Around the world, globalization and the advent of technology have made modern settlements rebuild themselves into digitally smarter, sustainable versions of themselves. With modern populations becoming more and more digitally literate, governments, and by extension, modern cities have to reorient their definitions of basic necessities and incorporate digital innovations to facilitate ease of living and improve digital connectivity.
In essence, a smart city strives to build an infrastructure that integrates the management and visibility of all its services from a single operations center. However, along with the concept of digital smartness comes the necessity to secure such systems and the inherent risks that need to be addressed before building such systems.
Ever since the launch of the Smart City Scheme by the Indian Government, Tier 1 and Tier 2 cities across the nation have been striving to integrate IoT into existing supply chains to dynamically improve the way in which the needs of the residents are being addressed. While this endeavor may result in a streamlined process, improve operational efficiency, and result in better economic and environmental sustainability, the fact remains that for such smart city conceptions to become a reality, massive amounts of data need to go through IoT devices as well as the cloud/on-premise data centers being used by the government in question.
In this scenario, it wouldn’t be implausible to mark smart city projects as some of the most vulnerable to cyber-attacks. With attackers increasing the intensity as well as the frequency of breach attempts in recent times, a smart city security strategy that is designed to make smart city infrastructures resilient to cyber attacks is the need of the hour.
The Data Quandary
Smart cities have to deal with massive amounts of open data, which form the basis of better management and deployment of smart technologies on such a large scale, on a city wide level. In a connected environment such as a smart city, compromise of a single device would be akin to pushing a single domino in a stack and lead to an imminent fall of the entire infrastructure. As such, concerns with regard to privacy are bound to arise. In fact, over the past two decades, these cities have historically been the victims of some of the most common types of cyber attacks, including Data Theft, MITM, and DDoS attacks. This means that when it comes to a resilient security posture, governments tend to ignore that aspect, a decision that would come to haunt them back later.
Incorporating Security for Smart Cities
The push for Zero Trust has been global in recent times, and Smart Cities would do well with the implementation of the Zero Trust Strategy as well. The Zero Trust Strategy, which twins itself with a tagline of “Never Trust Always Verify,” hinges on three basic principles,
- Least Privilege Access: Zero trust Models don’t rely on network locality as a factor for determining trust. This means that any device or any asset wishing to connect to the network or access critical resources is innately distrusted from the outset. Even when trust is established, access is provided only on a need to know basis or a least privileged basis
- Continuous Authentication and Authorization: Zero Trust Models continuously and independently assess the risk associated with each access request, and review the context of each request before granting access
- Monitoring and Visibility: One of the most important pillars of a Zero Trust Model pertains to visibility and monitoring of all network traffic and granular control over who accesses what.
A Zero trust Strategy would definitely go a long way towards securing IoT-based infrastructures from cyber attacks. But while IoT Security has to be addressed when it comes to framing cyber security strategies for smart cities, but it shouldn’t be limited to that. Governments of the day tend to focus on using multiple point solutions to prevent cyber attacks, an approach that leads to fragmented visibility and a web of vulnerabilities. Instead, governments need to assess the market for newer, disruptive solutions and approaches that converge security possibilities into a single concerted approach to security. Forrester’s Zero Trust Edge and Gartner’s Secure Access Service Edge speak about an amalgamation of existing security technologies into a single solution that leverages Zero Trust principles to remove any scope of vulnerabilities.
Of course, Smart City Security must not limit itself to the security of the devices but extend to securing the human aspects of the infrastructure. To ensure the same, security teams need to implement the following:
- Deploying a 360-degree monitoring and visibility infrastructure. Maintaining complete visibility is necessary because the identification of the source of a breach in real-time can lead to rapid mitigation
- Cyber Hygiene practices amongst the workforces, backed by stringent access policies
- Integration of the security stack into a single centralized solution that can identify threat vectors and recover from incidents rapidly.
- Using a combination of security devices, human controls, and physical devices to build a resilient security setup
As cities improve their technologies, the risks are bound to multiply as well. In this scenario, a long-term strategy that focuses on securing not only devices or data but also identities and users becomes the need of the hour. Cyber security for the city of the future is an indispensable part of every city’s growth story and will continue to be so.
Contributed by Sandip Kumar Panda, Co-founder and CEO at Instasafe