Smart Cities Turn to IoT for Physical Security
Even before the cyberattack on the local Florida water utility, Albuquerque, N.M., had taken steps to strengthen its water network defenses in partnership with Cisco. Albuquerque’s smart city plans called for extensive use of the Internet of Things, embedding sensors within key infrastructure. These sensors collect data to provide insights into the status of the environment, including technology operations and citizen interactions.
Alongside these sensors, Cisco deployed cybersecurity defenses. So, while IoT provides Albuquerque with smart water capabilities and visibility into water infrastructure, monitoring pressure, flow and leaks, cyberdefenses grant the city visibility into networks and servers. Working with Cisco, the municipality converged security for operational technology (OT) and IT through automated monitoring. The key is Cisco’s Cyber Vision solution, which ensures resiliency for industrial control systems.
Utilities Can Begin Security Planning by Identifying Assets
A recent survey by the Water Information Sharing and Analysis Center and the Water Sector Coordinating Council revealed most U.S. water utilities lack such cyberdefenses:
- 70 percent had not identified OT networked assets
- 60 percent had not identified IT networked assets
- 23 percent conduct annual cybersecurity risk assessments
- 5 percent conduct weekly cybersecurity risk assessments
As the survey demonstrates, most water utilities do not even have a full accounting of their OT and IT assets, which confounds their ability to protect those assets. An attack on the IT assets would result in a disruption of the OT assets, which in turn would halt the water supply. Similar attacks on other critical infrastructure, such as the electric grid or communications, likewise would stop those operations.
Smart cities rely on networking industrial control systems to improve utility services and other municipal operations. While cybersecurity remains an obstacle for smart city initiatives, leaders of these programs at least possess awareness of the scope of the challenge.
Automation Can Boost Security of OT and IT Assets
Cisco Cyber Vision leveraged automation to secure the water utility in Albuquerque. Critical infrastructure owners and operators can turn to artificial intelligence and machine learning to automate and also secure repeatable tasks, boosting the efficiency and stability of industrial control systems.
AI and ML can instantly detect any hiccups in critical infrastructure operations and elevate those problems for manual review. Cybersecurity breaches can occur without the knowledge of owners and operators who lack even a simple inventory of OT and IT assets in a system. But once cataloged, those assets can be monitored through automated tools that alert people to those anomalies, speeding an informed response.
These security tools are readily available. Investments in critical infrastructure would be incomplete without acquiring and applying them.