Show how these projects can benefit the public. The public will not accept privacy risks if benefits are framed as merely a reduction in costs, or revenue generation for the city. City officials have to explain the intangible benefits of smart city projects, such as less air pollution, increased energy efficiency, safer intersections and smoother traffic flow. Such benefits can raise property values and make urban areas more desirable places to live.
Recruit the best staff possible. In developing smart city projects, local governments will encounter some of the same staffing difficulties familiar to anyone in the private sector: a shortage of IT talent, and an even larger shortage of cybersecurity skills. This will only increase the inherent security challenges of these projects. To ensure success, municipalities may need to turn to vendors with significant expertise, and develop a talent pipeline of civic-minded coders interested in building better cities.
Explain the city’s data collection policies to the public. City officials need to develop clear policies that minimize the collection of personally identifiable information and aggregate and anonymize information in ways that prevent people from reverse engineering data to identify individuals. Cities need to maintain strict control over sensitive systems, with emphasis on strong access control and privileges.
Develop an API security plan. Digital transformation in the private sector has spurred a significant reliance on APIs, and this will be the case in the public sector as well since many of these smart cities devices interface with applications through APIs. However, APIs constitute a growing attack vector, and they are expected to be one of the biggest targets of attacks by 2022. All digital transformation projects - smart cities projects included - need to ensure API security.
Segment networks. City IT departments need to segment networks to prevent an intrusion in one project from spreading across the entire city. It’s especially true for data collection practices. Organizations should maintain separate accounts for data storage across departments.
Secure IoT devices and sensors. Pay attention to the vulnerabilities found in IoT devices, which can have glaring security flaws. Don’t rely on default passwords, as security researchers have caught many smart cities projects doing and invest in top notch IoT security.