Smart Cities Need to Keep Cybersecurity in Mind – Techstrong TV
Karen, Senior Cybersecurity Strategist at VMware, and Charlene discuss smart city cybersecurity—why security is not baked into smart city infrastructure tech from the beginning, what the major vulnerabilities are, and how we go forward from here. The video is below followed by a transcript of the conversation.
Charlene O’Hanlon: Hey, everybody, welcome back to Techstrong TV. I’m Charlene O’Hanlon, and I’m here now with Karen Worstell, who is the senior cybersecurity strategist over at VMware. Karen, thank you so much for joining me today, I really do appreciate it.
Karen Worstell: Thank you so much for the invitation.
Charlene O’Hanlon: I’m interested in talking with you about smart cities, and specifically cybersecurity of smart cities. It’s really kind of a fascinating topic for me, because I’ve been talking about or reporting on smart cities and writing about it for almost ten years now. It seems like the technology itself has improved dramatically, and more areas are adding smart cities technology to their infrastructure.
But we’re not talking a lot about cybersecurity when it comes to smart cities, so interested in talking to you about that, and where you kind of see the market right now and what that means moving forward. So, can we kind of do a lay of the land right now? What’s happening in the smart city infrastructure area, and then we can kinda dive into the cybersecurity aspect.
Karen Worstell: Sure. Yeah, I’d like to just lay the groundwork, just for the understanding of what smart cities is truly trying to attain. With 70 percent of the world’s population going to be living in urban centers by 2050, the idea that we can use technology as an opportunity to actually improve quality of life for people in urban centers everywhere.
So, it’s about delivering services in a more equitable and just way. It’s about making access to education, access to healthcare, access to the services, and to improve environmental quality. So, smart cities encompasses a whole lot of things, and I think that we’re still sort of sussing out what that really means in terms of the way we’re going to deliver the infrastructure.
I think what is true, what is for sure, that we’re going to be using a 5G infrastructure, because the bandwidth for the delivery of this volume of traffic and the speed with which we need to have processing happen at the edge, all of that is going to be in place I think relatively soon.
We have the ability to do now very specialized applications in the cloud, so if we do cloud-native applications, we can do very fast DevOps to deliver services in new ways and get those out to people. We still have a lot of challenges to resolve in terms of the implementation of this across multiple municipalities, so if you take a look at Denver, where I live, we have a whole collection of independent municipalities that make up what people would call metropolitan Denver.
They have separate ways of approaching, for example, their technology or their IT or their management. So, we have to federate things together, and our infrastructure needs to accommodate difference as well as create commonalities to make smart cities viable in these large urban centers.
Charlene O’Hanlon: It’s definitely a huge challenge for a city, for a municipality, to undertake, and when you’re talking about having to connect these smart cities, these different municipalities, that is a big, big job. I wonder if – have we started it wrong?
Should we have kind of laid the groundwork for having more of an open blueprint, if you will, for having a smart city infrastructure, one in which we do know that the cities can connect the services and the infrastructures to create a much more seamless environment? I know 5G is gonna help a lot, but it’s not the cure-all.
Karen Worstell: Well, there’s groups in telecom, for example, with O-RAN, that they’re working to create a more open environment so we don’t end up getting locked into all these proprietary solution sets. To be honest, I think there was a lot more momentum towards smart cities until COVID hit, and then all of the resources in every municipality everywhere went towards handling the pandemic.
So, we’ve had a little bit of a pause – it feels like a pause to me, anyway – and I think one of the things that we can look forward to is in the meantime that the technology has advanced. We now have a true multi-cloud solution set where we can operate in multiple clouds and have a seamless infrastructure between them.
That is new, and that’s gonna be helpful. So, I think we’ve gotten more advances in the technology that help us move forward. Now what we need are a lot of demonstrations and proof of concept, and broad, I would say, test labs, innovation labs, where we’re pulling these things together in a collaborative way.
Where we’re demonstrating the IT/OT and the security aspects of everything that’s out there on the edge that’s necessary for the implementation of these smart cities. Then how are we going to manage that back in the back office, like across the far edge, the edge boundary, and into our cloud infrastructures, where the apps and everything are residing.
So, we have a lot of stuff to figure out, but I think that the way that’s gonna happen is by groups coming together and showing the viability of this, and getting some early adoption and moving these things out into real-world.
Charlene O’Hanlon: I would imagine that the pause, to your point, the pause that we experienced with smart cities because of COVID has kind of actually given organizations and municipalities time to really think harder about how they’re going to hopefully, thinking about how they can better secure these infrastructures.
Really, if the COVID lockdown has taught us anything, it’s that no company is immune to cybersecurity threats and ransomware and just the level of cybersecurity activity that went on, that has been going on since the beginning of the pandemic has really shone the spotlight on cybersecurity within organizations and the need to make sure that they do have end-to-end security.
So, I wonder if, as these smart city efforts start to ramp up a little bit more, if there is going to be or actually happening now a bigger and much more extended conversation about cybersecurity and making sure that by implementing these smart technologies that they’re not actually setting themselves up for a massive cyberattack.
Karen Worstell: Yeah, you know, the last couple of years, a whole lot changed. A whole lot changed. So, now we have workforce at home. It has changed the dynamic in the city tremendously. We learned a lot of things during the pandemic. We learned about the need for being able to create equity access to technology.
Because we saw real-world examples of school children who didn’t – school children who are sent home with the assumption that they’re going to use a computer and have access to the Internet, and they’re trying to do all of their schoolwork from a mobile phone because they don’t have that.
So, we’ve learned a lot more about the way the world operates and where equity really needs to be paid attention to. So, there’s a motivator there for delivering and getting smart cities services out there. We also saw a gigantic uptick in cybercrime, as you mentioned, and so now we understand, like, we live in a zero-day world.
If there is something that we’re deploying out there and it’s going to open an avenue into a city infrastructure, it is absolutely going to be exploited. There’s just no question. The idea that we can deploy things insecurely, like we used to do, and then patch them later, is a nonstarter.
Charlene O’Hanlon: Right.
Karen Worstell: So, there is more attention being paid to this. There’s more urgency in trying to get services out the door and figure out how to make this happen. We really need them. And at the same time, we now know you can’t just rush them out the door. They have to be deployed with security in place. That’s just not even – I don’t even think that’s a debate anymore, which is new.
Charlene O’Hanlon: That’s really good to hear, yeah. So, where do you think we are on smart city adoption as more organizations and more municipalities take keen to the I don’t even of understand – well, they understand the importance of these smart technologies in helping them basically improve the standard of living for all of its’ citizens and residents. But where do you think we are on that adoption curve, and do you think that cybersecurity is becoming more of a topic of conversation among the organizers of the smart cities?
Karen Worstell: Well, I will say for the projects that I’m aware of – and I’m sure there’s many out there that I don’t see – but right now, there’s proof-of-concepts and demonstrations of capabilities that are happening in very specific use cases, like free and low-cost transportation.
There was a project that was deployed last year here in Golden, Colorado for transportation between campuses at the school of mines and other locations within the city, all in self-driving, autonomous vehicles. That’s a smart city project. Looking at – I’m using Colorado examples – but the My Colorado app, which is an app that holds all of our documents securely in order for us to be able to pull up whatever required identifications are needed in different venues – that’s another smart city application use case.
Having a full-blown smart city application or series of applications that cover all use cases, we’re not anywhere close to that, but I think we’re making progress. What I’m really looking forward to is these collaborative efforts between the public sector and the private sector, like, big companies, who are going to bring the technology and help the public sector.
Like the Colorado Smart Cities Alliance is an example – pull together these demonstrations, together with the universities who are involved, and try to make these labs where we have the use cases using the 5G infrastructure come to life, and that we can demonstrate what are the new threats that we might – and the vulnerabilities in this environment that we might need to be dealing with, and then having those built in with solution sets from the get-go.
Because there’s a challenge there, right? We have done a lot of work on end points, and there’s just a ton of good work out there right now for managing end points in enterprise environments. When you go to smart cities, we’re dealing with OT and IT devices that are managing our electrical grid, or they’re managing our water supply, or a variety of different things that we haven’t really integrated the security that’s needed and the engineering that’s needed for the security and safety of those environments.
And have a way where that kind of seamlessly integrates across that boundary at the edge of the network, so that we’re managing everything seamlessly or have visibility of everything, and we understand what the threat factors are out there, and we’re doing something about them.
So, there’s projects that are needed to be able to show how that’s all working. It’s kind of a new frontier. We’re just expanding the edge of billions of new devices that generally have been not deployed with security built in, and now we have to figure out what to do with that.
Yeah, so there’s quite a bit of work, I think, that needs to be done before we see wholesale smart city use cases in action everywhere, and we’re gonna basically work to get these proof-of-concepts running so that we can learn from them and figure out how to do large-scale deployments. What does smart city look like at scale.
Charlene O’Hanlon: Yeah, and I agree, and I think it’s great technology there. There are so many unknowns, though, and we’re talking about IT and OT, operational technology. That traditionally hasn’t really been connected to the Internet. It’s been kind of this castle and moat deal, where there was no chance of getting in and actually being able to attack the infrastructure, because it really wasn’t connected to anything.
But that’s changed over the last couple years, so there’s definitely been a movement to connect everything, and obviously that does introduce a level of vulnerabilities that didn’t exist. When we’re talking about an entire network that is connecting everything from the trashcan on the corner to the municipal buses to your handheld device, it can be scary if the cybersecurity isn’t well thought out, because bad things could happen.
So, I’m really interested in keeping up with what is happening on smart city front, and learning more about it as we go along. So, Karen, I hope we can have future conversations about smart city technologies and the ways, hopefully, it will help improve our way of life, whether we’re in an inner city, uber city, or living out in the ‘burbs. So, good stuff there. Thank you so much, Karen, I do appreciate your time.
Karen Worstell: Thank you.
Charlene O’Hanlon: All right, everybody, please stick around. We’ve got lots more Techstrong TV coming up, so stay tuned.
