Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Smart Cities: The Beautiful, Fragile and very Insecure Future

Amin Hasbini, Securing Smart Cities Board Member and Security Expert, Kaspersky Lab | Aug. 26, 2016
‘Smartness’ of the city became the new black -- It does not matter how much a city earns or what services it provides citizens with as long as there are some plans of making it smarter.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

'Smartness' of the city became the new black. It does not matter how much a city earns or what services it provides citizens with as long as there are some plans of making it smarter. And there is nothing bad about it until one day, traffic lights at your way home are switched off or you are suddenly out of electricity for a weekend. To marry explicit goals of smart cities with implicit consequences of the lack of security is the challenge that still needs to be solved. The good news is there are some ways to achieve that.

It was a creepy morning for Mr. Mocek. Smart metre vendors of Seattle city decided to sue him for the request to publish cities' power grid designs. The request was approved by city administration, but vendors claimed the files' release poses significant security risks - which it probably does, as soon as there is no anticipation of any bit of security in these grid networks. Vivid discussion in social networks (whether this lawsuit is justified or not) proves that security problems of smart cities are closer than they seemed to early adopters. Citizens have the right to know that their cities are protected in a way that guarantee safety of their personal data. They also have the right to understand that many smart city vendors are releasing software and hardware without the slightest grain of security, and governments sign its deployment without software vulnerability testing. In this imperfect world, functionality is a king and safety is neglected.  

This is where the shift should happen. For most of us, 'smartness' of a city still has a meaning of vague digital technologies aiming to improve community life. For the next generation of engineers, it implies a paradigm shift in the way of thinking about data safety. It is something that needs to be secured in the first place. Some experts say that integrating an entire city's universe of smart electric doors, energy, water and lighting metres can be an 'almost intractable problem'. The ever-growing perimeter of connected devices make them exponentially more vulnerable. But as soon as humankind moves to the future of smart everything with a speed of $19.4bn of annual investments worldwide, it makes sense to think of several precautions we can take right now.

The first step is to realise that a problem exists. Worldwide security experts already made significant progress in this regard. In 2015, non-profit global initiative Securing Smart Cities was arranged by leading IT security researchers, companies and organisations, including IOActive, Kaspersky Lab, Bastille, the Cloud Security Alliance and several other entities. The initiative aims to solve the cybersecurity challenges smart cities face through collaboration and information sharing. The major achievement of this NGO is the development of cyber security guidelines that allow cities' operation centres to consider the basic rules of security hygiene while working on infrastructure intelligence. Concerning data encryption, you would probably not believe that modern cities are facing a lack of encryption, but in reality all precious data that makes them smart literally fly in the air broadcasted by radio source. It is like a Christmas stocking full of gifts for cyber criminals: catching smart metre signals transmitted over radio is not rocket science for them. Kaspersky Lab researchers explored and presented smart metres' vulnerability case at Security Analysts Summit 2016. To let you imagine an aftermath, they even managed to induce a blackout by a compromised femtocell.  

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.