11 Tips to Make Your Smart City Infrastructure More Secure
Published by Viktoriia Boučková on
When DarkSide hackers launched a ransomware attack against Colonial Pipeline in May 2021, the impact was immediate and devastating. The company provides about 45% of fuel to the US East Coast, and soon roughly 90% of the gas stations in Washington DC soon went completely dry. Gas prices skyrocketed and people started panic buying–not just in the areas served by Colonial Pipeline, but all across the country.
With transportation ground to a halt in the nation’s capital, Colonial Pipeline CEO Joseph Blount made the difficult decision to pay a $4.4 million ransom. Blount noted that he didn’t make the choice lightly, but said it was “the right thing to do for the country” given the widespread impact on the country’s infrastructure. It took almost a week for Colonial Pipeline to resume normal operations.
Most Cities Still Neglect Cybersecurity
This episode aptly illustrates how security breaches in Smart Cities can directly affect traffic and transportation, even if the cyberattack isn’t specifically at traffic control or monitoring devices. And as city systems are increasingly connected through IoT-enabled devices, they are also at increased risk for cybersecurity attacks.
Given that risk will continue to increase, traffic managers must consider security as they design and implement real-time traffic management systems. Yet the 2021 Safe Cities Index revealed that few cities actually prioritize security–of the 59 cities with Smart City plans, only 15 explicitly focused on data and network security.
What’s standing in the way? Multiple factors make it more difficult for city leaders to adequately manage security risks:
- There’s no one-size-fits-all solution: No two cities have digitized in the exact same way, so it’s impossible to simply adopt a cybersecurity risk management plan that works for another city; each plan must be customized to the city’s unique needs and technology.
- Cities don’t actually own most of their infrastructure: Although the public sector regulates critical infrastructure, the private sector often owns it. Public/private partnerships are critical for reducing risk, but these partnerships are often hard to establish and maintain.
- IT resources are siloed across different departments: The local department of transportation might have IT experts who set up security for real-time traffic management. Meanwhile, the sanitation department’s IT staff may be responsible for smart waste systems. The lack of connection and coordination among all departments can create significant vulnerabilities.
The problem with neglecting security, though, is that it has cyber-physical implications. The theft of data is of course a substantial risk. But the other risk is physical injury or death. Think about what might happen if a hacker attacked traffic lights.
And another risk is a bit more subjective; it’s the perceived lack of privacy from city residents. If they feel they’re being asked for too much data, or if they don’t know where their data is going, they may resist Smart City initiatives. The 2017 failed partnership of Toronto and Sidewalk Labs highlights how a Smart City initiative can fail simply because people believe that monitoring methods are too much like surveillance.
Security Strategies for Smart Cities
Despite these challenges, it’s critical for cities to develop and implement comprehensive cybersecurity measures. These tips can make that process easier:
- Taking a people-centric approach: Cities that put people first in their Smart City initiatives are more likely to prioritize cybersecurity. After all, people’s concerns about data privacy and security are well-founded. As you begin planning your intelligent mobility infrastructure, keep privacy and security at top of mind.
- Starting with a risk management plan: It’s not uncommon for the risk management component of a Smart Cities initiative to come at the end, almost as an afterthought. The better strategy is to bake risk management into the plan from the beginning. This will help you consider each element through the lens of security and reduce your risk of overlooking something important.
- Being transparent: Smart Cities require the participation of their residents; the people out on the streets every day are the ones generating all the data, after all. They probably have legitimate concerns about what data is being collected, how it’s used, and how long it’s stored. Communicate the answers to these questions early and often.
- Embracing public-private partnerships: As we discussed earlier, cities need private sector partners. The best partnerships are built on a shared understanding of both the physical and cyber threats of today’s ever-evolving technology ecosystem.
- Selecting vendors with care: Every vendor should appreciate the importance of security for Smart Cities and have a clear, concrete plan to ensure data security. In addition to getting a thorough overview of a prospective vendor’s cybersecurity practices, ask to speak with other current or former clients about the level of security they experienced from the vendor.
- Evaluating true data needs: In the era of Big Data, it’s easy to assume that more data is always better. But all that data has to be stored, which has associated costs. And that data is also at risk of being compromised during a cyber attack. Carefully consider which data you actually need and how long you need to keep it. Some traffic data, for instance, can be discarded almost immediately, while other data points are worth saving for trend analysis.
- Building a comprehensive data governance plan: It should outline owners for all the different data sources; set the rules for how, when, and where data is stored; and establish a procedure for security audits, the addition of new technologies, and other future-state concerns.
- Considering the implications of integrating new technology in the future: Every internet-enabled piece of equipment represents a new potential point of entry. Before implementing new technology, weigh the benefits against the risks. You may decide that the facial recognition software to identify jaywalkers isn’t worth the risk, but the benefits of real-time traffic data make video cameras a worthwhile addition.
- Focusing on endpoint security: Smart Cities rely on an intricate network of IoT-enabled devices. A smart traffic management system, for instance, might include a host of cameras. Each connected device is a potential point of entry for a cyber attacker. Look for endpoint security protection that offers more than just a firewall and antivirus protection.
- Choosing the right data storage solution. Hot and cold storage were once the only option for storing massive amounts of data. But the cloud has emerged as a safe, effective storage option. Choose a storage solution that fits both business and security needs. For example, GoodVision Vault is a cloud-based solution that offers superlative security–along with the capability to connect to your extracted traffic data.
- Treating cybersecurity as a continuous-improvement exercise: Cyber attacks have gotten progressively more sophisticated in the past few years, and that trend will undoubtedly continue. Commit to regular cybersecurity audits and improvements.
Looking for a secure traffic management system that delivers data in real time? Let us show you how GoodVision can help you achieve Smart City status.