Smart Cities Need Smarter Security

smart-citiesDo you live in a “smart city”? You may be surprised to learn that your local municipality has adopted smart technologies such as Internet of Things (IoT) enabled devices. Examples of how local municipalities are using these devices include traffic monitoring and local weather monitoring and data collection. In Boston and Baltimore, for example, smart garbage cans communicate their current capacity so municipal systems can devise the most efficient routing for disposal services (Source: Forbes).

A booming movement

So, what makes a city “smart,” besides internet-connected devices? According to Forbes, cities around the world are using technology to improve the lives of their community members. They are leveraging big data to improve infrastructure decision-making in terms of design, construction and maintenance (Milton Keynes, England) and implementing fiber optics to support high-speed internet access and Wi-Fi to support the connection requirements of IoT (Barcelona, Spain). Clearly, there are many opportunities for cities to become smarter. Smart city technology is expected to grow to a $135 billion industry by 2021 (Source: TechRepublic). As cities become smarter and more technology-driven, they are expected to see greater efficiencies and improved resource management. As the connectedness grows so does the target for hacking. Therefore, all of these systems and data must be protected.

Securing smart cities for the future

From managing critical hydro and electrical systems to handling sensitive voter registration data, the technology that enables modern living should be secured against cyber-attacks. If you’re a state, local, tribal, or territorial (SLTT) government organization looking to get “smart” when it comes to technology, you don’t have to go it alone. There’s a cybersecurity community for U.S. SLTT governments at the Multi-State Information Sharing and Analysis Center (MS-ISAC).

MS-ISAC membership is free of charge and provides SLTT organizations the tools and resources they need to defend themselves from cyber threats that target smart cities. MS-ISAC members include community service organizations, public school systems, law enforcement agencies, state offices and more.

Learn more about the MS-ISAC

Monitoring for threats

In addition to finding a security community to share threat intelligence and hardening resources, SLTT government organizations should invest in network monitoring through an Intrusion Detection System (IDS). An IDS compliments protections like firewalls and antivirus to regularly analyze network traffic against known malicious signatures; it can also provide advanced threat protection by generating NetFlow logs (traffic between computers and the Internet) and comparing traffic logs to the activity which has been associated with malware.

Albert-Process

However, an IDS is only as good as its signature set. A robust IDS will incorporate signatures from multiple verified intelligence sources and update often, ensuring the latest threat monitoring.

Albert, an IDS for SLTTs

Many SLTT government organizations rely on Albert Network Monitoring. Albert sensors leverage a unique, SLTT-focused signature set developed through years of expertise working with government organizations. Albert’s signatures are updated once daily, providing the latest security monitoring for SLTT networks. When a threat is detected and a signature match is found, an alert is sent to the 24x7x365 Center for Internet Security Security Operations Center (CIS SOC). In the CIS SOC, cybersecurity experts focused on SLTT security analyze the alerts to eliminate any false positives. For Albert sensor alerts that are confirmed malicious, the CIS SOC analyst notifies the affected SLTT entity and provides information about security best practices to help.