Cisco’s Smart Connected Communities – Are They Securely Connected As Well?

I attended a Cisco Systems briefing early this week about its Smart Connected Communities initiative. Once again Cisco demonstrated its forward thinking by bringing together various government initiatives under the umbrella of what they call Smart Connected Communities.  A Smart Connected Community is built on IP-based infrastructure. This means that all of the critical components of a city infrastructure like utility, transportation, healthcare, commercial buildings, and emergency response systems connect via an IP-based network.

Overall, it was a good update briefing. But I was surprised to hear just how confident Cisco is that securing this networked infrastructure is a no brainier. When I asked the presenter: “Given that network infrastructure is not nearly as robust and secure in some emerging geographies, how are you planning to ramp up the backbone and make the network secure enough end-to-end to run smart services?”

The presenter agreed that we need to strengthen the network backbone and provide sufficient bandwidth and robustness to run smart services.  However, I was astonished to hear that he thought security is not as much of an issue. In his opinion Cisco is well versed in providing a secure infrastructure and they have implemented security in diverse environments like the financial, retail, and government sector.

Unfortunately, I’m not sure I share Cisco’s confidence. If security is that easy to implement then why are so many companies incurring heavy fines when they regularly fail compliance mandates. Day in and day out, why do so many companies worry about business and partner access as they expand their global operations? Why are utility companies light years away from being secure, as evidenced by their meters and power distribution systems that are prone to security breaches? In the smart connected environment, healthcare, financial institutes, retail, utility, and transportation companies will need to comply with industry-specific compliance requirements as well as broader government regulations to make the puzzle even more complex. Walking the path to this smart connected infrastructure comes with a magnified set of challenges for CIOs and CISOs. Among many things they will have to manage thousands of IP endpoints connected on the smart backbone.  At the same time, B2B security will become imperative as they would interact with many non-conventional partners that they’ve never dealt with in the past.

My take? Security should be at the top of the list when building these smart connected communities. We haven’t solved this challenge by a long shot. In fact, I fear it can prove to be the Achilles Heel when integrating disparate components together.   

I’m interested in your thoughts. What role will security play in Smart Connected Communities? Is Cisco right, we’ve already got it all figured out?

[posted by Usman Sindhu]



re: Cisco’s Smart Connected Communities – Are They Securely Con

Smart Cities is yet another "centralized control" scheme. It's designed to place more information and power in the revenue collecting authorities' hands. It's not, for all the bluster and eco-benefits, not to help the consumer. Ultimately, these micro-billing capabilities, the ability of discerning individual home's power usage, may be employed to charge premiums for certain "non-environmentally friendly uses.In terms of Cisco promoting this concept, can we all agree that Cisco's appetite for new markets is insatiable? With an overhead like theirs they can just settle to sell a Flip video camera or Linksys device to every American. That won't sustain the style in which they have become accustomed. They need city-wide, state-wide and nation-wide coverage. This way they can wrap all those "value-added services" into the mix and meet analyst projections for years to come!....I digress.If it's IP and internet-connected there is the possibility that someone can hack it plain and simple. Any promises that these kind of systems are secure is pure snake oil. And considering what I've seen coming from Cisco and others (self-defending network) I wouldn't believe anything they say.