As India gears up for its biggest ever wave of urban growth, the government has drawn up a blueprint for what’s generally considered one of the boldest attempts to sketch a new urban vision for the country– smart cities. It will boast facilities ranging from uninterrupted power and water supply, online delivery of public services, and an effective public transport system among others. Cities across the globe have benefited from such economic growth and technology advances and the time is now for India to hitch the wagon to this growth engine. That brings up the next question: What is the smart city of the future going to look like?
Primarily, smart city deployments come with multiple features and state-of-the-art technologies (like critical and complex ICT implementations) and comprise of a diverse ecosystem of technology providers. The smart city infrastructure is implanted with sensors and actuators at each endpoint that will collate all the structured or unstructured data. This data can be analysed to drive insights to better the facilities in smart cities. At the same time, increasing ICT complexity and hyper connectivity (namely through ‘Internet of Things’ environments) as well as significant data generation could mean increasing vulnerability to this information through malicious attacks as well as unintended incidents.
Smart City Security – Combating Vulnerabilities
As Internet of Things (IoT) becomes the bedrock of smart cities, administrators will have greater security challenges to grapple with. With increased data generation within the city infrastructure, the smart city soon becomes a tempting proposition for cyber-criminals because of its technological diversity and sophistication. Any system, after all, is only as good as its weakest link. In Lodz, Poland, a tram driver was trying to steer to the right when he found that his vehicle was involuntarily being taken to the left at high speed, this resulted in physical damage and loss of lives. A 14-year-old electronics buff managed to tweak the city’s transport command and control systems, using nothing more than a modified TV remote control to pull off this prank. Such attacks are not always guided by whims as evidenced by the Stuxnet attack. Stuxnet marked a watershed in virtual warfare by infecting critical infrastructure and sending even heavily-guarded machinery spinning wildly out of control. Now this potential seems to have grown more complex with newer cyber espionage attacks by groups like Dragonfly that hit more than 1,000 energy firms in multiple countries, crippling critical infrastructure.
As India orchestrates its vision of 100 smart cities – a major step toward a digital India, what could attacks on critical infrastructure such as these mean to a nation and to us – the citizens? By conceiving interconnected urban systems with security and information protection at its core, city administrators can ensure service continuity, safety and well-being for citizens and businesses alike. The time is now for administrators to craft strategies from all the data insights.
Big Data Bigger Insights: Galvanizing Security Intelligence
Smart Cities would serve as a gold mine of data as devices would become smarter and more intuitive, having the capability to generate and store data. Deriving intelligence from haystacks of structured and unstructured data will serve as the best alternative to plan for the future. Right from improving healthcare functions, to regulating energy consumption and cost, and even provide real-time data on traffic flow- Big Data and analytics would sit at the heart of administrative decisions to enhance day to day operations. Similar intelligence can be applied from an information security point of view as well to safeguard these smart cities
Intelligence-driven security enables security professionals to prioritize and focus on the most pertinent threats and vulnerabilities to engage in more proactive actions with greater efficiency and speed. It also opens the door to providing organisations with new forms of protection that better equip them to address the wide array of emerging threats. Data then becomes the foundation of security practices in several organisations. In the quest to achieve the level of ‘good enough’ security, the findings the research from the Enterprise Strategy Group, ‘Big Data Intersection with Security Analytics’ demonstrate a positive trend. It is not too surprising to hear that, in our ‘Big Data’ world, we are collecting a lot more data than we used to two years ago. Judging by the survey, the data is primarily used to detect advanced threats and for security incident analysis. Any threat to the security of the smart city systems and its information can be detected, analysed and dealt with using threat intelligence services. The ICT should be able to obtain reliable threat and vulnerability intelligence, and consequently dynamically adjust its security stance.
Creating a Cyber-attack-resilient Smart City
Worldwide, smart cities are on the rise with city planners competing to attract business and talent without placing excessive demands on the environment. However, increasing ICT complexity means increasing vulnerability to malicious attacks- making the safety and well-being of citizens and business a top priority for city administrators. Smart cities can securely thrive and prosper if cyber security and information security are fundamental components in the smart city blueprint.
- Establishing a governance framework – This will help identify and engage key stakeholders
- Ensure governance, risk and compliance (GRC) – This is will make sure IT departments are able to monitor their environment and meet compliance regulations
- Enabling service continuity – Cities aspiring to be “smart” must learn to secure and manage diverse environments. There is as yet no alternative to deploying up-to-date solutions for security, backup, data loss prevention, archiving and disaster recovery
- Protecting information proactively –People responsible for modeling the city’s information backbone must embrace an information-centric approach, which includes using content-aware information tools that consider users’ context before sharing information with them
- Authenticating users – By ensuring the true identity of a smart device, system or application, strong authentication techniques can ensure protection for an organization’s public-facing assets
- Balancing traditional v. cloud delivery – All the smart services mentioned so far can be accessed along the traditional client-server route or as a cloud-based “pay as you go” services; smart cities must work toward achieving a happy balance between the two models
- Managing security services – Cities should seriously consider outsourcing cyber security services to minimize security disruption and data loss
- Protecting infrastructure – Top priorities for IT administrators in smart cities include securing endpoints, messaging and web environments, and critical internal servers as well as providing for improved data backup and faster recovery
- Ensuring 24x7 availability of critical infrastructure – There is need to ensure resilience in case of an incident by way of adequate backup and recovery software or appliances, policies, processes and tools
- Developing an information management strategy – This will include information retention plans and policies, and implementation of de-duplication techniques in as many places as possible to free up resources. A full-featured archive, an e-Discovery system and data loss prevention technologies would be the other components of this strategy.
- Working with seasoned partners for security and information protection – On the security front, cities can’t dilly-dally for too long. Given that there is insufficient in-house expertise, city planners must tap expertise from external partners with worldwide visibility of cyber threats and attacks.
Security threats are now an integral consideration in the private sector boardroom, and for policy making within the public sector. Public administrators know that any serious incident or breach could result in devastating outcomes in terms of financial, data, credibility and reputation loss or damage.
Choosing reputable, experienced thought leaders as partners in conceiving such complex developments is an important step in the right direction towards building resilient smart cities for the digital India of the twenty-first century.