Imagine a world where local governments can predict the likelihood of a fire, tailor traffic lights that respond to public buses and implement street lights. We already live in that world—with cities all around the world beginning to implement these tools. This is a new age: the age of the smart city. Smart cities are using electronic data collection and sensors that supply information collected from citizens, devices, and other assets to monitor and manage numerous aspects of city life including traffic, energy, water supply, waste management, law enforcement and so much more. This has led (and will continue to lead) to an improved quality of life for residents of smart cities, but at the same time it poses serious security risks to cities—and governments of smart cities are woefully underprepared.

Well-known cities have taken advantage of the growing Internet of Things (IoT), implementing innovative initiatives, cutting costs and addressing major issues. In Chicago, the city is controlling the rat population by using predictive analytics to figure out which dumpsters are more likely to be full and attract rats. In San Antonio, street lights adjust in stormy weather to increase visibility and reduce accidents. Barcelona has even introduced smart city sensors in the ground that analyze and predict rain, while adjusting city sprinklers to conserve water. Oslo has installed a sensor network to improve the care of sick and elderly patients. These initiatives have the double advantage of improving people’s lives and cutting costs for local government. Barcelona saved $58 million annually from their water meter technology. A city in South Korea cut building operating costs by 30% after implementing sensors that monitor water and electricity usage. Given all this, it’s no surprise that urban areas are embracing the idea of the smart city all over the world.

At the same time however, the rise of smart cities has unleashed a new slew of security risks. Cities are simply not prepared to handle the amount of sensitive data coming their way. Only one in three governing bodies feels prepared to manage the security needed for IoT and only 12% of government respondents believe they have the resources to respond to cyber crimes. 47% feel that their preparation is patchy—they are well-equipped in some areas but totally lacking in other areas. And a whopping 83% of government agencies report that only 1% to 2% of their IT departments is composed of security experts. Plaintext information still travels across smart city information systems. As Steffen Sorrel, author of a Juniper Research study on the top-five smart cities, says of cyberattacks, “it’s no longer a question of if, but when.” It has already started to happen. In 2011, hackers gained access to an Illinois water utility control system and destroyed a water pump that serviced over 2,000 people. In April of this year hackers set off 156 alarms in Dallas, Texas, overwhelming 911 operators and resulting in government officials having to shut down the city’s security system.

These are not minor concerns. If a smart city faces a cyber attack, residents could suffer significantly without access to basic resources like water or electricity. Security needs to be the number one priority when it comes to smart cities. City governments need to make sure each IT component of their city is up-to-date. When they secure essential services, cities should consider strategies like incorporating end-to-end encryption, using blockchain technology, or deploying decentralized applications. They should provide essential training courses to their security teams. Additionally, a city’s IT infrastructure should be monitored end-to-end and government cities should implement solutions that provide IT analytics in real-time so that abnormalities can be detected quickly. That way, when an incident happens, governments can respond quickly and stop an attack from spreading. And, of course, governments should have—and this is step number one—a response protocol and disaster recovery plan.

For smart cities, secure communication needs to be a key component of both running the city and responding in the event of a cybersecurity incident. Governments (and their various departments) need a way to discuss aspects of the city without compromising the sensitive information they’re discussing, and making sure it doesn’t fall into the wrong hands. If the government detects a breach and needs to respond, they need a way to communicate that is not reliant on a single channel and they need to be able to communicate knowing that the perpetrator cannot access their sensitive discussions about their response protocol or disaster recovery plan. In short, city governments need a tool with the level of security that the IT components of their city require. Secure messaging platforms like Vaporstream provide that security. Strong encryption, screenshot and forwarding protection, the ability to wipe messages remotely while storing a single copy of messages in a client specified repository for archival purposes—these are all features that facilitate communication about IT security and incident response while protecting that very conversation. To learn more about how Vaporstream can help contact us here or view us in action.

Contributor: Kristi Perdue Hinkle