Smart cities and critical infrastructure have a major challenge when it comes to cybersecurity. The rapid adoption of IoT technologies, the convergence of IT and OT environments, the drive toward ubiquitous connectivity, and resource constraints are all major challenges when it comes to implementing a good cybersecurity program for smart cities and infrastructure. At the same time, many end users and owner/operators lack standard cybersecurity policies and procedures in their organizations.
The recent ARC Forum in Orlando featured a track on smart cities and infrastructure where we had two experienced end users share their experiences in justifying and implementing cybersecurity programs in both the smart buildings and water and wastewater application segments. These two applications really embody a broad spectrum of requirements for cybersecurity. The municipal water/wastewater industry is more of a classic ICS/SCADA environment governed by critical infrastructure standards and practices, while be building automation segment is more focused on adopting new technologies like remote access. Both segments share the challenge of a legacy installed base of controls and sensors.
It’s Time to Make Smart Buildings Cybersecure
Khanh Nguyen, Vice President, IT- Enterprise Applications at Kilroy Realty Corporation, discussed the development of his company’s cyber-security strategy for the monitoring and control of its many connected and intelligent buildings. The big push to the adoption of IoT and remote connectivity resulted in a large number of connected buildings with remote access, but these remote connections were not always secure. Building automation systems are also frequently left exposed and have historically been a vector for cyber-attacks. Kilroy wanted to adopt a standardized approach to technology and architecture that leveraged the IoT and would enable a future path to data analytics and edge intelligence. The company applied this same philosophy in the selection of their cybersecurity vendor, which in this case was IOTium, which provides secure mass deployment of IoT technologies that also allows for continuous monitoring and centralization of user access and provisioning.
Critical Infrastructure Must Modernize its ICS Installed Base for Cybersecurity
Shay Geisler, the I&C Administrator for the East Cherry Creek Valley Water & Sanitation Department gave his organization’s take on the importance of cybersecurity in a critical infrastructure application. ECCV is located in the Denver Colorado Suburbs and provides drinking water to around 50,000 people. Like many end users in the process industries, ECCV had to start with a control system modernization project to avoid current vulnerabilities associated with legacy operating systems, software, and tools. Rather than try to secure the existing outdated infrastructure, ECCV decided to do a complete PLC/RTU and radio network upgrade. ECCV chose Bedrock Automation as the primary controls supplier. The selection was made specifically for their intrinsic security model and associated speed and encryption capabilities.
Stay Tuned for More Cybersecurity and Smart Cities Coverage
These two forum case studies present some interesting contrasts when it comes to user priorities and concerns for cybersecurity within the smart cities and infrastructure segment. Smart building owner/operators are more aggressive about adopting new technologies such as IoT and remote monitoring, sometimes without fully considering the impact of cybersecurity. ARC will continue to cover cybersecurity technology and spending trends and we’ll have videos of this session coming soon on our YouTube channel.