High-profile cyberattacks and data breaches have become somewhat of a norm. You’ve likely heard this before: it’s no longer a question of if an attack will happen but when. We expect ‘always on’ connectivity with access to business data and this means that the clear boundaries of the traditional security perimeter are fading fast; as this happens, the potential attack surface grows. Advanced smart infrastructure, cloud networks and the Internet of Things (IoT) add more points of entry and ultimately more risk for both network operators and end users.
This reality has sparked a rather polarized debate among government organizations and municipalities contemplating smart city technologies. Advocates are willing to throw caution to the wind to charge forward and implement these technologies, eager to harness the data and near real-time communications enabled by smart applications to positively impact their communities and citizens. On the other hand, skeptics are staving off adoption due to fears of destructive cyberattacks – and there’s no shortage of examples to justify their hesitancy.
Just recently, we saw the City of Atlanta crippled by a SamSam ransomware attack that lasted two weeks and cost nearly $3 million – a clear warning to municipalities using smart applications. Numerous attacks on smart cities fly under the public’s radar: local police departments hit by small ransomware attacks, fire department databases hacked and gas operators plagued by customer communications disruptions.
Keeping up with the daily barrage of cyberattacks when critical services like police and fire departments, water treatment plants and utilities and energy infrastructure are at stake poses new challenges and greatly increases the consequences of an attack. Consider Gartner’s prediction that by 2020 there will be over 20.4 billion connected IoT endpoints and over the past three years alone AT&T has seen a 3,198 percent increase in attackers scanning for IoT vulnerabilities. However, there is a way to bridge this divide and manage the risks of these nightmare scenarios so that governments can capitalize on the benefits of adopting smart city technologies.
● Embrace a platform mindset. When considering smart applications, security cannot be an afterthought. Think as early as possible about developing a platform, ideally starting with the first smart application being deployed. This will ensure that the network is approached holistically, allowing orchestration, security, scalability and speed to all be prioritized. As smart applications are added, the foundation already exists to securely manage connections and implement emerging security technologies.
● Leverage the network. Whether you’re running an entire smart city or managing IT environments within a smart city, the network can help minimize damage and contain threats at the earliest possible moment. It’s unlikely that municipalities will ever have the budgets, resources or security personnel needed to secure each individual endpoint connection. Instead, optimize every part of the network – from switches to gateways and endpoints – to detect and remediate threats.
● Invest in automation. To defend against constantly evolving threats, security personnel must also adapt. A recent study revealed that only 19 percent of public sector organizations have deployed security automation tools or applications. Firewalls and endpoint security will always be important components of a city’s security posture, but innovations in machine learning and automation are essential for maintaining pace with attackers. Every attack, successful or thwarted, traverses the network. Machine learning and automation can help security teams correlate meaningful insights from the network’s data to stay ahead of cybercriminals.
There’s no shortage of consequences for leaving smart city applications unsecure, and recent industry conferences Black Hat and DEF CON provided a deluge of reminders. IBM research exposed 17 vulnerabilities in popular sensor hubs used to support smart city systems and researchers at an Israeli university discovered flaws that allow hackers to disrupt a city’s water supply by turning smart irrigation systems into a botnet. Do not mistake smart for secure. Only when these platforms are constructed with security in mind, the entire network can be leveraged to detect and remediate threats and when automation and machine learning are built into security architecture, smart cities can be secured.