How will security attitudes change in the era of the smart city?


Chloe Green at Information Age: “The phrase ‘Cities of the Future’ conjures up so many different images, from the utopia of The Jetsons to the dystopia of Judge Dredd. But one thing that most agree on is the connected nature of our cities, with every aspect of life being connected to the internet, machines communicating with machines and with us.

….

Connected cities, also called smart cities, are one aspect of the Internet of Things. Smart cities are where services use technology to be more efficient and cost-effective, from traffic and transport systems to waste management to energy and healthcare…. – with these technological advances come big concerns. Specifically these concerns revolve around data and its protection.

A connected city will be generating huge quantities of data, which will be shared from machine to machine and department to department. That’s a lot of data to target, and a lot of attack vectors to get at it.

And, as this article on Dark Reading points out, those attack vectors include the sensors themselves, which can be hacked and used to feed fake data into the system. This can result in transport systems being shut down, for example. In a big city that is a quick route to total mayhem….

Hiding the data away on an internal network won’t work, in fact that goes against the very idea of a smart city, where data sharing is the norm. The problem is, many of the companies producing hardware and software for smart cities are not experts in cyber security and so it’s often an after-thought. There is also a startling lack of standards in the smart city industry at the moment.

That is slowly changing though; Securing Smart Cities is a non-profit organisation made up of cyber security companies such as Kaspersky Lab, research bodies such as IOActive and industry bodies like the Cloud Security Alliance.

Similarly, there have been calls for smart cities to have a Computer Emergency Response Team (CERT) on standby in case of a cyber attack against the infrastructure.

But in some ways new security threats posed by smart cities are not too different from what we’ve seen with the emergence of mobile and cloud computing. What’s changed is the perimeter of the network; it’s no longer contained to a data centre. The same rules that apply here could well apply to smart cities.

Access management will play a big role in securing smart cities; ensuring only the right people (or devices) from the right location can interact with each other can help to keep the bad guys out.

From encryption to DDoS mitigation to intelligent traffic management, there are systems that can be put in place to secure the data that smart cities and the IoT need to be truly effective…..(More)