Information security is a concern when it comes to smart city technologies. Tripwire found out as much when it commissioned Dimensional Research to speak with 203 IT professionals working for state and local governments about the digital security challenges of implementing smart city initiatives.
Out of those who responded, 88 percent of IT professionals said a digital attack against a smart city posed a threat to public safety. About the same proportion of respondents (78 percent) felt the world would likely see an attack against smart city services in 2016, while more than three-quarters of survey participants (83 percent) expressed concerns over actors targeting initiatives responsible for managing public transportation services.
Most individuals in IT are concerned about the digital security of smart cities. That much is clear. But are those feelings overblown? Maybe municipalities devote sufficient budget to protect smart city technologies against targeted attacks. Or perhaps they invest in initiatives that are generally safe from digital offensives.
To get a better understanding of the security state of smart cities, Dimensional Research asked the 203 IT professionals of Tripwire’s 2016 Smart Cities Survey – Smart Grid to go deeper with their responses.
When asked if smart city initiatives are important, almost three-quarters of respondents (74 percent) answered in the affirmative. That explains why their jurisdictions have invested in such a broad array of technologies including public Wi-Fi networks (20.4 percent), surveillance cameras (17.9 percent), and public lighting (11.6 percent).
But there’s a problem. Respondents revealed public Wi-Fi networks and public lighting to be most at risk from digital attacks at 27.0 percent and 12.7 percent, respectively.
Meanwhile, almost one in five (18.6 percent) IT professionals said smart grids, which help manage city power systems, are most at risk.
Rekha Shenoy, vice president and general manager of industrial cyber security for Belden, Tripwire’s parent company, feels these perceptions aren’t enough for companies to protect themselves against digital attacks:
“Smart grids can help optimize utilities, but bring additional cyber security and regulatory challenges. Respondents to this survey seem to recognize these threats, but their smart city initiatives need further refinement. Identifying smart city cyber risks is just one step; smart cities need to translate this recognition into action.”
Unfortunately, few companies are doing anything to address those threats.
Dimensional Research observed that more than half (55 percent) of respondents feel their cities aren’t devoting enough digital security resources to their smart city initiatives. They feel a variety of factors are at play, with insufficient budget (32.1 percent), politics (31.6 percent), and a poor understanding of the risks (23.2 percent) primarily to blame.
Tim Erlin, senior director of IT security and risk strategy for Tripwire, agrees that there is a clear absence of security when it comes to smart city technologies:
“Security isn’t usually glamorous, and it can be difficult to sell the need for added time and cost on a project, even when it’s to ensure that services are secure. Smart city initiatives are pushing the technological envelope for urban infrastructure management, and it’s clear from the survey results that cyber security is being left out of the conversation.”
But organizations aren’t powerless to do anything. As Shenoy adds:
“Municipalities are dazzled by the promises of the Industrial Internet of Things, which can bring cost savings and improved efficiency. However, the dazzle will wear off quickly if smart city initiatives can’t keep up with new threats, regulatory requirements and hidden costs. In order to succeed, smart cities must actively protect their critical infrastructure.”
Municipalities can learn more about how they can protect their critical infrastructure by clicking here.
Alternatively, they can visit Tripwire at booth 1 at NERC’s annual Grid Security Conference (GridSecCon). The conference will take place October 17 – 24, 2016, at the Hilton Quebec in Quebec, Canada.