In our final report from CES we take a look
at smart city initiatives
This year
at CES there was an entire section devoted to smart city initiatives
municipalities are rolling out in many cities around the world, or planning to.
As we noted in our look at automotive
security and IoT
security previously, the technologies surrounding transportation are
converging; so too are the technologies that make cities work. From automated
street lights that change color to alert you of a hazard, to centrally-planned
dynamic traffic flows and car-to-car communication, cities will change rapidly.
But how they will manage these changes is another story.
Stage one is the deployment of sensors that
passively assess traffic flows, pedestrian traffic and potential hazards.
Shortly thereafter, cities will deploy more active measures, such as
controlling traffic lights and entire systems based on holistic input from the
swarms of sensors.
One of the hotspots (literally) will be city
lamp posts, especially if they are connected electrically. This will be the
focus of considerable attention, as they are a perfect platform for Wi-Fi,
temperature and other ambient condition sensors, and hence, potential hosts for
super-high-speed, ubiquitous, wireless connectivity. Want to get a feel for
what’s happening across the whole landscape? Fire up a mesh of a bazillion
sensors on the lamp posts and start getting a better picture. All this without
significant development and acquisition of land.
Next will be law enforcement, or more specifically, rolling out these
new rafts of collected data (after being sifted and enriched) to provide
real-time data as they drive, walk, or ride around the city.
So the swarms of sensors will feed the
central offices, which will then feed data back out to the swarms of consumers
. . . after being digested and enriched.
The problem is that cities are extremely
ill-prepared to staff and manage all the complexity, let alone secure it all.
If, for example, attackers are able to gain access to one part of the sensor
network, it becomes potentially easier to use as a potential onramp to escalate
to more privileged access and hop back to the critical data stores and exploit
them as well.
This dynamic would be much easier to manage
if cities had vast budgets to hire the best cybersavvy technicians and
specialists, but it is important as it is paradoxically rare. Here, “fire and
forget” just doesn’t work well. We’ve seen breach after breach where organizations
had the right technology deployed, but failed on implementation or triage and
escalation of potential breach incidents.
For cities that try to outsource their needs,
concerns such as data leakage and misuse come to the fore. In light of the raft
of legislation for protecting personally identifying data, the potential
blowback from leaking security information for example, would make for some
rough public relations for the mayor of a city, who’s staff might not be
digital experts at all.
Most cities are primarily concerned with
keeping the lights on, the water flowing, the streets open, the trains running
and so on. The politicians and critical infrastructure managers are far more
concerned with high availability than high security – or indeed, any security
at all. Year after year at the Black Hat conferences we see examples of city
systems trivially exploited. Yet, with the increasing interconnectivity of
their systems, smart cities will soon be saddled with understanding and
implementing cybersecurity well.
Oh, and without significant budget increases!