Securing the smart cities of the future (Guest blog by SolarWinds)
Local authorities across the U.K. are racing to implement smart city projects designed to facilitate the better management of assets, resources, operations, and services for the benefit of residents and businesses.
New smart city technologies are impacting everything from street lighting to traffic congestion and parking, and energy usage to waste. Alongside innovations in intelligent transport, connected healthcare, and traffic management, U.K. cities also use sensors to monitor environmental issues like flooding and air quality.
However, these hyper-connected smart city environments now represent a top potential target for cyber attackers and other threat actors due to the vast volumes of sensitive data they process and the critical functions they manage.
Consequently, this means those responsible for designing, building, and operating smart cities must ensure their smart city infrastructure is protected and address key data security and privacy risks appropriately.
Protecting the evolving ecosystem
Initiating comprehensive performance monitoring and incident response tools to deliver full-stack visibility across complex hybrid IT infrastructures—and make it possible to troubleshoot network and application performance issues across fixed and wireless links—will be crucial.
Furthermore, application, user experience, and web app monitoring tools will be needed to deliver visibility into the health of key applications and sites, including software as a service (SaaS) use cases. These tools will also reveal application dependencies and related performance across the smart city networks.
Finally, IT security and automated vulnerability management tools will help save time and dramatically improve IT security. The moment performance or reliability issues come to light, support desk solutions will optimise how authorities track incident tickets, resolution rates, and reporting.
Protecting against compromise and disruption
In response to the rising ransomware threat, smart city infrastructures must feature technologies to monitor vulnerabilities and automate threat responses.
Alongside deploying device configuration management to eliminate known vulnerabilities, establishing baselines to monitor configuration drift, and backing up device configurations to recover from failures, utilising security and information and event management (SIEM) systems will aid in the detection of new attack vectors by monitoring logs.
As smart city infrastructure scales, support requirements must be resolved quickly. However, tracking VPN or connectivity issues in larger cities will require significant service desk resources. Utilising remote access tools to manage systems and endpoints and help resolve technical issues will prove a vital element of the infrastructure equation.
Dealing with data
The rapid digitisation of cities means the security of shared and open data will be mission-critical for maintaining public confidence and support. Today’s IoT systems and AI tools theoretically make it possible for individual citizens to be monitored 24/7, and citizens are beginning to express concerns about how and why this data is harvested and its implications for their privacy.
Alongside ensuring they compliantly process, store, manage, and share citizen data in line with regulations like UK-GDPR, smart city administrators will need to secure these expanding volumes of data and ensure third-party partners don’t misuse it.
To maintain citizen trust and acceptance, careful consideration will need to be given to the nature and volume of data collected and why and how this is used. Even more critically, this data will need to be kept safe from cybercriminals, nation-state adversaries, and anyone looking to exploit it for unethical or illegal purposes.
Ultimately, striking the right balance and adopting a transparent citizen-centric approach to data security that considers citizen concerns and fears about mass personal data collection is essential for local and national authorities wanting to accelerate innovative smart city approaches.
Authors
Sascha Giese
Giese holds various technical certifications, including being a Cisco Certified Network Associate (CCNA), Cisco Certified Design Associate (CCDA), Microsoft Certified Solutions Associate (MCSA), VMware Technical Sales Professional (VTSP), AWS Certified Cloud Practitioner, and Network Performance Monitor and Server & Application Monitor SolarWinds Certified Professional® (SCP).