Wi-SUN Logo

IoT and Smart Cities: Making Security a Priority

Smart and connected cities are no longer what is desired – today, they are the expectation.

In a previous blog, IoT and Smart Cities: What are Some of the Use Cases?, we considered how smart city applications driven by the internet of things are helping to improve the quality of life of those residents and visitors interacting with the urban environments around them.

From reducing city management costs to improving public safety, enhancing convenience, contributing to net zero goals and bolstering citizen wellbeing, IoT has become critical to heightening the overall city-based experience.

If implemented and managed in the right way, these benefits can be unlocked in multiple ways. Done wrongly, however, and there can be some serious repercussions.

In this follow up blog, we’re going to consider the issue of security that was also discussed in a recent panel session for Zpryme featuring Dominic Papa, Vice President – Smart State Initiatives at Arizona Commerce Authority, myself and Seth Henneman, Senior Design Engineer at AT&T.

The Importance of ‘Security by Design’

At the Wi-SUN Alliance we take a simple approach to security that much of the telecommunications industry aligns with – that security and privacy by design must always be an imperative.

This is a principal that we almost always see in the case of cellular networks and SIM technologies, yet unfortunately it is not always the case with IoT.

Security must always be made a priority from the outset. Devices should be authenticated onto a network to ensure that communications are encrypted and secure, helping to protect against modern threats such as man-in-the-middle attacks.

The emphasis needs to be placed on reducing the opportunities for human error. Therefore, electronic mechanisms that have been created within a security-first culture need to become the norm.

During our panel discussion, Dom noted the importance of collaboration in furthering security in a collective manner, across municipalities, systems integrators, and end users.

For security by design to be as effective as possible, all parties need to share knowledge and ideas. Municipality CIOs and CTOs – project leaders – should sit down with security specialists at universities, for example, to not only discuss best practices, but also to shine a spotlight on avenues that may not have been considered within a security strategy.

While one person might be focused on addressing one particular vulnerability, another might be thinking about something completely different.

Building security solutions in a siloed vacuum without understanding all the threats and complexities is a recipe for disaster. To try to paint the most comprehensive picture possible, communication is critical to understanding some of the questions that you’re not necessarily thinking about.

Discussion will ultimately feed awareness and in turn education. Here, Seth took hold of our discussion, pointing to the importance of various stakeholders aligning their views.

“If you’re, let’s say, a sensor vendor… not all of them are security minded – they build a product that’s really good at something, but they’re not necessarily thinking about the cybersecurity behind it,” he explained. “It’s not their fault – it’s just that they’re building this to fulfil a function. And so it’s important that the people that are responsible for deploying this are understanding what those security parameters are.”

As an integrator of some of these solutions, Seth explained that AT&T addresses this by leveraging a set of standards and certifications that correspond with critical security requirements such as NIST and FIPS to reduce the vulnerabilities that may present themselves.

Indeed, reducing vulnerabilities through proper security is critical.

The more IoT deployed in a city, the more reliance there is on the city, and such solutions therefore naturally become critical infrastructure. Preventing hacks, tampering or outages is not up for debate – if they were to occur, it could cause major disruption and even endanger lives.

See the full panel discussion where we also discuss some of the exciting use cases of IoT in smart cities here: www.youtube.com/watch?v=kAx04W9RYt4