Mayors and other elected officials are flocking to “smart city” devices designed to monitor air quality, smooth traffic flows, decrease economic imbalances and improve the performance of government. But city IT leaders have reason to be a bit more measured in how aggressively they adopt these new platforms, speakers said last week at an event in Atlanta.
“We talk about the bright, shiny objects and all the potential that exists,” Jim Haskins, a business development manager for Cisco’s Smart and Connected Cities division, said at the Smart City Expo Atlanta conference. “Then we talk to the [chief information officer] and [chief technology officer] and it’s like, ‘Are you kidding me? You want me to deal with an exponential growth in the number of devices I manage? How much of a bump did I get in my budget?'”
The surge in the number of devices that cities are embracing — from environmental monitors to traffic cameras to biometric scanners — creates a host of new security concerns at a time when many communities are struggling just to protect their core IT assets from threats like ransomware. And as cities continue to grow faster than other human settlements, local governments are going to have to re-evaluate how they approach cybersecurity, said Jarell Mikell, a senior manager for enterprise IT security at Southern Company, a gas and electric utility.
Mikell citied statistics showing that about 1.3 million people around the world move into cities every week, and that by 2040, at least 70 percent of the world’s population will be made up of urban-dwellers.
“From a cyber perspective, to facilitate that you’re looking at a massive communications network that has to be built,” Mikell said. “Billions of edge devices. That’s an attack surface we have to defend.”
Another problem facing cities that embrace new “smart” technologies is that they often lack the security architectures capable of supporting these devices, Lalit Ahluwalia, a managing director at the consulting firm Accenture, told a roomful of local-government administrators and technologists.
“Everyone wants to be a smart city,” he said. “But based on the resources [most cities] have, are they in a place where what they think they should do can be done? Probably not.”
Mikell added that many local governments still need to become better practiced at cybersecurity basics, like the basic “blocking and tackling” of installing regular operating-system patches and adopting a standardized framework, such as the one offered by the National Institute of Standards and Technology. He also reminded the audience that smart-city devices can be hacked rather easily if their users do not change the default passwords.
Beyond security concern with devices themselves, smart-city programs also create huge volumes of new data for governments to manage. Haskins, the Cisco manager, said governments should treat those data sets like any other precious commodity.
“If data is the new oil, we need to know how to find it, how to refine it and how to distribute it,” he said. “Also, protect it.”
Cities have created data-governance policies in the past, Haskins said. But the exponential growth in the number of internet-connected devices used in urban management and the information they collect means cities will have to rethink those strategies, especially in the event an attacker tries to compromise that data.
“You want to prepare for war in a time of peace,” Haskins said. “We’re trying to balance innovation and security. We all want to innovate, but we have a responsibility.”