced technology, it will continue to need strong security. By introducing a security architecture into the planning of a smart city — even if it’s only supporting a connected intersection — the most critical step to a smooth growth trajectory is made. As cities continue to grow and rely on more data to meet citizens’ needs, they will rely on their security posture to remain running. 

Will Ash

Will Ash leads Cisco’s Security sales team serving U.S. Public Sector customers. This team is focused on delivering protection to government and education customers across their extended network before, during, and after a cyberattack through threat-centric security solutions. Prior to this role, Will led Cisco’s Atlantic Enterprise team, responsible for delivering Cisco’s full product and services portfolio to customers operating in Washington D.C., Maryland, Virginia, and western Pennsylvania; positioned in the financial services, healthcare, manufacturing, retail, energy, and professional services industries.

Rebecca Chisolm

Rebecca leads the State, Local and Education Business Development team at Cisco where her team is responsible for identifying new areas of business opportunity for Cisco in the areas of Smarter Communities, Education Transformation in K12 and Higher Education, Public Safety and Connected Justice and Connected Transportation and other aspects of state, city and country government. Rebecca and her team are actively engaged in helping SLED customers through workshops, pilots and other engagements as communities look to bring the benefit of IOT to their communities while also protecting data and privacy of the citizens and their data.