Smart Cities Require Smart Security Measures

Smart City Landscape

As IoT technologies continue to evolve, local and regional governments are increasingly leaning on these devices to improve urban life. Smart city revenue is expected to exceed $1.6 trillion by 2030, with the ongoing pandemic accelerating many projects around healthcare and mobility solutions.

With increased investment, however, comes increased risk – and though smart city projects are fairly young, they have already proven attractive targets for hackers. Though some have been mostly harmless, other incidents have been far more troubling. The sheer amount of data collected by these IoT deployments and the infrastructure reliant upon them places them squarely in the crosshairs of bad actors looking to plant ransomware or simply disrupt the order of things.

To better understand why, let us first examine what kind of technologies make up a typical smart city deployment.

Smart Cities Involve Many IoT Devices

Smart cities incorporate IoT devices throughout municipal areas in order to observe their population and use that data to improve daily life. To this end, the goals of smart city developers are multifaceted.

Public safety, for example, often represents a key focus of smart city development. Environmental sensors can be deployed to public spaces to help detect fires and other safety issues. Elsewhere, the structural integrity of bridges and buildings can be remotely monitored to allow for more efficient preventative maintenance. Products like Omniflow’s smart lighting take it one step further by making communal spaces more accessible, even as they provide other benefits such as wifi hotspots and monitor roadside and pedestrian traffic. 

Smart cities may also aim to be more ecologically sustainable – for instance, by using smart meters to help manage energy consumption in homes and buildings. Japanese gas company Nicigas, for example, has installed smart meters in 850,000 customers’ homes that both collect data that informs gas shipments and maximize efficiency in usage. Many municipalities like Thurston County, Washington, also use IoT devices to monitor water supplies to prevent contamination and leaks, or solar panels to help improve energy production and distribution into smart grids.

Improvements to public transportation are another essential element of smart cities. Some cities employ complex telemetrics throughout their roadways to better control and monitor traffic congestion to help drivers get where they are going, while public transportation providers like Tokachi Bus offer commuters up-to-the-moment information on bus scheduling and arrival times for more efficient travel.

This only scratches the surface of potential for IoT devices in smart cities. As the technologies continue to develop and mature, the applications for IoT in public spaces are nearly endless.

Hackers, Network, Photo by Kevin Ku

More IoT Devices Means More Potential Incursion Points

Effective smart city systems often require tens of thousands of IoT devices to interconnect and share data. If not properly secured, all of those endpoints present a lot of opportunity for hackers to gain access to city networks. 

Few IoT devices have enough onboard memory or processing power to support leading-edge security practices, and managing entire fleets of these devices across an urban landscape can be difficult and expensive. A recent study from UC Berkeley found that emergency alert systems, street video surveillance and traffic signals are the IoT devices in a Smart City that are most vulnerable to incursion. 

Many bad actors target IoT hubs specifically via shell command injections or authentication bypasses, which can allow individuals to acquire credentials that grant access to sensitive systems. 

This doesn’t even factor in the human elements that can contribute to breaches. A healthy portion of incursions stem from simple phishing attacks, and the move to remote work has pushed many municipal workers onto improperly secured distributed devices. That many of these devices don’t operate on a unified network only adds to the number of potential vulnerable entry points for hackers.

“Every single laptop or home internet network or whatnot that is going to be utilized during this period of time is just one more additional point of vulnerability for any city,” Michael Lake of Leading Cities told Smart Cities Dive.

Securing Smart Cities Begins With the Network

Because smart cities involve a number of different groups working together (from government organizations to local businesses), proper security can be a challenge. Given the large footprint of a smart city deployment, the first level of defense is user authentication. To this end, networks for smart cities are being created with cyber security in mind. 

Organizations have embraced what engineers call the “zero trust” mindset, which asserts that all users (on-premise or remote) must verify their identities and privileges before accessing a network. Those connections will then be timed out periodically to ensure only the appropriate individuals can access these systems at any time. 

Networks are requiring system applications to be authenticated at the most base level possible with built-in Root of Trust firmware. Placing this authentication firmware at the hardware level makes it impossible for hackers to access systems in the same way they would typically attack software authentication solutions. When governed by AI systems, this can provide a scalable means of automating the large deployments of IoT devices typically found in smart cities.

“By doing that, all networks can be independently qualified for security and also collectively modeled to provide a cyber safe operating environment,” Guruprasad M. Parthasarathy, ISV development manager for Xinix, told Semiconductor Engineering.

The rising reliance on remote workers has also led many organizations to deploy Virtual Private Networks for smart city security. VPNs allow remote workers to securely access an organization’s private data via the public internet, which can help limit the potential for breach if properly maintained.

Street lights, city, Photo by Benjamin Suter

Security is a Team Sport

Given the scope of a smart city deployment, these kinds of measures need to be employed across a fairly large spectrum of municipal and commercial organizations. Smart city developers need to plan for potential issues such as system outages or data breaches.

LIkewise, training a workforce in the best practices of cyber security can help mitigate some risk of phishing and other attacks. Municipal organizations would also do well to establish a cyber security team to monitor and respond to any events that their network may encounter. 

Hackers are constantly learning and evolving. So too must cybersecurity efforts continuously adapt to meet the challenges of the day.

“You need to train your staff regarding their cybersecurity responsibilities,” Steve Hanna of infineon’s Connected Secure Systems team told Semiconductor Engineering. “You need to create good cybersecurity processes, follow them, and improve them over time.”

Are you looking to secure your IoT project? Speak with one of our experts to learn more about how Soracom offers secure and scalable connectivity solutions for your deployment.