Putting Security at the Heart of 'Smart Cities'

The phrase "Cities of the Future" conjures up so many different images, from the utopia of The Jetsons to the dystopia of Judge Dredd. But one thing that most agree on is the connected nature of our cities, with every aspect of life being connected to the internet, machines communicating with machines and with us.
|

The phrase "Cities of the Future" conjures up so many different images, from the utopia of The Jetsons to the dystopia of Judge Dredd. But one thing that most agree on is the connected nature of our cities, with every aspect of life being connected to the internet, machines communicating with machines and with us.

It's a vision of the future that is just starting to emerge right now and while there is a long way to go before we are as connected as many sci-fi interpretations suggest we will be, more and more aspects of daily life are heading online.

Connected cities, also called smart cities, are one aspect of the Internet of Things (IoT). Smart cities are where services use technology to be more efficient and cost-effective, from traffic and transport systems to waste management to energy and healthcare.

But - you knew there'd be a but, didn't you? - with these technological advances come big concerns. Specifically these concerns revolve around data and its protection. A connected city will be generating huge quantities of data, which will be shared from machine to machine and department to department. That's a lot of data to target, and a lot of attack vectors to get at it.

And, as this article on Dark Reading points out, those attack vectors include the sensors themselves, which can be hacked and used to feed fake data into the system. This can result in transport systems being shut down, for example. In a big city that is a quick route to total mayhem.

One single sensor being used to monitor one set of traffic lights may not seem a vital part of the infrastructure but it's a route into the system and hackers know that. Every single element of the infrastructure has to be secure.

Hiding the data away on an internal network won't work, in fact that goes against the very idea of a smart city, where data sharing is the norm. The problem is, many of the companies producing hardware and software for smart cities are not experts in cyber security and so it's often an after-thought. There is also a startling lack of standards in the smart city industry at the moment.

That is slowly changing though; Securing Smart Cities is a non-profit organisation made up of cyber security companies such as Kaspersky Lab, research bodies such as IOActive and industry bodies like the Cloud Security Alliance. Similarly, there have been calls for smart cities to have a Computer Emergency Response Team (CERT) on standby in case of a cyber attack against the infrastructure.

But in some ways new security threats posed by smart cities are not too different from what we've seen with the emergence of mobile and cloud computing. What's changed is the perimeter of the network; it's no longer contained to a data centre. The same rules that apply here could well apply to smart cities.

Access management will play a big role in securing smart cities; ensuring only the right people (or devices) from the right location can interact with each other can help to keep the bad guys out. From encryption to DDoS mitigation to intelligent traffic management, there are systems that can be put in place to secure the data that smart cities and the IoT need to be truly effective.

Smart cities will undoubtedly change the way we live our lives. But in the rush to embrace IoT we cannot ignore the security implications, particularly when it comes to our personal data. But that will have to come from a unified, industry-wide approach that aims to ensure every aspect of the infrastructure - from data collection to transmission and everything else - is secure.