Smart City Reality Check: IoT Utopia Cannot Exist Without Security
Using the Internet of Things (IoT) to power transformational efficiencies in smart cities of the future is an idea that holds tremendous promise—and also great peril. Why? Because IoT security is still in its infancy, and therefore vulnerable to debilitating disruption from hackers. In order to realize a more prosperous future and ensure the success of smart cities, everyone involved—from regulators, to civil servants, to industry leaders—is going to have to work collaboratively on IoT security.
As the highly publicized, and widely felt, DDoS attack last month illustrates, ordinary devices like CCTV cameras can be used against us. And while the devices used in that particular attack were private property, it’s not hard to imagine similar devices owned by municipalities being used in the same way. In fact, university researchers demonstrated earlier this year that an IoT worm can be mounted on cars and used to infiltrate a city’s lighting infrastructure and wreak havoc on its electrical grid, potentially causing millions of dollars in damages, not to mention a public safety nightmare.
Industry-wide security standards have been championed as a solution by U.S. Senator Mark Warner (D-VA). “IoT ought to be an area where industry collaborates and if they can set standards first, that’s good,” Warner said when speaking to Computerworld last month. But for many industry insiders, self-regulation may not be enough, since it hasn’t seemed to work thus far. “Regulations which ban the sale of horribly secured devices in the U.S. might cause vendors to fundamentally improve the security of their devices for everyone with a global impact, because manufacturers want to be able to sell into the U.S.,” said security expert Mark Dufresne of Endgame who was quoted in the same article.
With the Computing Industry Trade Association (CompTIA) reporting that 11% of government entities are running an IoT initiative and 25% are testing pilot projects, it’s clear that the era of the smart city is already dawning, with promises of a utopian future that will have fewer traffic jams and lower electricity bills. But as recent hacks demonstrate, planning for security doesn’t seem to be part of that overall vision. Security precautions add time and expense to the planning process, and consequently, often get short shrift. This, in addition to the fact that cybersecurity is largely invisible, make it a tough sell at the local level—and that’s precisely why public and private sectors across all industries need to join the conversation.
Companies like Riverbed are already partnering with multiple agencies and service providers to help prevent future attacks. Tools like SteelCentral NetProfiler, SteelCentral AppInternals and SteelCentral Aternity can be leveraged to deliver insights that help businesses spot unusual activity fast—and act accordingly. But it’s going to take industry leadership to remind civil servants that this level of visibility is critical to maintaining a strong network security posture, and realizing long-term savings from the prevention of attacks in the new era of the smart city.
When it comes to IoT security, new standards and regulations need to be considered with encryption and continuous monitoring both at the top of the list. Cyberattacks on smart cities are preventable, but only if municipalities and elected officials commit to remaining vigilant and tech industry leaders provide the know-how—and the nudges—to keep them on track.