In-brief: Cities and state governments often lack the expertise in cyber security that could help them properly assess the risks of smart city projects, including so-called “cyber physical” risks. (Editor’s note: updated with comments from Chris Rezendes of INEX.)
Forward thinking cities like Boston are charging ahead with “smart city” initiatives that promise to remake the way government operates. But even as pilot programs for smart street lights, pothole detecting mobile apps and energy conservation move ahead, elected and appointed officials worry that security and privacy issues are falling by the wayside.
Cities and state governments often lack the expertise in cyber security that could help them properly assess the risks of smart city projects, including so-called “cyber physical” risks, in which attacks on software running connected systems results in physical damage to infrastructure or even people. Even worse: guidance and leadership from the private sector on information security has not been forthcoming.
That was the consensus of officials at an event in Boston on Monday that examined the road ahead for smart city deployments in the U.S. While the notion of cyber physical risk is understood, city officials said that they have little capacity to assess the risks posed by new technologies.
“There’s a risk as you change both the information technology and operations, but there’s also a lot of confusion,” said Stephan Walter*, the Program Director at Boston Mayor Martin Walsh’s Office of New Urban Mechanics, a civic incubator. A shortage of professional staff who are fluent in information security makes it challenging even for wealthy and technologically sophisticated cities like Boston to know what questions to ask.
[Read Security Ledger coverage of smart cities.]
“There’s not a lot of (information security) knowledge in the city, especially in areas like procurement,” said Walter. Echoing comments often heard when the topic of public sector information security comes up, Walter and others said that private sector information security and technology firms often struggle to understand the unique needs and limitations of government. “It would be great if we had ambassadors from technology companies and not just sales people,” he said. “There needs to be some middle ground where (technology industry) people understand the problems of government.”
Boston, one of the nation’s hubs for technology entrepreneurship, is investing heavily in technology as a way to make city operations more efficient and also lower barriers between residents and City Officials. The Monday event, which took place at the downtown offices of Foley & Lardner, a leading law firm, was co sponsored by INEX Advisors and brought together civic leaders as well as representatives from technology firms like GE, Analog Devices and Dell with public figures including Jasiel F. Correia, the 24 year-old mayor of Fall River Massachusetts and Katie Stebbins, the Commonwealth of Massachusetts Assistant Secretary for Technology Innovation and Entrepreneurship.
The Monday event, which focused on securing smart city deployments, attracted interest from as far away as Singapore, whose government sent representatives to observe pilot connected city and environmental deployments in Eastern Massachusetts. The interest confirms the Northeast as a regional “supercluster” of IoT experimentation, with smaller cities like New Bedford, Worcester and Fall River all exploring pilots, said Chris Rezendes of INEX Advisors.
Still, Stebbins noted that Massachusetts – like other states – was a land of technology “have’s” and “have nots.” Walter, speaking for Boston, highlighted cutting edge developments like the Boston’s Citizens Connect mobile application, the redesign of paper based permits and applications as well as StreetBump, a mobile application that senses potholes on Boston streets and automatically reports them to the City’s Department of Transportation.
Speaking for Fall River, a former industrial center and port city that has fallen on hard times, Correia said that his city is in dire need of advice and counsel in all areas related to technology, with many city functions still reliant on manual processes and stuck in a pre-Internet age.
Still, concerns about privacy and security loom over even innocuous smart city deployments and other efforts to leverage so-called “Big Data” analysis to make government work better.
Travis Sheehan a fellow in the Energy System Planning department at the Boston Redevelopment Authority (BRA), noted that a City pilot to do thermal mapping of Boston homes and businesses to help improve energy efficiency ran into trouble with civil liberties activists, including the ACLU, who argued that the aerial and street level photos violated citizens’ privacy.
Talking about the BRA’s research into the use of local “micro grids” which use local power generation and storage to power small clusters of facilities, such as hospitals, universities, office buildings, Sheehan noted that the security risks of micro grids are mostly unexplored.
Attendees at the event noted that smart city deployments are still silo’d, with vertical applications and “islands” of data. Few, if any cities have a mature data governance model that would both connect different vertical applications and (in theory) provide for security and privacy.
The absence of a strong identity framework that would allow residents, officials and employees to interact with smart infrastructure is a major hurdle. Researchers have also warned about the danger that masses of “anonymous” data collected from environmental sensors could, when analyzed, be de-anonymized and used to aid government surveillance.
(*) Correction: an earlier version of this story incorrectly identified Mr. Walter as Kris Carter from the Mayor’s Office of New Urban Mechanics. The story has been corrected.