Logo of Centium
Contact Us

Can it be smart if it's not secure? Preparing Local Councils for cyber-safe 'smart' city infrastructure

June 21, 2021

The buzz term of recent years in local government has been ‘smart cities’ – a pretty exciting concept for those people working at the heart of delivery services in our communities. Billions of connected devices instantly translate our physical world into the digital realm by capturing and analysing data about our surroundings in real time.

As examples across the developed world are already proving, it’s no exaggeration to say that the IoT (Internet of Things) has the potential to dramatically transform how we live and work, including:

  • Digital factories in countries such as Japan and the USA are operating at previously unimaginable levels of efficiency and flexibility to scale to the market
  • Farmers are now able to increase productivity and improve sustainability at the same time
  • Our cities offer residents all kinds of new integrated work and lifestyle services at lower cost
  • Consumers are able to access a range of applications that make their lives more convenient and their homes safer
  • Building energy usage can be reduced by 20%, saving on emissions and costs.

Connecting our homes and workspaces can deliver enormous efficiency, safety and convenience benefits. Yet the networks of sensors, the data they collect, and the complex software and algorithms used to analyse the data are now combining into IoT ecosystems that challenge traditional governance approaches.

The rapid growth of the IoT raises critical concerns about its security.

The question needs to be asked: is it smart to connect multiple infrastructures and new built environments, without designing and factoring in security against potentially debilitating cyber attacks?

Think of that classic movie scene – from virtually any era you might belong to – where a city is bought to a standstill by criminals in control of a city’s traffic light system. They are able to flee the crime scene after a heist, with the city in gridlock and police unable to pursue them.

Now extrapolate from this to the smart city environment. We don’t need to paint some kind of doomsday picture. But the fact is if we think about all the smart sensors we are deploying across local government infrastructure, to collect data in order to make services more efficient, or to optimise other characteristics to serve our communities, the compound effects of a cyber attack are magnified.

Smart cities really are not smart unless they are secure. IoT environments are different in a number of critical ways to what we might consider ‘traditional’ connected environments. The vast number of interconnected devices and sensors in the IoT environment offer hackers a huge choice of points of entry or attack.

Devices such as routers that aggregate IoT data may have numerous vulnerabilities. Most IoT vendors offer their own devices and network elements, with different security features, capabilities and levels of protection, making it very difficult to develop industry-wide security protocols. Many IoT systems are connected to sensitive corporate and government networks, offering hackers especially tempting targets.

Time for improved security awareness and revised governance arrangements

It’s time for a new set of governance arrangements around ubiquitous connectivity – the IoT and smart cities – to safeguard our built environments, our food production and every aspect of our interconnected world.

We need to get this right for the safety of our citizens. Already, there are more connected devices than people in the world, and it is predicted that by 2025, 41.6 billion devices will be capturing data on how we live, work, move through our cities, and operate and maintain the machines on which we depend.

When we reach ubiquitous connectivity, which is not far away, the consequences of a major cyber attack will be of a far different scale to those we regularly read about in the news today.

Perhaps one of the biggest risks we face is the relative lack of awareness of security amongst the community. We are recently witnessing Government agencies taking cyber security training for their staff seriously. However, what is further required is for all workplaces to take a far greater responsibility for public awareness of ‘security by design’.

As the tipping point of connectivity is reached, where more everyday ‘things’ are connected than not, there will be an urgent need to remediate any organisations that do not have strong basic cyber security measures in place. This will need to be augmented by more specific standards and certifications for industries with particular exposures.

How local Councils can benefit from secure smart technology

Smart technology represents huge opportunities and enables many benefits across council and community settings. There are already many examples of projects across NSW where technology is being used to enhance the lives of the citizens of NSW, including:

  • Sensors detecting the presence of activity and lighting up public areas, saving Councils thousands in electricity costs – and making areas safer at night
  • Pavement integrated sensors sending real-time updates (and historical data) of traffic flow to automatically adjust traffic lights
  • Rubbish bins fitted with sensors telling collectors when they need emptying

IoT technology has also been successfully used to help fight the COVID-19 pandemic, utilsing smartphones and wearables to monitor social distancing and aid contact tracing.

But it’s not an easy job for our local Councils to concurrently deliver a diverse range of community services, while also ensuring the cyber security of its essential services and operations. The incredibly fast pace of digital change, compounded by the impacts of recent events like drought, bushfires, floods and the COVID-19 pandemic, means that Council finances are stretched to the limit. Leadership is thus required to ensure the implementation of best practice security standards, and to ensure that the ‘crown jewels’ of local Council infrastructure are protected with the relevant cyber security controls.

Last year the State Government’s $45 million Smart Places Strategy assisted some NSW local Councils with the uptake of smart technologies. Conversations with local government officials reveal that funding is beginning to trickle down from the State to local level with some targeted resources provided. However, we can’t under-estimate the scale of the challenge facing Councils as the owners of some very significant infrastructure, as it becomes more connected.

To successfully address these challenges, Councils will need to start:

  • Mapping out all local authority infrastructure and its connectivity
  • Identifying which pieces of infrastructure they consider to be ‘critical’ (i.e. if they fail the lights go out)
  • Assessing the critical inter-dependencies between each piece of infrastructure
  • Following guidance laid out in the ISO37100 series of Standards on smart cities

Technology now reaches into most aspects of our lives, whether we live in a ‘smart city’ or not. It guides our spending decisions, directs us home, informs our holiday plans, tracks our movements and aids our productivity in many ways. This places even greater importance on ensuring the continuity of and security of services to ensure we are rarely, ideally never, disconnected. The Audit Office is rightly taking what this means for the security of both State and Local Government very seriously, by reaffirming their commitment to an audit programme of NSW Council cyber security in the remainder of 2021.

Centium works closely with a number of Local Councils and State Government colleagues to implement information security best practice. We ensure these agencies are compliant with all requisite standards and their staff are trained in their roles and responsibilities. We also test the preparedness of our client’s response to potential threats by conducting tailored, real-life simulation scenarios.

For a free, no obligation conversation about getting started with the next phase of your cyber security journey, call Centium’s Director Cyber & IT, Scott Thomson, on 0412 562 797 or contact us online.

Our Clients