(Post by US Ignite Smart Cities Big Data Program Manager, Praveen Ashok)
The convergence of physical and cyber infrastructure has opened the door to a wide array of opportunities and technological advancements in the smart cities segment, giving local governments the ability to try out new IoT-based services, use new data-driven decision-making tools, and apply artificial intelligence and machine learning to infrastructure management. This transition towards digitization holds great promise for improving citizen quality of life. But at the same time, it also exposes the vulnerabilities of citizen data and the need for communities to adopt best practices to combat the threat of cyber attacks.
Communities not only need to protect themselves against digital intrusion, but also develop response plans to ensure resiliency if and when an attack does occur.
Several standardization and regulatory agencies – including NIST, ENISA, ANSI, ENEA, ETSI, and others – have already begun the work of establishing guidelines to improve digital security and mitigate smart city risk. That’s a positive development overall, but it can also make it difficult for cities to choose which standard or set of guidelines to follow. The good news is there’s room for flexibility. And perhaps most importantly, these agencies and research organizations now offer tools for cities to assess their individual environments and determine what frameworks make the most sense for them. As an example, NIST includes an assessment tool as part of its Consensus Framework for Smart City Architectures.
As communities have started to realize the importance of cybersecurity, some like New York and Georgia have set up their own cyber commands to secure local infrastructure. Not all communities will be able to make that same level of investment, but all should be able to put some new guidelines in place as the digitization process unfolds, ideally creating a unified smart city cybersecurity strategy targeting the specific needs of their own citizenry and government operations.