No one has a road map for securing a connected city – but there should be a whole atlas of such maps.
Here at CES, Toyota just announced plans to build a 175 acre (70 hectare) playground in Japan to test connected cities, complete with cars, buildings and real residents willing to be something of ongoing beta-testers. While this promises to be closely watched by the industry, it also points to the need to get some test-world feedback prior to launching connected cities in the real world.
Not so with most of the exhibitors here who merely dream of a connected city and hope for the best. Who will secure it? Where will they get the budget? Where will they get the high-priced expertise to make it all run? These, and a host of other related questions will come to the fore in 2020. No one has a good road map.
Some cities are making progress and are trying to work with the National Institute of Standards and Technology (NIST) to develop a framework eventually. This is good progress, but the cities that are taking the lead have very high tax bases to fund such initiatives, have invested heavily to build and own the infrastructure necessary to “encourage” third-party providers to play nice, and have buy-in from local legislators. All of these things must be in place to have a chance of making it all work. They usually aren’t.
I recently sat at a county planning meeting where officials wrestled with 5G rollout being foisted upon them. Those in charge at that meeting had to have 5G explained at a fundamental level. This means they’re not really in a position to weigh in as experts on issues like granting development permits that mesh with county initiatives and a future path to becoming a smart city. It’s not good. It’s also not rare.
RELATED ARTICLE: Smart cities must be cyber‑smart cities
International Data Corporation (IDC) predicts that between 10% and 30% of IoT-related smart city projects will fail next year due to a combination of poorly defined outcomes, a lack of understanding of vendor offerings, and limited funding and stakeholder engagement – a sobering prediction.
Once a city becomes willing, it has to generate a raft of legal documents to set the stage. Here’s where, hopefully, NIST will do the heavy lifting.
After that, it has to actually be built – not just a piece of it, but the whole comprehensive plan.
It’s one thing to secure a single piece of the ecosystem; it’s quite another to secure the whole ecosystem. Ask the operating system developers how that works, with many programs fighting to share resources, resolve conflicts and avoid blame for malfunctions. How would this work in a smart city?
Presumably, the municipality would be open to lawsuits when things go wrong, or at least vulnerable to escalating insurance premiums in case things go wrong. It’s unclear to smaller, non-tech-savvy cities with tighter budgets whether the benefit will outweigh the expense of going the smart city route.
But they may be forced into it, anyway.
Remember when bring-your-own-device (BYOD) started hitting the workplace and IT groups scrambled to do damage control and put some management systems in place? What few BYOD management suites were available either lacked full-featured management, or were broken altogether? Every IT department went into defensive mode until issues could be resolved. But BYOD still happened. This is that, but for cities.
Eventually, the needed safeguards and standards will be trotted out, but will be preceded by years of infighting amongst the stakeholders.
What can you do to prepare?
Now is a good time to take stock of your systems and decide whether they come outfitted with security by design or merely as an afterthought. If data are protected by default at rest and in motion, breaches in the ecosystem will be less impactful. If, on the other hand you decide to leave security up to the ecosystem itself, the road will be much rockier.
Meanwhile, cities will be scrambling to find information and budget to make it all work. That will take a while. As that clock ticks, you can still work to secure your own data in the best way, so when smart cities are foisted upon you, you’ll be safe. Well, safer, anyway.
written by Cameron Camp, ESET We Live Security