Cybersecurity for smart cities: Changing from reactionary to proactive
- By Will Ash, Britt Norwood
- Sep 18, 2018
Threats of data breaches are no longer concerns of only retailers and major corporations -- they are a real threat to all business, industries and governments, including smart cities. Connected technology in cities is opening up more access points for hackers, which means city officials must adopt a proactive cybersecurity mindset in which IT teams actively monitor networks and quickly respond before a breach does serious damage.
Officials can no longer effectively protect smart city infrastructure and citizen data by simply reacting to security incidents. Modern smart city infrastructure is fully integrated, with multiple systems connecting and sharing data with each other through the network. As the backbone of any smart city project, the network must remain protected to ensure all other parts of the city remain safe.
The growing number of connected devices and sensors increases services and complexity, but smart cities can also add value and increase security with intent-based networking that continually aligns the end-to-end network with business goals.
As a city’s network connects devices, such as streetlights, parking meters, traffic signals, security cameras, etc., it gains the power to adapt, protect and inform the smart city by analyzing data from these endpoints. To ensure the data remains secure from endpoint to endpoint, network security protocols must be baked into the infrastructure a smart city from the very start. The smallest endpoint, like a motion sensor on a road, can lead to a major network breach that shuts down the city or releases citizen data. Protecting a smart city’s integrated network requires an end-to-end security architecture.
With an open platform, an intent-based approach allows cities to identify network needs and create automated procedures to actively ensure all layers of the system are protected. Smart cities are dynamic network environments, so no one endpoint or piece of technology is more or less important – all need equal protection. This security can only be achieved with proactive network policies that alert and respond to threats quickly.
The effects of a hack
So what happens when a hacker does breach one of these endpoints and enters the network? And yes, it’s not a question of if but when. The entire network could be at risk -- no matter the access point.
A network intruder might not be looking to steal data or hold it for ransom. Analysis of attackers shows that some intruders, even if they use ransomware tactics, may simply be aiming to disrupt or destroy system operations. These malicious actors could cause a power outage, change traffic light patterns or even disrupt emergency services or police communications. In short, they could significantly affect day-to-day activities and put citizens’ safety at risk. Hackers could disrupt internet-enabled video chats between emergency medical technicians and doctors or block signals from highway sensors that detect icy roadways.
To keep residents, the city and the network safe, proactive identification and response policies need to be in place.
The best proactive security plan is one developed by city officials that relies on a multi-tiered security approach to keep all endpoints, the network infrastructure and the cloud architecture safe. With multiple layers of security, threats from all endpoints – big and small – can be stopped before harming the full network. Cities can boost their threat intelligence by installing sensors that continuously monitor for any threats and automatically respond to those threats across the whole network.
In addition to building security into the larger network infrastructure from the start, smart cities should create an effective cyber response plan that is designed for its specific infrastructure. Developing a robust incident response plan prior to launching the smart city infrastructure is critical, so public officials will have specific steps they can take to quickly mitigate and hopefully remove any threats.
As connected technology advances, city officials must ensure they are keeping up by moving from reactionary to proactive cybersecurity. City officials who are proactive prepare for an inevitable cyber breach will not only keep their infrastructure safe, but their residents as well.
Will Ash is senior director, U.S. Public Sector, at Cisco.
Britt Norwood is VP of State and Local and Education at Cisco.