IT Strategy

How to Secure Data in Smart Cities

Cities around the world are slowly, but surely, getting smarter. As the Internet of Things (IoT) and related intelligent technologies become universal, embedded sensors will not only be woven into the fabric of our homes and workplaces but also the city’s public services and infrastructure.

While smart cities will be more efficient, sustainable, and boost the quality of life of their citizens, they will be more vulnerable to cyber threats. For example, if key public infrastructure like power grids get compromised, it can potentially bring the whole city to a standstill. 

But before we explore ways to secure smart cities, let’s first define it. 

Check out a related article:

What Makes Cities Smart?

Smart cities are essentially places that are heavily equipped with smart sensors and devices. All these IoT devices will generate vast amounts of data. These different datasets can then be accessed by relevant organizations and government bodies to enhance the quality of life of people in the area.

This can be achieved through different initiatives like efficient traffic management (with smart traffic lights and connected cars), waste management, reduction of pollution, and much more. 

If we take the Dutch city of Nijmegen, for example, we can witness the Smart Emissions project where smart sensors gather data and track information about air pressure, air quality, humidity, noise levels from all areas in real-time. This information is then visualized and presented on a map for locals 24/7.

All this data can have multiple uses and can help optimize any city. But at the same time, it’s also at risk of improper analysis, sharing, and potential security issues.

What Are the Risks?

The good news is that attacks on smart cities are still relatively unheard of, but that doesn’t mean that it won’t happen. To ensure the security and privacy of people and to minimize public safety risk, local governments and urban developers have to build security into the foundation of their smart city projects. 

This means that not only do you have to plan for natural disasters (like earthquakes and floods), you’ll also have to prepare for the inevitable cyberattack. If the experts are right, no one is safe from cyber espionage and warfare.

However, this isn’t something that could “potentially” happen in the future. It’s already happened on a smaller scale and continues to occur across digitally transformed government agencies and industries. 

According to Lee McKnight, Associate Professor at Syracuse University and Editor of the Journal of the British Blockchain Association, “you know about the Baltimore ransomware attacks, you know about the Atlanta one, you know about the two Florida cities that just paid off in bitcoin their ransomware attackers.” 

He goes on to add that these incidents occurred because of “... a combination of legacy systems from cities with limited budgets. The cities can’t afford the IT staff or numbers of a Google or an IBM or Amazon or Microsoft for securing cloud services. They’re always going to be more vulnerable because of their limited expertise and awareness.”

If cities are to get smarter on limited budgets, what’s the best approach to security? Let’s take a look. 

Securing Smart Cities Starts with Policy

Public employees are notorious for enjoying extremely high job security. So it’s going to be near impossible to get rid of staff who aren’t doing their job or have outdated skills. 

The global tech talent shortage is also going to make it more challenging, so it’s imperative to consider outsourcing some functions to established third-party providers (based nearshore or offshore). 

Local governments should also start allocating the budget necessary to negate potential cyberattacks. They also need to set aside funds to establish protocols to respond and recover from a possible security incident.

If recent events are anything to go by, allocating an adequate budget for network and cloud security might be more effective than paying a ransom in cryptocurrencies.

Build Secure Cloud Architecture and Automate Processes

It’s just not humanly possible to actively monitor and secure smart cities in real-time. This makes it imperative to automate processes to enhance security and regulatory compliance. This approach will also help reduce the city’s exposure to risk, significantly.

The primary idea here is to build a robust framework on the cloud that can help key decision-makers rule on what data and systems should be protected and how it should be protected. Decision-makers should also address how each department should respond to an attack. 

The cloud architecture of smart cities will need to conform to the following regulatory standards:

  • Cybersecurity and Privacy Advisory Committee Guidelines
  • Federal Risk and Authorization Management Program
  • Global City Teams Challenge (GCTC) 
  • Health Insurance Portability and Accountability Act (HIPAA)
  • International Organization for Standardization Standards 
  • Payment Card Industry (PCI) Standards 

The framework should also boast a three-tiered data risk clarification to make it easier for all stakeholders. For example, sensitive data like personally identifiable information, can be colored red, yellow for general data that can be shared, and so on. The way the workflows are managed both automatically and manually should depend on the data clarification.

Having said all this, it’s still critical to acknowledge the fact that it’s not going to be easy. There are a lot of variables (like conflicting regulatory compliance and legacy systems) that have to be managed carefully to realize the dream of smart cities.

To help us get there, everyone needs to start thinking about privacy and security. Whether it’s smart streetlights or smart connected energy grids, securing the data will be critical to both digital and physical security.

So whatever you build starting today, make sure that you build security into the foundation of all your smart initiatives. Whether it’s IoT or government networks, if security is an afterthought, you’re just begging for the chaos that will follow. 

Do you need cybersecurity professionals for your next project or a custom IoT solution? We can help! Reach out to Intersog now! 

IT Storyteller and Copywriter
Andrew's current undertaking is big data analytics and AI as well as digital design and branding. He is a contributor to various publications with the focus on emerging technology and digital marketing.