#222 – SMART CITIES AND RISK MANAGEMENT – JAMES KLINE PH.D.

Posted on by

aIMG_4231Introduction

Smart cities and the Internet of Things are slowly becoming a reality.  However, as information technology becomes implemented into government activities, they become increasingly at risk to cyber-attacks.   

This article examines the implications of a 2017 report from the U.S. Center for Infrastructure Protection and Homeland Security (CIP).  The report provides an understanding of smart city development.  This development creates risk and problems which must be recognized and dealt with.

Digital Government/Smart Cities

Smart City development is the technological extension of Electronic (E) Government.  E Government is government’s use of computer and electronic devices.   There are two objectives for E Government. The first is to improve communication with citizens.  The second is to improve operational efficiency.

With the improvement of microprocessors and the expansion of the internet, every day devices and government facilities are increasingly being linked.  For cities, this linkage includes traffic signals, trash receptacles and water and waste water systems among others.  By linking them and having the devices communicate means they are providing information.  Information government can use to improve operational efficiency and customer service.  The interconnection of such devices via the internet is termed “Internet of Things” (IoT).

The CIP report list the following as the general parameters which are being incorporated into smart cities. These are:

  1. Smart Governance and Education – an extension of governments uses of technology to communicate with citizens and the use of on-line interactive educational courses.
  2. Smart Healthcare – digitization of patient information, remote monitoring and other applications, such as surgery and consultation, to provide better patient care.
  3. Smart Building – lighting, heating and security linked via the internet and accessible via mobile devices or computers.
  4. Smart Mobility – driverless vehicles, sensors on road ways, traffic monitoring and warnings provided to mobile devices.
  5. Smart Infrastructure – the embedding of sensors into the infrastructure to provide information on traffic congestion and traffic counts.
  6. Smart Technology – use of technology to collect and communicate information and control devices, such as automatic switching on power grids and automatic meter reading.
  7. Smart Energy – thermostats which monitor room temperature and can be adjusted remotely to save energy, solar panels which automatically adjust to movement of sun, and automatic adjustment of lighting based on movement of building occupants.
  8. Smart Citizens – governments’ use of crowd sourcing information to develop information on crime, environmental problems, traffic accidents etc. on a real time basis.

CIP Report

The CIP Report is a review and assessment of Smart Cites development in the United States.  In 2016, there were approximately 1.6 billion IoT devices in the United States.  By 2020 it is estimated that there will be more than 30 billion such devices.  It is estimated that local governments will invest $41 trillion over the next twenty years in smart city development.  In addition, in 2017 the Department of Transportation allocated $165 million for smart city development. The funding focused on the development of solutions to ease congestion and improve pedestrian and driver safety.  The National Science Foundation allocated $60 million to smart city development. The money is for tracking air quality, noise and traffic congestion. Thus, both federal and local governments are committed to smart cities development.

The expansion of smart city funding and the rapid desire to become a smart city, is creating several challenges.  Chief among them are economic, technical and risk management. The economic challenge arises because of the replacement and repair costs associated with new technologies.  Incorporating the IoT in existing infrastructure may cost a significant amount, while the benefits may be perceived as low or undeterminable.

Technological challenges arise primarily because of the lack of security associated with IoT.  Some smart cities have already experienced malicious attacks, unintentional collapses of critical infrastructure and systemic failure that quickly spread through the systems networks.  In many cases, network security problems arise because the older technology is not totally compatible with the new technology.  This can create security gaps which can be exploited by attackers.

The risk management problem arises because the city becomes fixated on the near term and specific projects and forgets to take a holistic view.  The development of smart cites with systems capable of resisting attacks or other causes of failure, require long term thinking and an enterprise wide perspective.  This long term thinking by necessity needs to be linked to the application of risk management principles.  While the CIP report does not specify these risk management principles, federal agencies are required by OMB Circular A-123 to implement Enterprise Risk Management (ERM).  It is likely that the OMB implementation guide, “Playbook: Enterprise Risk Management for U.S. Federal Government”, will provide these risk management principles.

The CIP report makes several recommendations.  The most important of which is the need for federal agencies and smart city implementers to develop a common understanding of common risks and possible mitigation strategies. It is believed that such an understanding and the standardization of risk management principles will ultimately help the IoT applications become more resilient.

Conclusion

The development of Smart Cities is proceeding at a rapid pace.  Local governments in the United States are expected to spend around $41 trillion in the next twenty years integrating their activities into the IoT.  This is in addition to what the federal government will contribute to develop capabilities to monitor air and noise pollution, traffic congestion and improve resilience.  The improvement of resilience is the making of smart cities more resistant to adverse risk events, such as cyber-attacks and natural hazards like floods and hurricanes. Toward this end, the CIP report recommends that federal agencies work with smart city developers to identify common risk factors and standardize risk management principles, which can be applied in a holistic manner.  While the CIP does not specify the risk management principles, it is likely the principles will be shaped by the federal ERM policies.  In addition the federal government will ultimately link smart city funding with ERM, as a way of ensuring resilience and implementation success.

BIO:

James J. Kline is a Senior Member of ASQ, a Six Sigma Green Belt, a Manager of Quality/Organizational Excellence and a Certified Enterprise Risk Manager.  He has over ten year’s supervisory and managerial experience in both the public and private sector.  He has consulted on economic, quality and workforce development issues for state and local governments.  He has authored numerous articles on quality in government and risk analysis. He can be reached at jeffreyk12011@live.com

Leave a Reply

Your email address will not be published.