How to Lay the Groundwork for Protecting Smart City Connectivity
Most people in the physical security industry are familiar with the 5 Ds: deter, detect, delay, deny and defend. These principles seem universally applicable for facility or asset protection use cases. But what principles should we apply in areas of open public access? Whether we call them smart cities or connected communities, one thing is certain: The mega-trends of our populations concentrating into urban areas and the Internet of Things (IoT) explosion are blurring the lines of perimeters. Infrastructure and network-connected devices are being deployed in mind-boggling numbers across the landscape of our towns and cities, where the sort of physical security principles commonly used to protect centralized assets are difficult and expensive to implement.
And physical perimeters are not the only gray areas. Systems are accessing data from third-party devices, and with the big data/open data movement, access to information is being granted more and more frequently to unknown, or at least lesser-known, users.
In this new era of distributed intelligent endpoints where standards are not yet established, what guiding principles can early adopters turn to when the objectives shift from loss prevention and asset protection to other broader goals, such as first responder efficiency, pedestrian/cyclist/vehicular mobility and safety, process control, data integrity, resiliency and sustainability.
Below is a look at two concepts practitioners can include in their governance framework as they start their city down the path to becoming a smart city not only from a technology deployment perspective, but also from the perspective of having a healthy, resilient and connected smart infrastructure.
You Can’t Have (and Probably Don’t Want) It All
There’s so much bleeding-edge technology in the market targeted at solving problems for the cities of today and tomorrow that it’s hard not to fall into the “kid in the candy store” trap. But not every platform addresses a problem your specific community is facing. So, prioritization becomes more important than ever.
If you’ve never watched Simon Sinek present on “always start with the why,” I recommend you do so next opportunity you have a few spare minutes. The core principle is the easiest concept in the world to grasp. To paraphrase, before you do anything, clearly define why it needs to be done. If there’s not a clear and definable why, then scrap the idea and move on to something of real importance. Local governments rarely have surplus capital just waiting to be spent, so it’s important that spending is laser-focused toward solutions to actual problems. By starting with the why, a city can avoid throwing money at a “solution in search of a problem” simply because someone became enamored by a good sales pitch about a cool new technology.
The city of Atlanta successfully defined their “why” before committing to expenditures to upgrade technology along North Avenue, a primary east/west corridor through the heart of the city. It’s common knowledge that traffic congestion in Atlanta is a challenge, but a closer look at data revealed accident rates along North Avenue were nearly double the rates along other corridors of similar lane count and traffic volume. Furthermore, they put the spending decision of roadway upgrades directly in the hands of the citizens in the form of a ballot referendum, which passed overwhelmingly. City stakeholders knew they had a safety issue that needed to be addressed, and they knew it had public buy-in, so their “why” was very clearly defined.
The North Avenue Smart Corridor project was $3 million of a much larger transportation infrastructure upgrade in the city. North Avenue is now considered the smartest corridor in Georgia. With strategically deployed technology they were able to provide measurable results to an identified problem unique to their community. North Avenue is now a true multi-modal transportation corridor where vehicular travel times were maintained despite lane reductions and new provisions for cyclists and pedestrians, and a 25 percent reduction in traffic accidents along the corridor has been achieved. The project has received recognition from the American Council of Engineering Companies and at the Smart Cities Expo World Congress as a project of the year in its mobility segment.
If answers to the question “Why?” don’t always appear this clear for the multiple stakeholders in your local government, don’t lose heart. My recommendation is to develop a prioritization matrix so once a problem is identified, a decision can be made regarding things like: how important it is to deliver a solution, how much money should be directed to the solution, whether the solution delivers results with equity across the community and so on. The questions you want answered by your matrix will be unique to the values and goals of your community. The matrix should be a guiding light, not a law. The smart cities movement is still young, and most early adopters are true innovators, so I don’t advise that a framework be so rigid that it restricts creativity and diversity of thought.
Securing the Infrastructure and Devices
It’s no longer “if,” but “when” a cyber vulnerability will be discovered, or your organization will be targeted. Since smart cities leverage software platforms and distributed network endpoints and sensors, it is critical that technology vendor partners share common security goals with your city.
Like all networked devices, IP surveillance cameras and other IoT sensors are certainly not immune to cyberthreats. The first layer of cyber defense should be performed long before any device resides on the network. Once a municipality has determined that it makes sense to become a smart city, products should be qualified pre-purchase to ensure they offer the right balance of configuration options, allowing them to fit the policies and security standards put in place by the city's CIO/CTO office. The more configuration and protocols built into the product, the more versatile it will be over time, so if your department’s policies and security standards change, the product will be more likely to survive and maintain compliance on the network without require unique exceptions.
Some clients running mission-critical systems also prefer to source network-connected products in a manner that allows them to have a direct communication link and relationship with the organization that develops their own source code and API. While OEM relationships may help bring products to market at affordable prices, that additional layer can be a buffer between client and provider. This can result in negative experiences for the client should a situation ever arise that requires a technical support case to be escalated. Many end users, particularly those running open-architecture best-of-breed solutions, find valuable peace of mind in knowing they have a direct communication path to the firm that developed, owns and supports the source code, should the need ever arise.
Regardless of how you choose to define the term “smart city,” one constant is the need to ensure the stability and security of the infrastructure and devices that support these initiatives. The best time to address this challenge is in the beginning stage of a project. Municipalities must first determine whether a smart city initiative is viable and then take the proper steps to select the equipment and partners that will support and help secure the entire platform that makes up the project from design through deployment and beyond.
By applying the above concepts, cities can get off to a good start that will provide the reliability and security required to maintain connectivity in a smart city.