Taking the Smart Approach to a Healthy Cyber Lifestyle
The potential smart-city benefits of greater efficiency, sustainability, and responsiveness come at a price: increased cybersecurity risks from millions of connected devices. Governments are already a favorite target of attackers, with Atlanta, Baltimore, Stockholm, Johannesburg, and Hyderabad experiencing ransomware attacks, along with hundreds of smaller cities in the U.S. While the goal of most of these attacks has been financial gain, there will be much more at stake than money as cities move to smart grids.
Just some of the possible threats include cybercriminals:
- Gaining access to feeds from surveillance cameras, enabling them to coordinate other types of attacks, track law enforcement or spy on individuals to obtain compromising photos or information.
- Taking control of the power grid or water supply, creating dangerous situations and spreading fear across communities.
- Hijacking the smart-traffic system to cause accidents, create gridlock or prevent police from responding to physical attacks or other emergencies.
- Causing automotive accidents by controlling the accelerator and brakes of connected vehicles.
To prevent such attacks, most cybersecurity efforts have focused on setting up a rock-solid perimeter defense that keeps cybercriminals out. However, smart cities face the same challenges as Industrial IoT and manufacturing: complex, highly distributed, industrial systems with all the challenges of maintenance and access management combined with a distributed organization. Further, in the era of hyperconnected devices, there is no longer a single perimeter to protect, so focusing on a single perimeter using a defense in depth approach is insufficient.
Dealing with this new security environment is already an extremely difficult challenge for enterprises that have, at least in theory, far better control over their networks than a city would. Unlike an enterprise, a city government must coordinate activities across multiple departments and possible power structures. In addition, the “human problem” that enterprises face is magnified across these public agencies because it is far more difficult to conduct constant, rigorous training to ensure employees can recognize the tricks cybercriminals use to fool them into clicking on a malicious link.
Given these realities, a smarter approach to smart city cybersecurity is to balance building a strong defense with creating a resilient infrastructure that minimizes the impact of a successful attack.
A Healthy Cyber Lifestyle
Think about the human body. Most of us practice good hygiene—washing hands, staying away from sick people, putting antibiotic ointment on wounds, etc.—to prevent infection and illness. Despite this, however, we can still get sick, which in most cases is okay because the human body is resilient. We have a defense system that fights the attacking bacteria or virus to limit the damage and allow the body to heal. We can also improve this defense system with a healthy lifestyle: eating nutritious foods, limiting junk food, exercising, getting regular checkups, taking medicine when necessary, etc.
This is a great model for thinking about smart city cybersecurity: practice good hygiene to create an environment that limits the opportunity for attack, while maintaining a healthy cyber lifestyle to contain the damage should an attack succeed.
For most city governments, the first step to basic cybersecurity hygiene is to replace multiple point security solutions—which tend to leave critical gaps as data flows across the network—with a single, centralized solution for managing and protecting the entire network. Because operations and security monitoring across the infrastructure is often the key issue, an important network management approach for smart city governments to consider is an SD WAN (software-defined networking for a wide area network). Enterprises have been successfully using SD WANs for several years to centralize and simplify network management, and city governments can benefit even more from the flexibility, ease of administration, resilience and QoS (quality-of-service) that an SD WAN can provide.
To move beyond just network management, Gartner recently defined a new solution category, SASE (Secure Access Service Edge). SASEs combine an SD WAN with network security services to eliminate the gaps between point solutions and consolidate traffic inspection across the entire network, including at the edge and across multiple clouds. SASEs utilize a Zero Trust principle (never automatically trust any traffic) that includes concepts like identity-centric security (which focuses on validating identities and endpoints) and SDP (Software Defined Perimeter). SASEs also centralize and simplify the application of consistent security policies based on a city’s requirements.
When delivered as a high performance, end-to-end fully managed service, SASEs can provide the basic security services—including firewall, intrusion detection and anti-malware scanningoot—to create good basic hygiene across the entire city infrastructure. A managed service is also more flexible and scalable than an on-premises deployment, while taking pressure off network staff to constantly upgrade, patch and administer a software application, which frees them to think more strategically about network security.
With good cyber hygiene in place, next comes boosting the resilience of the defense system by establishing a healthy cybersecurity lifestyle, which includes two key strategies. The first is ensuring adequate preparation of employees. While it is impossible to eliminate all human error, agencies still need to promote the responsible handling of data. If formal training is not an option, an agency can, for example, try issuing regular reminders to employees on how to secure their social media and email accounts, keep the security settings of their devices and applications up to date, and recognize phishing and spear-phishing scams.
The second strategy is a robust IR (incident response) plan. Should an attacker successfully infiltrate a network, having an IR plan can minimize the damage and make it faster and easier to restore services. A solid IR plan requires:
- A quality IR team that starts with security engineers who can communicate effectively with the rest of the team, which may include compliance managers, HR managers, attorneys and community relations specialists.
- Effective breach detection using comprehensive 24/7 network monitoring.
- A triage strategy to rapidly assess the status of a detected breach using both available network information and the latest threat intelligence.
- A remediation strategy for eradicating the threat, investigating what went wrong, restoring services and communicating with stakeholders.
The real beneficiaries of smart cities will be the residents, who will enjoy better services and increased safety. However, to ensure these benefits become a reality, government agencies must be able to minimize cyber risks and respond effectively when attacks occur. Developing good cyber hygiene and establishing a healthy cybersecurity lifecycle is the smart approach to accomplishing this.