With advances in IoT, artificial intelligence, sensors, higher bandwidth and other technologies, population center modernization is becoming more and more viable, and we know more and more about smart cities. Smart cities can bring huge benefits to citizens and government agencies, such as enhancing services and making more efficient use of infrastructure resources. But they also bring a series of threats to data security and privacy.
City planners and managers need to address these issues in the coming months to ensure that not only are their metropolitan areas smart and secure.
A recent report by CompTIA, a technology industry association, illustrates some of the security issues in smart city projects. The Study for Building Smarter Cities and Communities is based on a survey of 1,000 American families and 350 U.S. government officials about the concepts and interests of smart communities. The survey was conducted in September 2017.
From a citizen’s point of view, six in 10 people are interested in becoming residents of a smart city, though only a quarter say they are familiar with the concept of a smart city. Improved public Wi-Fi and broadband connectivity; air quality monitoring; better water management; energy efficiency; and disaster monitoring and response are also smart city use cases that are of primary interest to the general public.
Citizens are most concerned about the budgetary priorities of funding and competition, cybersecurity and privacy, and the reliability of technology.
Nearly three-quarters of government officials hold a positive attitude toward the development of smart cities. The expected benefits of smart city solutions include cost savings from operational efficiencies; optimizing resource utilization; improving citizens’ government services and interactions; better data flows to improve decision-making; and the opportunity to attract skilled workers and businesses.
Like their constituents, government officials are most concerned about financial and cyber security.
“Cyber security is perhaps the most [critical] component of any successful smart city initiative,” said Liz Hyman, executive vice president of public advocacy at CompTIA. “Our nation’s smart cities initiatives will require a new contingent of cyber workers. We must ensure that both private and public entities are deploying policies and initiatives that provide the supply of IT workers to meet the soaring demand.”
In fact, 40% of government officials and staff regard skill gaps and the lack of necessary expertise as key areas of focus for influencing smart city initiatives. The next phase of smart city development will depend on the depth and breadth of government IT staff and IT staff Tim Herbert, senior vice president of research and market intelligence at CompTIA said.
The report identifies the factors that affect the future direction of smart cities. One of them is to ensure cyber security in smart cities by providing the resources needed and commitment to shared security responsibilities. Herbert said major practical obstacles remain, and these and other factors make the shift to smart communities possible in a step-by-step fashion rather than a huge leap forward.
According to the report, as smart city initiatives move into critical infrastructure and into new, sensitive data streams, the consequences of inadequate defenses have become even more serious. To reduce the risk of worse situations, there is a need for concerted action to implement a strong foundation for cybersecurity, including cybersecurity training and the agility needed to respond to emerging threats.
Research shows that security threats can get worse. Although safety precautions have improved, the way in which organizations manage cyber-threats through policies and staff training has improved, the cyber-security “arms race” continues to favor aggressors.
That is why it is reassuring to note that government officials and personnel have taken cybersecurity as the primary consideration in Smart City initiatives from a pilot phase to a full production phase.
“What this means when the time comes to devote resources to best-in-class technology, robust end-to-end processes, and on-going training for staff remains to be seen,” the report noted. “As seen time and again, a misstep in just one area—a patch not updated in a timely manner, an employee that falls for a phishing email, or a sloppy partner with network access—can quickly compromise security defenses.”
The report recommends that cities use existing planning resources. For example, the National Institute of Science and Technology (NIST) has published two cyber security frameworks, each of which should be familiar with the Cybersecurity Framework for Critical Infrastructure Improvements and the Cybersecurity Personnel Framework.
Moreover, with the introduction of smart cities, cities should start employee training and talent pooling as early as possible. Finally, cities should strategically enhance security with their technology partners.