19 Apr 2018
Examining the risks and benefits of smart cities
Advancements in AI, as well as Internet of Things (IoT) connected devices, have made it possible for cities to increase efficiencies across services like transportation, water management, and healthcare. To do this, smart cities rely on interconnected devices to streamline and improve city services based on rich, real-time data.
However, the fast adoption pace of networked technologies is potentially creating a deep well of vulnerabilities. There are already millions of smart home devices in the world, including smart alarms, locks, lighting, baby monitors, and thermostats and televisions. It is predicted that there will be more than 21 billion connected devices by 2020.
The danger of hacks
As smart cities rely on accurate data to properly function, if information is hacked, it has the potential to bring a city to a standstill. For instance, traffic control systems could be exploited to cause jams or crashes. Other risks include subways grinding to a halt, or water supplies being contaminated.
This scenario is not as far-fetched as it may sound. In 2011, hackers gained control of the water control system in Ohio and destroyed a pump that serviced 2,200 customers. Furthermore, hacking entry points can be quite straightforward to unleash this chaos. For instance, smart lights bulbs and vending machines on a college campus were recently used as a starting point to launch a cyberattack against an unnamed university in the US.
The most obvious low hanging fruit when targeting smart cities will be to target people. Targeting people opens the door to the “weakest link” and can uncover vulnerabilities such as lack of authentication and encryption, and weak password storage that can allow attackers to gain access to systems.
Given the huge quantity of smart devices now in our everyday life, defending against the sheer volume of attacks will become a challenge for smart cities. In a report by Cisco Cybersecurity in 2017, 35 percent of chief information security officers and security operations professionals said they see thousands of daily cyber threats, but only 44 percent are investigated.
Data, data, everywhere
Realistically, in the environment of a smart city, from smart meters to intelligent transportation infrastructure and sensors, they are likely to capture a lot of data about us as individuals. This data may be used to provide better services, efficiency, and other smart-city goals. That said, this also means lots of data, including personal information, is collected, stored, and used in a smart city. This will make smart cities a very tempting target to attack for hackers. That is why it is crucial that best security practices are built into a smart city’s means of data-gathering and processing.
For instance, the amount of data that IoT devices can create is colossus. A Federal Trade Commission report entitled "Internet of Things: Privacy & Security in a Connected World" found that less than 10,000 households can produce 150 million distinct data points daily.
Where we're leading
Physical security has moved from being very simple inputs and outputs, to being always-connected devices. This makes the industry very much part of the IoT world. This has changed how Vanderbilt thinks when designing and developing their own security systems, in particular SPC. This intruder detection system has been designed so that should an attack penetrate, such as Denial-of-Service, the system has multiple communication paths available as a backup.
Therefore, if one server is flooded and taken down, the system can immediately switch to a backup server and then change communication paths to bypass the attack and ensure messages still operate successfully. So, the system will remain operational, and it will still be able to communicate out, but it will start to shut down elements of itself to protect the system from further damage in the attack.
The bright side of smart cities
Of course, it is not all doom and gloom. Smart cities are springing up at a rapid rate for a reason. In Barcelona, smart water meter technology is helping the city save $58 million per year. In South Korea, one city cut building operating costs by 30 percent after implementing smart sensors to regulate water and electricity usage.
According to the United Nations, 66 percent of the world’s population will live in cities by 2050. This will have many varying effects, including in transportation, energy, and health and safety. Cities consume 75 percent of all energy and are responsible for 40 percent to 60 percent of greenhouse gasses. Air quality remains a concern, including so-called “black rivers” of pollution in urban areas that are leading to an increase of respiratory disease. The impact of congestion on emergency response and waste management also must come into consideration. As seen by the success stories in Barcelona and South Korea, smart cities can help combat these problems and thus will play a key role in benefiting the lives of its citizens.
Precautions to consider
So, while technology will help to change some of these problems for the better, security for smart cities must come first and foremost. Employing more machine learning algorithms to scour the web for vulnerabilities ahead of time could be a possible solution to combat vulnerabilities.
Naturally, cyberattacks and data breaches can’t be avoided entirely. But rather than trying to accomplish the impossible, smart cities should focus on investment in IT infrastructure capable of resisting outside attacks.
This includes forcibly shutting down potentially hacked systems until security experts can resolve vulnerability issues. One must remember that technology’s growth also means that security defenses are developing in parallel. At its core, security is about being continuously observant, following best practices, and being ready and able to react against a security issue.
With IoT devices, security is now an endless game of cat and mouse in staying ahead of the latest threats and hacking innovations. Therefore, vulnerability testing is also a valuable weapon in your overall defensive arsenal. As well, as vulnerability testing its systems, Vanderbilt has various other forms of obstacles and barriers to deter and deceive would-be hackers.
Encrypting sensitive data and deploying network intrusion mechanisms that can regularly scan for suspicious activity and protect against hackers trying to breach control systems remotely is also another key step to take.
FlexC, Vanderbilt’s communications protocol, was built from the ground up solely with cybersecurity in mind. The protocol is a bespoke design that ensures everything is encrypted, all communications are monitored, and multiple types of attack are considered for defensive purposes to provide the best security possible. The encryption used by FlexC communications between panels and the cloud is an AES 256-bit SSL encryption.
By encrypting anything before you send it to the cloud, it adds an extra cushion of control and power over that data. It not only provides an added defensive structure around a company's information, but it also adds peace of mind to the equation when relaying this data to the cloud.
Having an environment within the software industry of open disclosures only means that we can learn from mistakes, we can see how hackers are attempting to breach systems, and ultimately, it can help us stay ahead of the curve and one-step clear of hackers’ latest intentions. When vulnerabilities are reported, it just means that testing down the line will improve.
However, one of the most obvious places to start is to choose equipment from reliable suppliers that have a knowledge and interest in cybersecurity and are focused on protecting your data. When your security system is designed from the ground up to protect against cyberattacks, naturally your organization will be in a much better place.