This post is sponsored by Johnson Controls.
Connecting buildings, systems and individuals is fast becoming the norm rather than the exception in cities focused on growth and efficiencies. But with connectivity comes the risk of cyberattacks, making cybersecurity programs critical to creating secure environments that foster confidence and growth.
Here we talk with Jason Rosselot, director of global product cybersecurity at Johnson Controls, about how cybersecurity affects local governments.
Why is cybersecurity important at the local government level?
As more cities use embedded computing, sensors and the Internet of Things to connect everything from building systems to traffic lights and parking spaces, they enjoy improvements to operating efficiencies and services that accompany the collection and exchange of data. But connectivity also brings with it increased risk to city data, systems and infrastructure. Cybersecurity protects information systems from theft or damage to hardware, software or information by identifying, managing and mitigating the risks posed by online fraud, phishing tactics, malicious software and terrorist activity.
What are the consequences for a local government that lacks a cybersecurity program?
In the absence of a cybersecurity program, local governments face multiple threats to information that must be protected, including salaries, health reports, tax records and personal contact information. They also need to safeguard systems essential to protection, communication and learning, as well as critical infrastructure, such as water and wastewater systems, electrical grids, fire and rescue operations, traffic control and street lighting systems. Compromising any of these can interrupt city services and put citizens at risk by either depriving them of services or exposing personal information.
What trends are you seeing in the area of cybersecurity?
As focus shifts from information to operational technology, conversations about servers, email and databases are expanding to include making cities more efficient by bringing technology onboard. As a result, IT and cybersecurity professionals are continuing to protect against loss of data, confidentiality, integrity and availability. They’re also looking at control systems and critical infrastructure, identifying the associated risks and taking actions to mitigate them.
The federal government is leading the cybersecurity charge, issuing executive orders focused on cybersecurity and programs and guidelines developed by the Department of Homeland Security and the Federal Bureau of Investigation to encourage state and local governments to enact their own cybersecurity programs. Even resource-constrained local communities are beginning to see the advantages of risk management as opposed to crisis management.
What approaches can local government take to cybersecurity?
Local governments often lack resources to employ a cybersecurity professional, so it is important that they choose the right partners for business, technology, services, etc. This means asking questions about cybersecurity during the procurement process and making value-based rather than cost-based procurement decisions. It also means following best practices, such as making cybersecurity a priority, understanding that a breach can result in severe consequences and then taking the necessary steps to ensure breaches don't occur. Fortunately, a number of resources are available through federal agencies that provide standard policies and procedures local governments can adopt to secure their data, systems and infrastructure.
Does a cybersecurity program offer local governments benefits beyond the obvious security advantages?
As cities provide free wireless in public spaces, they attract young professionals eager to connect to the internet wherever they are. This same group also knows the risks that come with free access to wireless connectivity. So by providing both connectivity and cybersecurity, cities will likely attract businesses and professionals, better positioning them for growth.
By requiring cities to inventory their IT and building automation systems (BASs) and identify the associated risks, a cybersecurity program also helps bridge the gap between facilities and IT employees, helping standardize previously siloed policies and procedures. Additionally, the process of mitigating cybersecurity vulnerabilities often identifies additional functionality within a BAS that can contribute to improved energy efficiency and operator productivity.