The many Smart City initiatives being designed and implemented in municipalities across the world give rise to the question of how the changes brought about by this new technology can be efficiently managed, especially in terms of security. This is a relevant question for all technological fields, but even more so in the case of Smart Cities.
The use of sensors assessing vehicle and pedestrian traffic, including potential hazards, is already widespread. A second step, being implemented, is the delopyment of more active measures such as controlling traffic lights and entire systems based on holistic input from the swarms of sensors. Also, the vast volume of data collected by the sensors can be processed and enriched before it’ s returned to the citizens-consumers, to provide them with useful real-time data as they drive, walk or ride public transport.
The problem with all this is that cities generally seem quite ill-prepared to staff and manage all the complexity created by this impressive technology, let alone secure it all, which can cause substantial risks and threats. If attackers gain access to one part of the sensor network, it becomes potentially easier to use as a potential onramp to escalate to more privileged access and hop back to the critical data stores and exploit them as well.
These risks would be much easier to manage if cities somehow had vast budgets to hire the best cybersavvy technicians and specialists, but this very rarely happens in reality. Real-life examples show that even where organizations had the right technology deployed, they usually failed failed on implementation or triage and escalation of potential breach incidents, remaining open to the threat of multiple security breaches following each other.
On the other hand, the solution of trying to outsource security needs creates legitimate concerns about data leakage and misuse, which are already coming to the fore. In light of the raft of legislation for protecting personally identifying data, the potential consequences from leaking security information could prove a major blow to city authorities whose staff are not digital experts.
While city authorities are primarily concerned with the basic of keeping their infrastructure running, politicians and critical infrastructure managers are far more concerned with high availability than security, which is why city systems remain highly vulnerable. However, as the interconnectivity of these systems rapidly increases, smart cities will soon have to be saddled with understanding and implementing cybersecurity well, a challenge which must be addressed without significant budget increases!
The original article can be found on welivesecurity.