Ultimately, at a time when threats can come from anywhere, smart city leaders must question the security of their technology, software solutions and systems. They must establish what is called a “zero-trust” cyber policy that verifies the stability and security of every file and every device.
A zero-trust mentality means every file and every device – including data and technology associated with smart cities – pose a threat that must be authenticated at all times. Only such a singular focus on threat prevention and process creation will mitigate risks.
Today, many cities struggle with IoT security because there aren’t any widely accepted security standards or processes to follow. The National Institute of Standards and Technology recently established an IoT-enabled smart cities framework to address cybersecurity, data sharing and integration, and New York City is preparing to publish best practice IoT guidelines in 2020. But these are suggested standards, not requirements for implementing smart-city technology.