Privacy and Security in a Connected World
Could you elaborate on the challenges that the organizations will need to address related to smart city space?
At the City of Garland and all cities, the transportation system traverses the entire city. Back in 2004, we were one of the first pioneers when it came to connecting all of our traffic signals together into an Ethernet network. However, the security threats today are so much more sophisticated than they were 15 years ago. We are keenly focused on security issues much more now as we upgrade our system. These new systems have a lot more capability but those capabilities could create more vulnerabilities if they are not addressed effectively. This is especially true if there are not firewalls between systems within cities. When all of the systems within an organization are connected, the exposure increases as an infiltration could gain access to so many more systems. This also has the effect of making that organization a more attractive target. Going forward, there are huge benefits in sharing resources across departments and even with the public. However, this can only be done while simultaneously protecting yourself against attacks from people who don’t have your best interests at heart. This never ending tension results from the fact that the only way to make the systems completely secure is by ensuring that literally no one is able to get in – including your own team – but of course then it is useless to you as well. Therefore, the constant struggle is finding the balance between completely prohibiting anybody getting into the network while giving only the access necessary to be useful.
What is the strategy that you follow at the city of garland to tackle these challenges?
No one can ever promise 100 percent security as long as the human element is involved. So it’s about taking a systematic approach and tackling the challenge from every possible angle. Especially, in our case in the Transportation Department, securing the physical systems in the field. It is also, as I’ve said, putting systems with different threat profiles and different sensitivities on separate networks. I’ve heard many times that it’s never a matter of if you will be hacked but when. Therefore, if one network is compromised you are limiting the effects to only that system. Finally, the weakest link is always people. Therefore, you need to have a system where you are training your employees that have access to the network.
It’s not just about protecting yourself from bad actors hacking into your system; it’s also about ensuring that your people are aware of the threats and physically locking down your system
Our IT department at the City of Garland has done an excellent job of this. They conducted a security assessment of the employees a few years ago to assess the vulnerability of the employees to phishing attacks. This involved sending out a phishing email to all of the employees and a surprising number fell into the trap. They then sent employees through cyber security training that created much greater awareness among all employees to detect phishing emails, phone calls, etc. So again, it is not just one thing but there are many different aspects when you are looking at security including protecting yourself from bad actor shacking into your system, ensuring that your employees are aware of the threats, and that your network is physically secure.
Could you shed some light on the approach that you follow while choosing the right solution provider?
Speaking from my personal experience, I would suggest choosing providers that will listen and understand your unique needs and challenges first – then help you to determine the best solution. I would avoid those that start the conversation with a solution. I would also suggest thoroughly testing any product that you purchase to ensure that it can really do everything that is promised in the specification. I have found that far too often what the system can do is not what is expected – and often you don’t find this out until long after the vendor has moved on to the next job.
What does the future hold for the smart city landscape?
I think there is going to continue to be progress towards more connectivity. The public expects it – especially millennials as they just assume everything is going to be connected.
Right now there are limited numbers of cars that get signal information that tell you when the traffic signal is about to turn green. The next generations of this technology will connect to your G.P.S. on your phone or in the dash and will route you the way that is the quickest based on the traffic signal timing even though it may not be the shortest route. It would also let you choose the path that will save the most energy or perhaps other options by integrating all of the different things happening along your path to give you choices and options as to which is the best way to go. Of course, all of this will enable the transition to automated vehicles that will become widespread.
Could you share your secret sauce that has brought success in your career?
It is always about the people that you surround yourself with. For me, a key part of my career as a transportation engineer has been my professional society the Institute of Transportation Engineers (ITE) that has kept me in touch with industry professionals. Just as important, it keeps me updated on what is going on in the industry; the new technologies coming out, and about the latest things, the vendors are coming up with.
In addition, finding good mentors is essential to advancing and having a good direction for your career. I have always been pleasantly surprised how helpful those most influential in the industry are willing to be if you simply ask and respect their time. Finally, always give credit to those around you – never forget that it's always a team effort that gets things done.