More people live in urban areas now than at any point in history, and as those numbers continue to grow, new technologies are becoming more and more ubiquitous. Interconnected infrastructure brings many benefits, but it also comes with its own set of challenges and vulnerabilities as large municipalities look to protect their critical assets and systems from cyberattacks.

With so much data traveling through these huge cyber infrastructures, attackers who penetrate even seemingly innocuous points of the network can gain access to many other devices and troves of data — including residents’ personal information. Some vulnerabilities have already been exposed. For example, multiple power grids have been penetrated, and in some cities the technology used by ambulances to turn traffic lights from red to green has been hacked.

In short, once a city has adopted interconnectivity and gone “smart,” it has opened itself up to boundless risk.

The National Institute of Standards and Technology is taking steps to address these risks. They’ve established a framework for addressing cybersecurity, data integration, and sharing for IoT-enabled smart-cities. These best practices serve as a baseline for municipalities as they establish their security standards.


Be Policy Smart – It may seem obvious, but it is critical to consider risks as well as benefits. When it comes to IT policy, implement guidelines for data privacy and use them from the beginning to ensure employees always work securely.


Protect Individual Identities First – Each piece of a large infrastructure may have different rules or access standards. Ensure that all access credentialing is synchronized in order to eliminate weak points in the network and protect residents’ identities.


Secure Information at the Source – Before taking a system live, city managers must have an accurate understanding of how much data will be collected from each connected device. With the proper planning, data can be secured and encrypted from the very beginning, rather than putting out costly fires later.


Standardize the Need to Know – Implement protocols so that each person in the organization has access to the information they need and none that they don’t. Once these boundaries are established, teams can work openly within the connected infrastructure with complete accountability. Users are identified and authorized, promoting a culture of cybersecurity in the organization.


Implement Appropriate Deterrents – Legal consequences for cybercrimes are not always clear and are often limited. Fines and sentences should be reflective of the increased interconnectivity of today’s world.

As more municipalities invest in becoming smart cities, it is critical for these organizations to take into account the risks that accompany the many conveniences of a connected community. An interconnected infrastructure requires proper controls and implementation to ensure it remains cyber safe in the face of growing complexity and more sophisticated attacks.

Vericlave was recently one of four companies to receive a 2019 IoT Evolution Smart City Innovation Award for its work within the Smart City ecosystem. Read More