Everything is digitized today, and not surprisingly, the cities we live in today are called smart cities. The great thing about becoming Internet-equipped and digitally smarter is that we have better social, environmental, as well as economic sustainability today. The challenge for smart cities is to keep up with the demands of cyber-savvy populations who always want to stay connected with their surroundings, while keeping them cyber-secure.
Cities today have a clear agenda – they either want to be smart, or if they’re already smart, they’re looking to get smarter. The race to install IoT networks to better the city development process is turning out to be just as, if not more more interesting than any great race in the history of sports. But, when it comes to investing in Internet security, the same cities appear to be crawling.
Smart cities have interdependent and often complex networks of systems, devices, as well as users to depend upon. Any security effort that fails to address vulnerabilities across such networks, that involve a broad array of industries, such as manufacturing, public safety, surveillance, energy and utilities, e-government, transit, telemedicine, and so on, is futile. We are talking about threats that can steal personal information, cripple industrial control systems, hold systems for ransom, manipulate sensor data, hack communication devices, and whatnot.
The problem, therefore, comes down to poor encryption key management, lack of cryptographic measures, poor understanding of social engineering, and secure device onboarding services that don’t exist.
The more we have smart cities, the more we have the potential to create better city services, businesses, and more importantly, smarter people. But any cyber infrastructure is incomplete without a proper security structure.
We need device manufacturers and vendors to shake hands with the government and come up with more stringent cyber regulations. The focus should be on creating systems that are ‘secure by design’. No system should be released in the market without performing exhaustive testing. And even after installation, there should be tests to take care of any remaining unaddressed flaws. We also need the operators of smart cities to have an understanding of security issues; that’s the most important thing if they are to successfully mitigate any risk before an incident actually occurs.
There is no doubt that the smart cities of today are only going to get smarter in the future; the only question is, whether it will be more secure or not.