We create smart cities for the benefit of the citizens. Therefore it's mandatory to protect not just the smart city itself, but ultimately the ones who inhabit it.
Smart cities require clever security. The lack of well-defined security standards and regulations can turn smart city technology implementations into severe unforeseen challenges.
Smart cities are created to fit the need and benefit of the citizens and their culture, but we’ve seen smart implementations being attacked.
READ MORE: What is smart IoT security?
It's always correct to protect
Therefore, some advice:
- Secure quality inspection of the solution. Benchmark the solution to catch any security issues, like data leaks, exposure to the public, maintenance procedures and authentication by users.
READ MORE: Social engineering is the greatest threat against secure IoT
- Establish a response team in the municipality ready to respond to incidents. Being able to initiate countermeasures in case of an attack requires fast recovery and knowledge of sensitivity reporting, patching and sharing class security practices.
READ MORE: As cities get smarter, so should their security
- Make sure that updates of software and firmware follow vendors’ recommendation. Updates should be delivered in a secure manner.
- Plan in detail around life cycle topics – tradeoff between investments and TCO is essential. End-of-support issues may lead to immense consequences.
- Treat and process data with privacy and integrity in mind, to protect citizens. Sensitive data should be anonymized if it should ever be published in an open environment. Make sure you know where data is stored, shared and any restrictions in accessibility. Plan for recovery and have a backup strategy.
- Encrypt, authenticate, and regulate communication and access channels. Strong cryptography that protects against eavesdropping, interception, and modification should be part of the implementations. Clever security should use strong authentication mechanisms such as multi-stage log on, time limited one-time passwords, well controlled provisioning of access and fast revocable user credentials in case of loss of tablet e.g.
- Limit the possible surfaces of attack.
- Always have a manual override ready in case of incidents, to maintain some level of service in the implementation.
- Design a fault-tolerant system that provides proper resilience and availability by using techniques for power supply, software, hardware and communication to tolerate faults and still perform needed functions. Services may experience reduced response or performance, but will not fail completely.
- Ensure the continuity of basic services, define exact and different rules for different services to ensure efficiency in implementation and expenditure.
Smart Cities built around smart technology and in established urbanity functionality must be balanced with clever security. It is always correct to protect.