Securing connected lighting

To secure connected lighting in the smart city, you need a vision that penetrates the fog produced by fast-evolving and persistent threats. You also need to focus on long-term prevention in addition to speedy responses to contingencies. Security is a responsibility shared among you, system users, vendors, and cloud providers, so it’s important to understand the obligations that these different players have.
 

Users need convenient access to features consistent with their roles. Vendors need to address security in each component they bring to the table, and coordinate to prevent cracks from forming at integration points. And cloud providers need to harden their physical data centers while providing encryption and network protection.

Many of the underlying technologies powering smart cities already have security protocols, but not all are created alike. Practices that suit consumer-grade IoT devices with limited numbers of users and short lifespans may not translate to smart city infrastructure. Unlike consumer devices, components of smart city infrastructure can potentially impact millions of people on any given day. These components may also need to function reliably for a decade or more. A would-be ransomware attacker must never be allowed to literally turn out the lights on a metropolis.
 

Processes that ensure adequate user credentials and server maintenance are just the beginning. Emerging standards should also be adopted wherever possible. For example, vendors and cloud providers should consider adopting ISO/IEC 2700x—Information Security Management Systems (ISMS) and the IEC 62443-4-1 security certification for product development processes. IEC 62443-4-1 evaluates code-level security risks as well as management and external threat risks.
 

Because smart city systems such as connected lighting are mission-critical for citizen safety and satisfaction, deployments should include robust, rapid failover and disaster recovery plans. There are no substitutes for many of the services a city provides its residents, and approaches to cybersecurity should honor the city's obligation to keep providing those services, whatever it takes.

Ironically, you have to be careful not to take on too much internal responsibility for smart city security. Assuming control over and exclusive ownership of data, systems, and processes cuts down on potential failure points, but you have to make sure not to overlook the bigger picture. Cybercrime is a full-time job, and fighting it requires both intense focus and an expansive vision.
 

Many of today's attack vectors are the same ones we’ve been dealing with for decades. Unpatched vulnerabilities, misconfigurations, and compromised passwords remain significant problems—and many malware attacks start inside the organization, whether an employee is malicious or the unwitting dupe of a social engineer. That said, cybersecurity attacks are evolving fast, and there is no single playbook that can neutralize every act of aggression.
 

Instead of trying to build an impregnable wall around your systems and processes, work with vendors who  take a larger share of responsibility to protect your systems. Such processes should mandate clear vendor responsibility for encryption and data security, as well as for threat monitoring and incident reporting to city leadership. Ongoing risk analysis, impact assessments, and regular penetration tests and vulnerability assessments should also be on the table.
 

At the user level, it's vitally important to carefully delegate access by role. Everyone should have convenient (but secure) access to the data and features that they need—and should have no access where they don't. Making sure that your vendors offer a sufficiently granular role-based access approach will forestall a variety of security-related misfortunes.

In addition to sharing responsibility across multiple partners, you must embed security measures into your network from one end to the other. Important considerations include on-premise vs. software-as-a-service (SaaS), human error, data residency, and data redundancy. While each of these concepts are distinct and must be considered separately, they can affect one another in complex ways.
 

For example, relying solely on on-premise systems and data storage doesn't add up to an effective risk reduction strategy. Most attacks are launched remotely, regardless of where data or applications reside. Additionally, strict on-premise policies introduce other risks, including lack of redundancy and the need for manual management, which is notoriously error-prone.
 

Comprehensive smart city solutions typically integrate several different system infrastructures, from connected lighting to enhanced mass transit, and many of these use cloud technologies to improve accessibility, availability, and—yes—security. Cloud services can be continually backed up to separate data centers with automatic capacity management and switchovers in periods of high demand or unanticipated service interruption. These services ensure that data is securely encrypted offsite, where a major weather event or other catastrophe can't wreak havoc. Leading vendors often coordinate security among several different offerings within their smart city portfolios, using cloud integration layers to ensure careful and properly vetted communications and data sharing.
 

End-to-end security should also include failsafe operation modes for essential services in the unlikely event that the broader infrastructure goes offline. For example, connected street lights compatible with Interact IoT lighting systems from Signify are designed to failover to a pre-loaded schedule when the control infrastructure is unavailable, and to store operational data locally until it can be reported to the back-end platform. This approach ensures that basic services remain uninterrupted even if a security exploit or other interruption occurs.