Needless to say, smart cities are increasing across the world. However, a key element to any smart city initiative is the Internet of Things consisted of connected devices. This inevitably results in cybersecurity issues.
Needless to say, smart cities are increasing across the world. However, a key element to any smart city initiative is the Internet of Things consisted of connected devices. This inevitably results in cybersecurity issues. Countering security threats, then, becomes an effort that requires cooperation between all stakeholders, from SIs to vendors.
That was the point raised by
Axis Communications in a recent
blog post titled “Joining forces to mitigate smart city cybersecurity threats.”
“Cities are becoming smarter as we speak. But the technology cornerstones of smart cities – connectivity, big data and IoT devices – not just offer possibilities to develop more livable cities They also make cities more vulnerable,” the post said. “Many smart city projects – regardless of focus area – are potential targets for cyber criminals. To manage this threat is not a one-man job, but a collaborative effort that goes across organizations and stakeholders.”
According to the post, a security policy that caters to the specific characteristics or needs of a city is key to ensuring cybersecurity for smart cities. “Many of us wish for a universally applicable solution, but as each organization has specific and unique cybersecurity needs, there is no such cybersecurity configuration. Instead, it is important to have a set of information security policies in place to define the scope of security required,” it said.
Scalable and efficient device management is also critical, the post said. “When you have hundreds, or even thousands of connected devices – whether street lights, garbage cans or cameras, it is critical that you can perform upgrades and configurations automatically in bulk, rather than manually,” it said.
A shared responsibility
Yet more importantly, the post pointed out that keeping cities safe from cyberattacks is a collaborative effort among different stakeholders. Who these stakeholders are and their responsibilities are summarized as follows.
- Integrators and installers: According to the post, they need to ensure that all installed equipment is patched with the latest updates and run a sophisticated virus scanner, and it is also a joint effort with these stakeholders to ensure a solid strategy for passwords, management of remote access, and maintenance of software and connected devices over time.
- Distributors: This is more applicable to the so-called value-add distributors, who need to consider the same aspects as integrators and installers, especially when they buy equipment from a manufacturer and relabel under another (or own) brand, the post said. “Transparency is key. The origin of the equipment must be clear to the user,” it said.
- Consultants: According to the post, these players should be clear in specifying maintenance for the system’s lifetime and be transparent about the potential costs associated. The challenges of using OEM/ODM equipment, where cybersecurity responsibilities often are unclear, should be a part of the overall discussion around cybersecurity as well, it said.
- Device manufacturers: For manufacturers, they carry several responsibilities – ranging from not including intentional backdoors and hard coded passwords, to supplying tools for affordable device management and informing channels and partners regarding vulnerabilities, the post said.
- Researchers: According to the post, they often discover device vulnerabilities. “If the vulnerability is not intentional, the researcher typically informs the manufacturer and gives them a chance to fix it before publishing it. However, if a critical vulnerability has an intentional character, they often approach the public to raise awareness amongst the users,” the post said.
The post concluded by stressing the importance of preparedness. “The number of connected devices in cities will continue to grow rapidly and cities will be affected by more or less severe cybersecurity incidents. Therefore, it is necessary to be well prepared,” it said. “By working together, we can ensure that cities are better prepared to address the constantly evolving cybersecurity threat, and remain capable of reacting fast if the threat materializes.”