Cybersecurity and Connected Cities

IoT has been notable in the news over the last two years. The focus has been the connected home/lights turning on/off or colors, thermostats, coffeemakers, refrigerators, and other equipment. One area somewhat ignored in the current research has been the cities. This would manifest itself into the cameras located on the streets monitoring movements and actions, microphones to triangulate where noise (e.g. gun shot) originated from, street lamps automatically adjusting for foot traffic, and other users. These examples are for certain not the only applications for the connected city. This may be already seen in the larger cities (e.g. Barcelona, Glasgow, London, Nice, NYC, and Singapore) as this technology is implemented.

Although this will be a benefit for the cities involved and the citizens, there are certainly areas that will require additional attention to ensure the system and enterprise are working as planned individually and together towards the common goal.

This is another area of applied technology to monitor, control, and secure. Within the last four years, there has been a significant increase in the number and type of devices and connectivity. These provide more workflow and issues. To further exponentially increase the complexities, there are also the potentially unsecure and/or malware infected devices that are present. People may connect their laptop or smart phone, not knowing if their device is infected. This could cause, if there were not to be the appropriate level of segmentation, issues. These vulnerabilities in the devices are a large, significant risk.

Data science has become more pertinent in application over the last two years. The systems will be able to monitor situations or in the least record data from the environment where the connected equipment is deployed. The issue here is with storage. First, all of this needs to be stored. There is a definite cost to this of the hosted or virtual environment. Secondly, this provides a target with value for the attackers. There will also be costs associated with access, storage, and other policies & procedures directly associated with this.

Although this is a benefit for society, it is not without its risks and expense.

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.