Smart Cities – IoT – IIoT Conferences : Cyber Security has left the Building

smart cities bitmap smallGiven the number of events covering Smart Cities and Critical infrastructure you would be mistaken for believing the security issues and challenges facing IoT, IIOT and OT are well covered. Unfortunately, this is not the case. Often, the cyber presentations are tacked onto the end of the conference or sidelined to a small room off centre stage.
Perhaps cyber security infringes upon the ” IoT / IIoT” kumbaya possibilities” and raises questions and concerns that are best left for others to address? Or perhaps, it’s an area of little interest and not deemed necessary at such prestigious events. After all, who wants to hear about the Ethics and Privacy Implications of these new technologies when you can demo a flashing, beeping, new IoT gadget? Moreover, for the price of an email address and mobile number possibly take one home. Stick around folks, the end of conference draw is coming soon.

Either way, most of the food has been eaten, medals awarded, and the delegates have had their fill of presenters and special offers.

Cynical? No doubt. Incorrect? Possibly not. Of course, a great deal of goodness comes from these IoT / IIoT conferences, however not enough time or consideration is offered to the other side of the coin. The cyber coin.  With recent data protection legislation and disclosure requirements the need to ramp up the cyber dialogue at these events is long overdue. Event delegates need to understand and apply this knowledge to their digital strategies, data management controls, and perhaps most importantly, to their ethical responsibilities toward communities, employees and the private citizen.

Some would suggest these primary obligations are as important as deciding whether to go with the self-driving bus, intelligent bin, or self-steering tourist submarine as their first foray into “Smart Technology”.
Urban developers, engineers, councilors, critical infrastructure specialists need to be advised on the risks and responsibilities of any solution. Not just the benefits. They have a responsibility and in many cases it is also the law.

Smart Cities, intelligent grids, building services, and an array of other industry sectors are reliant on these new smart technologies to improve cost efficiencies, service delivery, sustainability goals, and user convenience.
However, at the core of these success stories is the establishment of trust. Without trust these initiatives will not reach their full potential. In return for this trust citizens across the board, across the social and political divide require their privacy and data to be protected in accordance with best practices and increasing according to the law. This it is not a case of filling delegate heads with “cyber tech stuff” rather a case of bringing it all together for the best, most considered, and ultimately most satisfying results.

Many would argue we have cyber conferences for that sort of thing. Have you attended a cyber-conference lately? Everyone knows what is going on? It serves a different purpose. It updates the faithful. The interested. It serves an incredible purpose, but it serves a different purpose. Cyber security now extends beyond the cyber crowd, the IT crowd, into areas of decision making and corporate spend that may not be inclined to attend such cyber events. May not see a need too. You would expect to see a security specialist, cyber advisor, possibly even a CIO present at a cyber-event. How about a hotel precinct or smart cities developer? An urban planner, engineer or city councilor? I would say probably not. However, within current IoT digital eco-systems and their all-pervasive nature, they would do well from better understanding their ethical responsibilities and business risk profiles.

Perhaps there is a way around this. Obviously drive cyber security up the conference totem pole, but also establish engagement models between business/community leaders, urban developers, engineers, service vendors, cyber advisors, privacy and data protection advisors, to create a more collaborative and responsible smart technology sector.
At the risk of never being invited to speak at a conference within the foreseeable future, I believe this is the way forward. A dual approach. Additional and defined representation of cyber security and ethical responsibilities at the IoT,IIoT conference level, and more vendor, industry collaboration at the detail level.

Event organisers seek to present the best quality speakers available. Given the demand I am sure the organisers will respond accordingly. If they determine there is a delegate need they will act upon it.
As for industry vendors they have the expertise and determination to drive change and improvement. Perhaps their methods of engagement within an IoT/IIoT marketplace could be refined and somewhat improved. However, within a digital eco-system where is there not room for improvement?

Sure, it will require some thinking and improved engagement models, but ultimately it will bring together the right people, the right processes, and the right solutions for all involved.

Let’s remember, we all value cost efficiencies and convenience, however we value our privacy more.



 Alan Mihalic SCCISP, CISSP, ISSAP,ISSMP,CISM is the President of the IoT Security Institute
Linkedin Profile