The term "data breach" has made a whirlwind of headlines this month — ironically National Cybersecurity Awareness Month — as companies like Equifax and Yahoo have fallen victim to compromised systems that have leaked a wealth of client data. It's not a new problem, yet the influx of security breaches has caused companies to shift from prevention strategies to identification strategies — and such actions are not limited to the corporate world.
City security is just as much of a priority, and just as at-risk. Dallas was the victim of a citywide cybersecurity attack earlier this year when emergency sirens were activated over and over from an outside source, causing the city's Office of Emergency Management to ensure the 155 siren sites now have "constant encrypted communication."
Of course cities are hacked in various other ways too, including power grid outages and data breaches. The increasing popularity of senors and connected devices across metropolitan areas have fed the appetite of hackers looking to more accessibly disrupt the safety and security of even the most common places. When lawmakers introduced the Smart Cities and Communities Act of 2017 earlier this month, they did so with a security focus. The bill will aim to "improve the quality and performance of smart city technologies while assessing and enhancing cybersecurity and privacy protections," yet as cities wait for the bill to move forward, they will need to take the lead.
During the recent Smart Cities Week in Washington, D.C., Kelsey Finch, policy counsel at the Future of Privacy Forum, led a discussion highlighting what cities must do to safeguard privacy. Below is the transcript of Finch's top five steps toward a more secure city, which she outlined during the session.
Commit to security. It is, in fact, the most important. You need security all the way through the lifecycle and to develop it through the supply chain. You need to do due diligence be sure you're not handing it off to somebody who it turns out to just be a vendor that gets hacked and suddenly you’re a target and in the news for all the wrong reasons.
Embed privacy by design and privacy by default into new technologies, but also new uses of data. Things that would surprise people.
Be fair and equitable as you're developing technologies. You need to think about whether new solutions are going to have disproportionate impacts on your community, or if the benefits and risks will improve different people — and how you're going to handle that.
Be transparent. Smart cities and other technology partners have complicated legal obligations that they have to balance but accountability and public trust is everything. If you don't have trust, you won't be able to work with the people around you.
Think local. You need to engage your communities in designing and implementing technologies because what works for our city isn't going to work for the next. If you look at smart cities solutions with a one-size-fits-all mentality you'll miss out on opportunities to ensure your technology investments will last.