Continue to

Report highlights 10 cybersecurity steps to protect smart city tech

A new analysis from Trend Micro identifies the best ways for cities to protect their systems, data and critical services.

Jason Shueh
Jason Shueh Tech Editor

Jason Shueh is a tech editor at StateScoop with a specialty for civic tech and smart city news. His articles and writing have covered numerous subj...

(Trend Micro)

IT security firm Trend Micro details the new threats that cities will face and provides a 10-step cybersecurity checklist in a report released Tuesday.

The checklist advocates for techniques like designing manual overrides for crucial systems and creating enough fail-safes so one connected system can’t jeopardize others. 

The researchers also dissected smart city hazards into five top areas to watch: energy, transportation, connectivity, the environment and systems used for governance. Hackers might assault power grids or disrupt emergency medical services. Hacked traffic signals might cause fatal accidents. Waste water smart valves may be forced to overflow — and the list goes on.

Proposing ways to reduce such calamities, Trend Micro Vice President of Cloud Research Mark Nunnikhoven said the company devised the checklist as a kind of playbook. 

“The increased connectivity provides more value to the citizens of the city but it also increases the potential return for any attacker,” Nunnikhoven said. “If one system is compromised, attackers can potentially compromise other systems in turn.”

To get ahead of issues, he stressed that cities must accept likely attacks from beginning to end of any project — from the design-and-build phases through the rest of the life cycle of the technology.

“Security works best when it’s applied to all aspects of a system and built in from the start. Using a layered defense makes sure that there are no particular weak points or single points of failure,” Nunnikhoven said.

Based on priority, Nunnikhoven ordered the 10 steps as follows. More details on each can be found in the full report.

  1. Design a fault-tolerant system
  2. Process data with privacy in mind 
  3. Encrypt, authenticate and regulate public communication channels
  4. Ensure the consistency and security of software updates
  5. Prioritize security in service-level agreements for all vendors and service providers
  6. Perform quality inspection and penetration testing
  7. Always have a manual override ready
  8. Ensure the continuity of basic services
  9. Plan around the life cycle of smart infrastructures 
  10. Establish a municipal CERT or CSIRT

Nunnikhoven notes that priorities one through three relate to design and build time concerns, four through six are undertaken when nearing launch and seven through 10 deal with the operations and ongoing lifecycle of smart city infrastructure.

-In this Story-

State & Local News, Privacy, Tech News, Cybersecurity, Attacks & Breaches, Critical Infrastructure, Malware, Risk Management, Digital Services, Shared Services, Emerging Technology, Internet of Things, IT Infrastructure, Modernization, Smart City cybersecurity, smart city growth, Trend Micro, security

Join the Conversation