Where Smart Utilities Meet Cybersecurity

As the Internet of Things begins to permeate city infrastructure, several cities are teaming up with their utility providers to take advantage of smarter, cleaner utility delivery with connected technologies. In fact, the IoT and analytics market for utilities is expected to grow to over $5 billion worldwide in the next 10 years, according to a report by Navigant Research.

But, with the benefits that accompany these evolving tools also come new security concerns that cities must tackle before they can realize full potential of connected tools.

Cities and States Turn to Smarter Utilities to Improve Services

Many cities have already begun to look to energy grid modernization or smart technologies. In Cary, N.C., city officials took advantage of the need to upgrade water meters in conjunction with a smart city initiative to make the jump to connected tech and reap the benefits of its data tracking capabilities. Citizens can now better monitor their water usage, and the city can spot leaks before they turn into a major water bill.

Boston is also on the fast track to smart utilities thanks to the Boston Smart Utilities Project. The program, established in 2016 by the city and the Boston Planning and Development Agency, aims to develop “strategies for more equitable, sustainable, affordable, resilient, and innovative utility services in the City of Boston,” in part by incorporating innovative technologies into the underlying utility infrastructure.

Meanwhile, some localities are moving toward even larger goals. While many states are implementing technologies to modernize their energy grids, both the city of Portland, Ore., and the state of Hawaii have set goals to operate on all renewable energy by 2050.

SIGN UP: Get more news from the StateTech newsletter in your inbox every two weeks!

A Comprehensive Strategy Can Protect Connected Utilities

While modernization is clearly beneficial for a number of reasons, it also comes with a number of security concerns.

A recent report from Navigant research points out the potential threats to energy grids and other utilities posed by new security vulnerabilities. The report specifically points to how the growing adoption of IoT devices expands the number of threat vectors, leaving digital assets, private information, corporate secrets and even physical safety, at risk.

“The mushrooming number of IoT devices being deployed by utilities and other enterprises carries an obvious and growing security risk,” Neil Strother, principal research analyst with Navigant Research, says in a press release. “Smart managers need a comprehensive strategy to stay ahead of potentially devastating threats to IoT assets. No longer can managers rely on an old-school reactive approach; instead, they and their security teams must adopt the latest proactive and predictive tools and methodologies to keep devices and systems safe.”

Moreover, in a recent interview with StateTech, Mohamad Amin Hasbini, a security researcher at Kaspersky Lab, echoed this concern for IoT security, particularly when it comes to the utilities that citizens rely on.

“The risks are very serious,” Hasbini says. “Small examples of things going wrong could be a sensor sending wrong data or a service inaccurately stating a bill was not paid. These issues could stop a house, for example, from receiving water or electricity. It also could even report a false fire or incident, or not report one when there is a real, dangerous fire.”

The strategies for protecting utilities mirror those for protecting IoT devices in cities. They include embracing a robust security strategy, setting up a response plan in case utilities are breached and — perhaps above all — providing strong and constant security training to all employees, according to the Navigant report.

Most importantly, the best defense is a good offense. Cities that plan for possible breaches and disasters and take security seriously are already on the path to keeping citizens and necessary services safe.

This article is part of StateTech's CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.