Three Questions To Ask Your Local Leaders

Mary Writz is VP of Product Management at ForgeRock, a global leader in digital identity.

Right before our eyes, new technologies are changing the way cities operate and improve the lives of their citizens. Especially true in urban areas, smart city technologies promise to deliver more effective planning and optimization of municipal services like traffic management, waste collection, public safety services and road maintenance.

At its core, the concept of smart cities takes traditional municipal devices, infrastructure and layers in a combination of sensors and internet connectivity. This transforms familiar structures into connected ones that communicate with each other and collect data to make services faster and more efficient. The demand and market for smart city technology are skyrocketing as the federal government prioritizes infrastructure development.

With more cities embracing connected technologies, a key challenge on the horizon is the lack of clear guidelines for how security and privacy will be implemented. As someone who examines the intersection of cybersecurity and identity every day, there are three key areas business and government leaders, as well as citizens, need to consider to effectively protect the livelihoods of citizens of existing and soon-to-be smart cities.

What happens if a smart city device or management system is hacked?

The existential security heartburn with a smart city system is an age-old challenge for any type of digital transformation. Although internet connectivity unlocks great ways to improve our lives, it also creates or expands the attack surface. For example, it’s pretty hard to hack an insulin pump that isn’t connected to the internet. But as soon as that pump gets connected and is considered “smart,” it becomes accessible to bad actors. Similarly, smart cities are putting a lot of devices online that have never been online before, creating new targets for attackers to exploit.

To add a layer of complexity, smart devices also face physical threats (such as a water meter that’s exposed to the elements) and are harder to update than standard laptops or phones, so installing security updates takes longer and demands more resources. From a drastic weather event to a nation-state attack, the opportunities for issues to arise multiply with smart city technology.

But, that shouldn’t be cause for alarm. Like all security protocols, good preparation allows for better protection. Regular risk analysis and targeted disaster planning should be incorporated into planning efforts and is already the norm for large enterprises. There’s no reason this can’t be implemented by local governments as well.

What happens if a malicious actor impersonates a city device?

When a human logs into their bank account, a lot of work goes into ensuring that the human is exactly who they say they are. This often happens through a password or some kind of biometric measure, such as a fingerprint. When connected devices need to securely identify themselves, it’s more challenging to trust that the connection isn’t a fraudulent impersonation because you can’t ask a device to enter its password or scan its face.

It’s technically possible to bake in a very high level of trust into a smart device, but it has to be established at the time of manufacture. With the proper root of trust represented as an identity token, we can elevate that trust to be much better. The challenge is that this process is fairly expensive, and there isn’t yet a standard of enforcement across smart cities. What would be the worst-case scenario? A malicious actor could impersonate a plethora of insecure smart city devices to send a bunch of bad data that triggers automated responses (think about bad traffic management).

Thankfully, this is already being addressed at the national level. The National Institute of Standards and Technology (NIST) is working on a Smart Cities and Communities Framework series to help provide best practices and guidance. Although this is still a work in progress, it represents a solid first step that will only improve with more funding and resources allocated to it.

How much of our citizen data is on smart city devices, and what are your rights?

One of the most pressing elements of smart city implementation is the consideration of citizen privacy and data ownership. Although most smart city devices have sensors that don’t collect personally identifiable information about citizens, they do have data that can be associated with users (e.g., smart meter or video surveillance). Because smart cities deployments are largely related to data collection, citizens have a right to know how their data is being used.

Anecdotally, many citizens seem willing to give up some privacy if it’s returned by better service or increased safety. But it’s unclear exactly what’s being collected from citizens who live in smart cities, and unless you stay inside all of the time, it’s difficult to “opt out” or “request to be forgotten” by a basic utility you use every day.

The solution will likely need to fall into clear policies and regulations to give confidence and transparency about what’s collected, how it’s used and what levels of “opting out” are possible and available. The first step to this is transparency around what’s collected that’s attributable to individuals, and that begins with voters and policymakers making this a priority.

Smart cities hold a lot of promise. But with any new innovative technology, security and privacy must not be forgotten. Trust, security and privacy implications have to be prioritized as much as convenience. And although there might be hiccups along the way, the intersection of convenience and security is possible when citizens, governments and business leaders ask the right questions and answer them with action.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Source link

Leave a Reply

%d bloggers like this: