Viewing offline content

Limited functionality available

Dismiss
United States
Annotations
  • Services

    What's New

    • The Ripple Effect

      Real-world client stories of purpose and impact

    • Register for Dbriefs webcasts

    • We Are Deloitte

      Reimagining how we support our people

    • Tax

      • Global Business Tax Services
      • Global Employer Services
      • Multistate Tax
      • Operations Transformation for Tax
    • Consulting

      • Core Business Operations
      • Customer & Marketing
      • Enterprise Technology & Performance
      • Human Capital
      • Strategy & Analytics
    • Audit & Assurance

      • Audit Innovation
      • Accounting Standards
      • Accounting Events & Transactions
    • Deloitte Private

    • Mergers & Acquisitions

      • Total M&A Solution
      • Post-merger Integration
      • Divestiture & Separation
    • Risk & Financial Advisory

      • Accounting & Internal Controls
      • Cyber & Strategic Risk
      • Regulatory & Legal
      • Transactions and M&A
    • AI & Analytics

    • Cloud

    • Diversity, Equity & Inclusion

  • Industries

    What's New

    • The Ripple Effect

      Real-world client stories of purpose and impact

    • Register for Dbriefs webcasts

    • Industry Outlooks

      Key opportunities, trends, and challenges

    • Consumer

      • Automotive
      • Consumer Products
      • Retail, Wholesale & Distribution
      • Transportation, Hospitality & Services
    • Energy, Resources & Industrials

      • Industrial Products & Construction
      • Mining & Metals
      • Oil, Gas & Chemicals
      • Power, Utilities & Renewables
    • Financial Services

      • Banking & Capital Markets
      • Insurance
      • Investment Management
      • Real Estate
    • Government & Public Services

      • Defense, Security & Justice
      • Federal health
      • Civil
      • State & Local
      • Higher Education
    • Life Sciences & Health Care

      • Health Care
      • Life Sciences
    • Technology, Media & Telecommunications

      • Technology
      • Telecommunications, Media & Entertainment
  • Insights

    Deloitte Insights

    What's New

    • Deloitte Insights Magazine

      Explore the latest issue now

    • Deloitte Insights app

      Go straight to smart with daily updates on your mobile device

    • Weekly economic update

      See what's happening this week and the impact on your business

    • Strategy

      • Business Strategy & Growth
      • Digital Transformation
      • Governance & Board
      • Innovation
      • Marketing & Sales
      • Private Enterprise
    • Economy & Society

      • Economy
      • Environmental, Social, & Governance
      • Health Equity
      • Trust
      • Mobility
    • Organization

      • Operations
      • Finance & Tax
      • Risk & Regulation
      • Supply Chain
      • Smart Manufacturing
    • People

      • Leadership
      • Talent & Work
      • Diversity, Equity, & Inclusion
    • Technology

      • Data & Analytics
      • Emerging Technologies
      • Technology Management
    • Industries

      • Consumer
      • Energy, Resources, & Industrials
      • Financial Services
      • Government & Public Services
      • Life Sciences & Health Care
      • Technology, Media, & Telecommunications
    • Spotlight

      • Deloitte Insights Magazine
      • Press Room Podcasts
      • Weekly Economic Update
      • COVID-19
      • Resilience
  • Careers

    What's New

    • Hybrid workplace model and vaccine updates

      Transforming when, where, and how we work

    • We Are Deloitte

      Reimagining how we support our people

    • The Deloitte University Experience

      Explore Deloitte University like never before through a cinematic movie trailer and films of popular locations throughout Deloitte University.

    • Careers

      • Audit & Assurance
      • Consulting
      • Risk & Financial Advisory
      • Tax
      • Internal Services
      • US Delivery Center
    • Students

      • Undergraduate
      • Advanced Degree
      • Internships
    • Experienced Professionals

      • Additional Opportunities
      • Veterans
      • Industries
      • Executives
    • Job Search

      • Entry Level Jobs
      • Experienced Professional Jobs
      • Recruiting Tips
      • Explore Your Fit
      • Labor Condition Applications
    • Life at Deloitte

      • Life at Deloitte Blog
      • Meet Our People
      • Inclusion
      • Corporate Citizenship
      • Leadership Development
      • Empowered Well-Being
      • Deloitte University
    • Alumni Relations

      • Update Your Information
      • Events
      • Career Development Support
      • Marketplace Jobs Dashboard
      • Alumni Resources
  • US-EN Location: United States-English  
  • Contact us
  • US-EN Location: United States-English  
  • Contact us
    • Dashboard
    • Saved items
    • Content feed
    • Subscriptions
    • Profile/Interests
    • Account settings

Welcome back

Still not a member? Join My Deloitte

Making smart cities cybersecure

by Piyush Pandey, Sean Peasley, Mahesh Kelkar
  • Save for later
  • Download
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on Linkedin
    • Share by email
Deloitte Insights
  • Strategy
    Strategy
    Strategy
    • Business Strategy & Growth
    • Digital Transformation
    • Governance & Board
    • Innovation
    • Marketing & Sales
    • Private Enterprise
  • Economy & Society
    Economy & Society
    Economy & Society
    • Economy
    • Environmental, Social, & Governance
    • Health Equity
    • Trust
    • Mobility
  • Organization
    Organization
    Organization
    • Operations
    • Finance & Tax
    • Risk & Regulation
    • Supply Chain
    • Smart Manufacturing
  • People
    People
    People
    • Leadership
    • Talent & Work
    • Diversity, Equity, & Inclusion
  • Technology
    Technology
    Technology
    • Data & Analytics
    • Emerging Technologies
    • Technology Management
  • Industries
    Industries
    Industries
    • Consumer
    • Energy, Resources, & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Tech, Media, & Telecom
  • Spotlight
    Spotlight
    Spotlight
    • Deloitte Insights Magazine
    • Press Room Podcasts
    • Weekly Economic Update
    • COVID-19
    • Resilience
    • US-EN Location: United States-English  
    • Contact us
      • Dashboard
      • Saved items
      • Content feed
      • Subscriptions
      • Profile/Interests
      • Account settings
    13 minute read 11 April 2019

    Making smart cities cybersecure Ways to address distinct risks in an increasingly connected urban future

    13 minute read 11 April 2019
    • Piyush Pandey United States
    • Sean Peasley United States
    • Mahesh Kelkar India
    • Piyush Pandey United States
    • Sean Peasley United States
    • Mahesh Kelkar India
    • See more See more See less
      • Piyush Pandey United States
      • Sean Peasley United States
      • Mahesh Kelkar India
    • Save for later
    • Download
    • Share
      • Share on Facebook
      • Share on Twitter
      • Share on Linkedin
      • Share by email
    • Smart cities face unique cyber risks
    • Convergence of the cyber and physical worlds
    • Interoperability between legacy and new systems
    • Integration of disparate city services and infrastructure
    • A holistic approach to cybersecurity
    • Securing cities for growth

    Smart cities face many risks as digital and physical infrastructure converge. To help address this challenge, cities should embed cybersecurity and privacy principles in each stage of their development.

    Smart cities are the future of urban living, harnessing the power of three Ds—digital technologies, data, and design thinking—to boost the efficiency and effectiveness of city services. However, this new wave of digital transformation also brings new cyber risks that could fundamentally impact the existence of smart cities. Cyber threats have been on the rise for years, but the last few years have seen an explosion in cyberattacks that target both data and physical assets.1

    Learn More

    Explore the Smart city collection

    Subscribe to receive related content

    As connected devices proliferate at a breakneck speed—the number of IoT devices is expected to rise from 8.4 billion today to almost 20 billion by 20202—cyberattacks and vulnerabilities in one area can have a cascading effect on numerous other areas. The consequences could extend beyond just data loss, financial impact, and reputational damage risks—severe enough as they are—to include disruption of crucial city services and infrastructure across a broad range of domains such as health care, transportation, law enforcement, power and utilities, and residential services. Such disruptions can potentially lead to loss of life and breakdown of social and economic systems.

    In March 2018, the city of Atlanta faced a ransomware attack that hit some of its customer-facing applications.3 At one point, the city had to shut down its free Wi-Fi network at the Hartsfield-Jackson Airport as a precautionary measure. Overall, the attack hit 5 out of 13 city departments, and it took the city weeks to get back to normalcy.4 Such attacks are also growing in frequency: According to a 2016 survey of chief information officers of cities and counties, about a quarter of local governments were facing attempted cyberattacks every hour.5

    The rapid hyperconnectivity and digitization of cities are accelerating cyber threats. To tackle the challenge, government leaders, urban planners, and other key stakeholders should make cybersecurity principles an integral part of the smart city governance, design, and operations, not just an afterthought. In this paper, we examine the key factors that influence cyber risks in a smart city ecosystem and a broad approach that city leaders can adopt to manage these risks.

    Smart cities face unique cyber risks

    A smart city is a complex ecosystem of municipal services, public and private entities, people, processes, devices, and city infrastructure that constantly interact with each other. The underlying technology infrastructure of the ecosystem comprises three layers: the edge, the core, and the communication channel (figure 1). The edge layer comprises devices such as sensors, actuators, other IoT devices, and smartphones. The core is the technology platform that processes and makes sense of the data flowing from the edge. The communication channel establishes a constant, two-way data exchange between the core and the edge to seamlessly integrate the various components of the ecosystem.

    This massive amount of data exchanges, integration between disparate IoT devices, and dynamically changing processes creates new cyber threats, compounded by complexities in the other components of the ecosystem that wrap around the technology infrastructure. For instance, data governance can be a thorny issue for cities as they need to think about whether the data is internal or external; whether it is transactional or personalized; whether the transactional data is collected via IoT devices; and how the data is stored, archived, duplicated, and destroyed. In addition, due to a lack of common standards and policies, many cities are experimenting with new vendors and products, which create interoperability and integration problems on the ground and exacerbate cyber risks.

    The smart city ecosystem comprises three layers: The edge, the core, and the communication channel

    Three factors influence the potential cyber risk in a smart city ecosystem (figure 2):

    1. Convergence of the cyber and physical worlds

    2. Interoperability between legacy and new systems

    3. Integration of disparate city services and enabling infrastructure

    Three key factors influence cyber risk in cities

    To begin to understand how to manage the cyber risk landscape, it helps to explore each of these factors further.

    Convergence of the cyber and physical worlds

    Smart cities blur the lines between the physical and cyber worlds. In this environment, people, processes, and places are integrated via both information technology (IT) systems used for data-centric computing and operational technology (OT) systems used to monitor events, processes, and devices and adjust city operations. Such convergence allows cities to control and govern technology systems through remote cyber operations.

    However, this convergence, where many devices in the edge could be cyber threat vectors, gives rise to the risk of malicious actors entering the system and disrupting operations on the ground—thus exponentially expanding the cyber risk landscape.6 With the proliferation of IoT devices, attackers now have countless entry points to compromise a city’s systems and take advantage of the resulting vulnerabilities.

    In 2014, a German steel mill was a victim of a spear phishing attack. Through targeted emails appearing to be from a trusted source with a malicious attachment, the attackers first obtained access to the business network and then to the production network lacking required separation. The attackers remotely disabled the blast furnace by taking over the control systems, resulting in massive physical damage to the furnace system, costing millions of dollars.7

    In another example, as an experiment, University of Michigan researchers successfully targeted the Intelligent Traffic Signal System (I-SIG), which is one of a series of CV-based transportation systems being deployed, tested, and implemented under the US Department of Transportation's CV Pilot Deployment Program. The researchers used data spoofing and fake messages from a nearby connected vehicle to create a traffic jam in a simulated environment, increasing average delays by 38 percent.8 This attack turned out to be quite easy to do, highlighting the expanding cyber risk landscape.

    Interoperability between legacy and new systems

    Often, organizations that pursue digital transformation need to integrate new digital technologies with legacy systems, which can create significant challenges and risks. These challenges include inconsistent security policies and procedures and disparate technology platforms, resulting in hidden security vulnerabilities throughout the smart city ecosystem.

    In 2015, the US Office of Personnel Management’s (OPM’s) systems suffered a data breach, giving hackers access to personnel file records of 4.2 million employees. This breach was primarily due to the OPM’s old network’s inability to encrypt data.9 The OPM has spent millions of dollars since then to accelerate the modernization process.10

    This situation is exacerbated as many cities increasingly use IoT solutions, but within a retrofitting model. For instance, large, established gas and water systems within a city have deployed sensors on a large scale. These sensors need to connect to a broader network for the data to be aggregated and analyzed centrally. However, these sensors have minimal security protocols.11 In the long run, retrofitting may not be a viable option as many devices could become physically incapable of upgrades.12

    Another challenge is the lack of generally accepted standards governing the functioning of IoT-enabled devices. City departments and agencies typically use sensor technologies from different vendors that generate data in different formats and use different communication protocols. Creating interoperability in such situations can be difficult, and cities may face a trade-off between interoperability and security. Each new device added to an IoT ecosystem adds a new attack surface or opportunity for malicious attack.13

    Integration of disparate city services and infrastructure

    Traditionally, cities have offered a wide range of services that were largely independent of each other (e.g., power, water, sewer, transportation, public works, law enforcement, firefighting, and social services). Each of these services was typically provided by an agency using its own systems, processes, and assets. Now, these services are slowly being integrated and linked through an interconnected web of digital technologies.

    As cities gain opportunities for new services and efficiencies, this comingling of services and systems comes with its own set of challenges. The increasing integration, interconnectedness, and data exchange create shared vulnerabilities where a problem in one service area can quickly cascade into other areas—potentially leading to widespread and catastrophic failures. In addition, cities need to rethink regulatory requirements, rationalize varied security protocols, and address data ownership and usage challenges.

    The Emotet malware virus struck the city of Allentown, Pennsylvania, in February 2018. The virus quickly multiplied in a week and rendered the city’s finance department system unusable by not allowing it to make external bank transactions. Also, the police department could not access databases controlled by the Pennsylvania state police. Containing the virus and getting back to operational status is estimated to have cost the city US$1 million.14

    Furthermore, data stored in different systems can be susceptible to misuse, potentially affecting citizens’ privacy. For instance, it is a leading practice to mask or delete personal identifiers in data. However, techniques and methods that allow malicious attackers to match different datasets to reidentify an individual are becoming increasingly sophisticated. So, a breach that compromises multiple systems and datasets can become a serious privacy incident for cities.

    Cyber risk will continue to evolve in the coming years, as many cities plan to integrate a wide variety of services and infrastructure, connecting even more data, systems, and devices.

    Understanding the cyber risk evolutionary curve in smart cities

    Most smart cities follow a four-stage evolutionary path that relies on varying mixes of new and legacy technologies. With each step up the curve, the scale of technology infrastructure and the potential attack vectors can significantly increase, necessitating corresponding maturity in the cybersecurity strategy (figure 3).

    Cybersecurity strategies need to evolve along with smart cities’ digital transformation

    During the initial stage, when data is being collected through a small number of city-controlled, hard-wired sensors, the potential breach points are generally limited. However, at the next (intentional) stage, when a city starts to collect data from citizens’ smartphones and connected infrastructure, there are suddenly millions of uncontrolled potential breach points, most of which are beyond the city’s control. In the most advanced stages, when software bots at the core use artificial intelligence to make decisions and act without human involvement, the potential attack vectors are nearly endless—and continuous.

    It is important to note that as a city moves up the evolutionary curve, the degree of convergence, scale of technology infrastructure and corresponding interoperability, and integration of services increase. For instance, while a city might have a few hundred connected devices in the initial or intentional stage, the same number can be in thousands or millions in the integral and transformed stages and will require better infrastructure to support such growth. The situation, in turn, drives more complexity in the core, edge, and communication layers of the smart city ecosystem. Therefore, the maturity of cyber risk capabilities should be directly proportional to the degree of integration of smart city ecosystem components, and the cyber risk management approach should consider all these components.

    A holistic approach to cybersecurity

    The convergence of physical and digital infrastructure, the ensuing interoperability, and interconnectedness between city systems and data is an ongoing effort in many cities. The security goals of a smart city—confidentiality, integrity, availability, safety, and resiliency—should be grounded on both the objectives of traditional IT (to secure data) as well as those of OT (to ensure safety and resiliency of systems and processes). These combined security objectives can help cities maintain a more secure and resilient operating environment (figure 4).

    Smart cities must take a holistic approach to smart city cybersecurity

    An integrated cyber risk framework can provide cities with management principles to incorporate into their smart city planning, design, and transformation stages. It comprises industry standards, legal, and regulatory requirements to determine how cyber risk may affect all the ecosystem participants, including users, government, services, infrastructure, and processes, as well as assess each system’s and asset’s influence on each other. Such an integrated approach can enable city stakeholders to view threats and vulnerabilities in their entirety rather than react to specific services or operational impact, eventually allowing them to develop the core capabilities of a cybersecurity program described in figure 5.

    An integrated approach to cybersecurity is based on five core components

    Securing cities for growth

    Balancing the promise of smart cities against the potential of cyber risks—and managing the associated risks effectively—will be critical to realizing the potential of smart cities. Cities should begin by engaging all the stakeholders and entities in the broader ecosystem. The next steps that cities should consider include the following:

    • Syncing smart city and cyber strategy. Cities should define a detailed cybersecurity strategy that is in line with their broader smart city strategy and that can mitigate challenges arising from the ongoing convergence, interoperability, and interconnectedness of city systems and processes. Cities should consider carrying out an extensive impact assessment of their data, systems, and cyber assets to identify, assess, and mitigate the risks associated with technology processes, policies, and solutions. The integrated view of the risks and knowledge of interdependencies of the critical assets can enable cities to develop a comprehensive cybersecurity strategy. For instance, Singapore launched its National Cyber Security Master plan in 2013 and followed it with a new cyber security bill in 2016. Both initiatives were an integral part of Singapore’s smart nation strategy.24

    • Formalizing cyber and data governance. Cities need to formalize the governance approach to data, assets, infrastructure, and other technology components. A comprehensive governance model should spell out responsibilities and roles for each critical component in the smart city ecosystem. To implement an ecosystem approach to tackling cyber issues, various entities will need to work together with a strong governance model as the foundation. Cities can establish a network among other cities, state agencies, academia, and corporations to share threat information, capabilities, and contracts to strengthen cyber defenses.25 Additionally, data management—including robust data sharing and privacy policies, data analytics skills, and monetization models that facilitate the sourcing and usage of “city data”—constitutes a critical aspect of this governance. Policies, legislation, and technology must be continuously aligned to maintain the right balance of protection, privacy, transparency, and utility. The governance, policies, and processes must mature along with the city’s overall cyber strategy. For instance, the city of Hague is home to the “Hague Security Delta,” an ecosystem of more than 200 organizations working in the national security, cyber and urban security, critical infrastructure, and forensics.26

    • Build strategic partnerships to grow cyber capabilities. The cyber skills gap is not going away anytime soon, so cities need to be innovative and proactive in plugging the cyber skills gap in their cities. This approach may require city administration to explore nontraditional efforts to tap into cyber talent such as crowdsourcing, prizes, and challenges to solve cyber-related issues. A smart city requires new skills and competencies across the various ecosystem layers. Cities can augment existing capabilities through strategic partnerships and contracts with service providers.

    It is critical for city leadership to realize that securing cities from cyber risk is not a one-time event where cyber strategy evolves as cyber threats evolve; instead, it is also important to be able to recover when a cyberattack happens. Also, this is not a battle that cities can or should fight alone, but instead with an ecosystem of city governments, academia, the private sector, and startups. Technology can be one part of the cybersecurity solution, but the latter also needs a comprehensive governance model toward data and assets. More importantly, cities need an integrated approach to managing cyber risk with cybersecurity principles baked into every stage of the smart city development process (i.e., from strategy and design to implementation and operations). Cybersecurity is just too important to be treated as an afterthought.

    Acknowledgments

    The authors would also like to thank Mike Wyatt, Srini Subramanian, Irfan Saif, Timothy Li, Rahul Gupta, Christian Franzen, Peter Wirnsperger, Rana Sen, Steven Hamilton, and Ravi Dhaval for reviews at critical junctures and contributing their ideas and insights to this research project.

    In addition, the authors would like to thank Melissa Barrows, Marguerite Zacharovich, Jaideep Balekar, Ali Muzaffar, Divya Nayak, and Biju Kadapurath for their key contributions during the research and development of this project.

    Cover art by: Kevin Weier

    Endnotes
      1. World Economic Forum, The global risks report 2018, 2018. View in article

      2. John P. Dzrik, “Cyber risk is a growing challenge. So how can we prepare?,” World Economic Forum, January 17, 2018. View in article

      3. Jerry Bowles, “America’s cities are under cyberattack. That’s bad news for IoT and Smart Cities,” Diginomica, March 30, 2018. View in article

      4. Mary Scott Nabers, “Smart city security: Atlanta cyberattack cripples city,” IoT Word Today, April 5, 2018. View in article

      5. ICMA, Cybersecurity 2016 survey, April 19, 2017. View in article

      6. Irfan Saif, Sean Peasley, and Arun Perinkolam, “Safeguarding the Internet of Things: Being secure, vigilant, and resilient in the connected age,” Deloitte Review 17, July 27, 2015. View in article

      7. Kim Zetter, “A cyberattack has caused confirmed physical damage for the second time ever,” Wired, January 8, 2015. View in article

      8. Qi Alferd Chen et al., “Exposing congestion attack on emerging connected vehicle based traffic signal control,” University of Michigan, February 18–21, 2018. View in article

      9. Phil Goldstein, “Legacy federal IT systems are a ticking time bomb of risks,” FedTech, December 7, 2015. View in article

      10. Jason Miller, “3 years after data breach, OPM still struggling to modernize IT,” Federal News Network, February 27, 2018. View in article

      11. Saif, Peasley, and Perinkolam, “Safeguarding the Internet of Things: Being secure, vigilant, and resilient in the connected age.” View in article

      12. Ibid. View in article

      13. Ibid. View in article

      14. Daniel Patrick Sheehan, Emily Opilo, and Daryl Nerl, “City of Allentown computer systems hit by virus that will require nearly $1M fix,” The Morning Call, February 20, 2018. View in article

      15. Trevor Jones, “Microsoft takes holistic approach to IoT security concerns,” TechTarget, April 18, 2018. View in article

      16. Mark White, Jason Killmeyer, and Bruce Chew, Will blockchain transform the public sector?, Deloitte University Press, September 11, 2017. View in article

      17. William D. Eggers, Delivering on Digital: The Innovators and Technologies That Are Transforming Government (New York, Rosetta Books, 2016), pp. 164–5. View in article

      18. Joseph Marks, “LA cyber center hopes to be a model for cities nationwide,” Nextgov, December 7, 2017. View in article

      19. Eggers, Delivering on Digital, pp. 199–200. View in article

      20. Saif, Peasley, and Perinkolam, “Safeguarding the Internet of Things: Being secure, vigilant, and resilient in the connected age.” View in article

      21. Srini Subramanian and Doug Robinson, 2016 Deloitte-NASCIO cybersecurity study: States at risk: Bold plays for change, Deloitte Insights, October 22, 2018. View in article

      22. National Institute of Standards and Technology, “NICE cybersecurity workforce framework,” accessed July 17, 2018. View in article

      23. Deborah Golden and Ted Johnson, Augmented security, Deloitte University Press, 2017. View in article

      24. FTI Consulting, Singapore’s approach to cyber security, 2016. View in article

      25. Subramanian and Robinson, 2018 Deloitte-NASCIO cybersecurity study. View in article

      26. Hague Security Delta, “About HSD,” accessed on April 13, 2018. View in article

    Show moreShow less

    Topics in this article

    Digital Transformation , Government , Cyber risk , Public Sector , Internet of Things (IoT) , Risk management , Smart cities

    Cybersecurity

    As the world becomes more connected, cyber threats are growing in number and complexity. Cyber is moving in new directions—beyond an organization’s walls and IT environments and into the products they create and the factories where they make them.

    Learn more
    Get in touch
    Contact
    • Piyush Pandey
    • Advisory managing director, US Risk and Financial Advisory
    • Deloitte & Touche LLP
    • pipandey@deloitte.com
    • +1 717 460 0184

    Download Subscribe

    Related content

    img Trending

    Interactive 3 days ago

    More insights for Government and public services

    • Payments and the future of mobility Article3 years ago
    • Government cloud: A mission accelerator for future innovation Article3 years ago
    • If you want to prosper, consider building roads Article3 years ago
    • The smart base Interactive3 years ago
    • Flying smarter with IoT Article3 years ago
    Piyush Pandey

    Piyush Pandey

    Piyush Pandey is the managing director of Deloitte’s Risk and Financial Advisory practice and Smart Cities Cybersecurity leader. He has more than 17 years of experience, including enabling digital transformation of state, local, and city governments by shaping cybersecurity vision and strategy; design and implementation of identity solutions and advanced authentication programs; development of security standards and solutions, as well as resiliency and incident management plans; implementation of vulnerability management solutions; and establishment of data protection and privacy programs. Pandey has an undergraduate degree in computer science and a Master’s in business administration.

    • pipandey@deloitte.com
    • +1 717 460 0184
    Sean Peasley

    Sean Peasley

    Partner | Deloitte Risk & Financial Advisory

    Sean, a partner at Deloitte & Touche LLP, is the Global Cyber Cloud leader and Cyber IoT leader for the Cyber Risk Services practice of Deloitte Risk & Financial Advisory. He delivers solutions to help organizations address their most pressing and pervasive cyber security challenges for Enterprise, Cloud and IoT environments including Cyber Risk, Cyber threat intelligence, Cyber war gaming, IoT and operational technology (OT) security, identity management, privacy and data protection, and business resilience focused. He has over 35 years of consulting experience and serves some of Deloitte’s largest clients. Sean is a proven leader with diversified, in-depth experience in consulting and has demonstrated an ability to consistently achieve desired results and provide exceptional value to clients across a variety of business problems, technologies and industries. He specializes in application security; secure systems development; information technology risk management; governance, risk and compliance; and resiliency. His industry experience spans across automotive; consumer products; energy & resources; financial services; health care; life sciences; manufacturing; and media, entertainment & sports. Sean is passionate about working with the community. He currently serves on the board of directors of YMCA of Orange County and is the chairman of CSUF College of Engineering & Computer Science College Leadership Council.

    • speasley@deloitte.com
    • +1 714 334 6600
    Mahesh Kelkar

    Mahesh Kelkar

    Research Manager | Deloitte Services India

    Mahesh Kelkar is the smart cities research leader for the Deloitte Center for Government Insights. His research focuses on understanding the impact of technology, innovation, and policy on the future of cities. He closely tracks the federal and state government sectors and focuses on conducting in-depth research on the intersection of technology with government operations, policy, and decision-making. Connect with him on Twitter @Mahesh_Kelkar and on LinkedIn at https://www.linkedin.com/in/mahesh-kelkar-9468a87/.

    • mkelkar@deloitte.com
    • +1 678 299 7142

    Share article highlights

    See something interesting? Simply select text and choose how to share it:

    Email a customized link that shows your highlighted text.
    Copy a customized link that shows your highlighted text.
    Copy your highlighted text.

    Making smart cities cybersecure has been saved

    Making smart cities cybersecure has been removed

    An Article Titled Making smart cities cybersecure already exists in Saved items

    Invalid special characters found 
    Forgot password

    To stay logged in, change your functional cookie settings.

    OR

    Social login not available on Microsoft Edge browser at this time.

    Connect Accounts

    Connect your social accounts

    This is the first time you have logged in with a social network.

    You have previously logged in with a different account. To link your accounts, please re-authenticate.

    Log in with an existing social network:

    To connect with your existing account, please enter your password:

    OR

    Log in with an existing site account:

    To connect with your existing account, please enter your password:

    Forgot password

    Subscribe

    to receive more business insights, analysis, and perspectives from Deloitte Insights
    ✓ Link copied to clipboard
    • Contact us
    • Search jobs
    • Submit RFP
    • Subscribe to Deloitte Insights
    Follow Deloitte Insights:
    Global office directory US office locations
    US-EN Location: United States-English  
    About Deloitte
    • About Deloitte
    • Client stories
    • My Deloitte
    • Deloitte Insights
    • Email subscriptions
    • Press releases
    • Submit RFP
    • US office locations
    • Alumni
    • Global office directory
    • Newsroom
    • Dbriefs webcasts
    • Contact us
    Services
    • Tax
    • Consulting
    • Audit & Assurance
    • Deloitte Private
    • Mergers & Acquisitions
    • Risk & Financial Advisory
    • AI & Analytics
    • Cloud
    • Diversity, Equity & Inclusion
    Industries
    • Consumer
    • Energy, Resources & Industrials
    • Financial Services
    • Government & Public Services
    • Life Sciences & Health Care
    • Technology, Media & Telecommunications
    Careers
    • Careers
    • Students
    • Experienced Professionals
    • Job Search
    • Life at Deloitte
    • Alumni Relations
    • About Deloitte
    • Terms of Use
    • Privacy
    • Privacy Shield
    • Cookies
    • Cookie Settings
    • Legal Information for Job Seekers
    • Labor Condition Applications
    • Do Not Sell My Personal Information

    © 2022. See Terms of Use for more information.

    Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.

    Learn more about Deloitte's work for the US Olympic Committee