Technology analysts are divided on the notion of a "smart" city. On the one hand, proponents note that by creating "smart" systems to run public transportation, waste removal, traffic control, and the water system, cities can improve the efficiency of their municipal services. Such enhanced productivity would help urban centers better accommodate more people as the global population continues to grow. On the other hand, some say smart cities come with certain risks. They feel in the enthusiasm for more streamlined development and service delivery, cities might decide to entrust the management of their critical infrastructure to Internet of Things (IoT) devices with inadequate security features. As it stands, various studies suggest developers of IoT products don't focus enough on security as a design priority. This inattention threatens users' privacy when it comes to everyday IoT devices. However, some argue attackers could exploit a lack of IoT security on the city level to disrupt critical services, such as public transportation and emergency services, and by extension threaten people's safety. Steve Durbin, the managing director of Information Security Forum, elaborates on this point in an article for TechCrunch:
"The fallout of disruption can extend to cascading failures, wherein highly interconnected entities rapidly transmit adverse consequences to each other. It’s no easy task to invest in information security while creating a sustainable urban environment, but this is the challenge we face as digital connectivity and data-driven services become tightly woven into the fabric of smart cities."
Is this true? Can a targeted digital attack disrupt municipal services in such a way that threatens public safety? To answer that question, Tripwire commissioned Dimensional Research to conduct a survey that asked over 200 IT professionals working for state and local governments about the digital security challenges associated with smart city technologies. When asked if a digital attack against a smart city posed a threat to public safety, 88 percent of respondents answered in the affirmative. Rekha Shenoy, vice president and general manager of industrial cyber security for Belden, agrees with that perspective:
"While smart cities offer great efficiencies for their citizens, the same internet connectivity that enables these efficiencies can be used to deliver physical damage to infrastructure and also cause loss of life if accessed by malicious actors.
Most respondents also felt the world would see an attack against smart city services sometime soon. More than three quarters (78 percent) stated we would see an attack in 2016, while only three percent believed there wouldn't be an attack. Finally, a majority of IT professionals expressed concern over attackers targeting public transportation, with 83 percent citing their concerns for those city initiatives in particular. Given those findings, it's important that cities that are considering implementing smart technologies keep security in mind. Tim Erlin, director of IT security and risk strategy for Tripwire, is a firm advocate of that idea:
"As we use more and more technology to innovate around the management of cities and their infrastructure, we also create new attack surfaces that can be exploited. Protecting public infrastructure from cyber and physical attacks is a key consideration in the evolution of smart city technologies. We need to build smart cities with cyber security in mind, not add it as an afterthought."
For more information about Tripwire's survey, please click here. You can also learn more about the security concerns facing smart cities here and here.
