The Need For Smart And Secure Cities

June 26, 2018

The Need for Smart (and Secure) Cities

Cities are about to play an even larger role in supporting humanity. By 2050, two-thirds of the world’s population are forecast to be residing in cities, consuming some 70 percent of the world’s energy, and accounting for about 70 percent of global gross domestic product.

This places enormous responsibility on city planners, engineers, architects and others being tasked with remaking our cities into more efficient and effective population centers. A key tool for their creative efforts are the billions of sensors and other devices that make up the Internet of Things (IoT). The basic formula is City + IoT = Smart City. With this background, it’s a good time to take a closer look at the technology behind smart cities, the risks that are posed to smart cities by hackers, and at how blockchain technology can help provide security against hackers and other bad actors.

Making Cities Smart

For about as long as cities have been around, they have been seen in human terms, with downtowns representing the heart of a city, transportation systems the lifeblood and parks the lungs. And so, embedding IoT soon led to the term smart cities. 

The time is right for smart cities, as up to this point many cities have been anything but smart. For instance it’s been estimated that some cities lose up to half the water from their distribution systems through undetected leakage. Much congestion and air pollution in cities can be traced to poorly coordinated traffic lights as well as drivers cruising around and around looking for a place to park. Cities also need to be able to efficiently integrate with alternative energy sources.

The smart use of IoT can change all of that. Gartner, the research firm, estimates that there are already some 8 billion IoT devices deployed in the world, with that number expected to more than double to 20 billion by 2020. Cities have been in the lead in deploying IoT, accounting for some 2.3 billion connected devices, with that number expected to climb, with no limit in sight. 

Here are some of the ways in which smart cities have used IoT to improve live for citizens and enhance efficiencies across a spectrum of operations:

  • Smart traffic systems, including traffic lights and programmable message boards, coordinate processes to improve traffic flow and suggest rerouting, reducing congestion as well as air pollution.
  • Smart Street Lighting, including traffic adaptation sensors so lights are only used when pedestrians or passing automobiles are present, slash energy consumption—especially as this generally includes swapping out the old lights for efficient LED lights.
  • Smart Parking, including apps that show available on-street and off-street parking, can reduce traffic congestion and ease air pollution. 
  • Smart Building controls can reduce energy use for lighting, heating, and air conditioning.
  • Smart Energy Grid, including integration with solar and other alternative energy sources, and peak-use messaging can reduce the strain on traditional resources.
  • Smart Water storage, treatment, and distribution systems—including leak detection—can help ensure optimal use of this valuable resource.
  • Smart Waste & Recycling Management, including public waste bin and private dumpster sensors, can optimize pickup efficiency while avoiding overflows.
  • Wearable devices or smartphone apps can allow citizens to engage in citizen data collection, automated reporting of air quality, temperature, humidity, and other environmental factors.
  • Smart Transit, including bus stop and train stop shelters with displays showing exactly where the next bus or train is located, are user-friendly, encouraging use of public transportation to reduce traffic and pollution.

The list goes on and on. The combination of IoT and artificial intelligence (AI) are allowing the world to create cities that will be more flexible, more efficient, safer, and smarter. What could possibly go wrong?

Nightmare on Main Street?

Smart cities, with all their promise, also raise the specter of nightmare scenarios.  

The Harvard Business Review recently ran an article titled “Smart Cities are Going to Be a Security Nightmare.” The article pointed out that the emergency of IoT for smart cities opens the door for hackers and other bad actors who see opportunities to exploit the vast attack surface created by these billions of devices. 

Adding to the dangers is that while cities—and device manufacturers—are eager to deploy smart technology, the hard work of securing devices is too often neglected.

The challenge of security must be addressed, because it isn’t going away. In fact poor security could prove to be the wrench dropped into the gears that could bring smart city development grinding to a halt. You don’t have to be a science fiction writer to imagine what devastation could come from tampering with water treatment, manipulating devices to explode power grid infrastructure, or manipulating traffic lights. 

The simple and awful fact is: Smart cities will get hacked. Smart cities have already been hacked. Forbes reports that 86 percent of municipalities say they have already experienced an IoT-related security breach. For example, the residents of Dallas were awakened in the middle of the night after someone hacked into the city’s IoT infrastructure and activated the city’s hurricane warning system, triggering 156 sirens. From a symbolic standpoint, we could say that the triggering of those sirens should serve as a wakeup alarm to all of us: Securing the IoT devices of smart cities can’t be ignored.

Hackers and other bad actors are adept at searching out and exploiting weaknesses, and the billions of IoT devices that have already been deployed, and the billions more coming on line, make for a huge, varied, and attractive attack surface. The problem is compounded by the fact that IoT devices are difficult to secure. They generally exist “out in the wild” beyond the defenses of firewalls and other protective layers. 

And they are resource-constrained. Their memory isn’t measured in megabytes or gigabytes, but in mere kilobytes. Same for storage. And they typically have minimal processing power because these devices are task-designed to be left unattended for months or years at a time. Adding more RAM, storage, or processing power, not only increases the size and cost of a device, it also increases the demands placed on its battery—which is to say its longevity. So, most devices simply can’t support the kind of security stacks that protect our servers, laptops, and smartphones.

How Blockchain Can Help

Blockchain technology has emerged at just the right time to provide a much-needed assist in securing the IoT that forms the foundation of smart cities. Blockchain provides a powerful resource for protecting the IoT because its sequential architecture—assembling information in a series of cryptographically interlocked data blocks—and its public visibility—through decentralized storage—make it ideal for establishing immutable records. 

Once data is entered onto the blockchain, it would be all but impossible (with today’s technology) to reverse the consensus block-by-block mining upon which blockchain is based. The immutability of the blockchain can be used to establish root-of-trust hardware identity for IoT devices. Identity could be tracked from the point of manufacture, through distribution, to the point of device activation, and onward through the working life of the device. 

Blockchain, with its immutable ledgering, also provides the foundation required for tracking device reputation. Reputation is a powerful tool because with billions of devices, there are simply too many for unaided humans to manage. Using blockchain as the repository, one device could submit reports on its interactions with other devices, to form dynamic device reputations. Reputation tracking could yield a numeric value, similar to a FICO credit score, and devices could be configured to validate the reputation of other devices prior to engaging in transactions. 

Reputation + AI

Integrate reputational data with machine learning and AI, and cities could deploy a self-monitoring, self-healing web of devices that could identify aberrations in device behaviors, issue alerts, or quarantine processes to provide a deep layer of automated security for smart cities. 

The concept of using AI and behavioral analytics to detect cyberattacks isn’t new. Back in 2015, after the discovery of a particularly dangerous set of intrusion tools, CIO Online carried an article titled “Artificial Intelligence May Save Us from New Breed of Cyber Threats.”

The basic idea is that we need to create self-aware systems where machine learning and AI can self-monitor networks of IoT devices, gaining the ability to detect aberrations in behavior. For example, if an LED lightbulb normally talks to a building environmental control system, what is it doing contacting an unknown endpoint hundreds or thousands of miles away?  If a device normally sends a 2-second message once a week, why is it suddenly generating nonstop traffic? We need to be able to recognize when devices are being manipulated by bad actors.

Security as a Gating Factor

Cities must be more than smart. They must be resilient. 

While blockchain alone cannot infallibly secure smart city assets, solutions that can marry the power of a distributed ledger with IoT device-level protection can be very powerful. Regardless of the technology embraced, municipalities must view security as a gating factor, because the risks of deploying IoT without security are too great. Smart city implementers should recognize that security should be built into devices from inception, not added on after the fact. The longer implementers wait to secure a device, the more complicated security becomes, especially with resource-constrained IoT devices. 

Security can’t be an afterthought, yet it often is. A TrendMicro study, using a search device to detect vulnerable devices, found more than 1 million exposed cyber assets in New York City, and nearly 4 million exposed devices in Houston. The study in fact found that proportionately more exposed devices were found in smaller cities, perhaps because they lacked the security expertise and resources of larger cities. Whatever the reasons, the study showed that millions of smart city devices currently deployed are dangerously open to attack. The take-home lesson is that smart cities must push security into the forefront of their IoT efforts.

Each day more IoT devices are deployed in cities, making them ever more like living—and sensing—entities. These entities will soon be where most of the planet’s population can be found. Smart city technologies and strategies are giving us the ability to take better care of all whom live in a city. And blockchain technology plus AI and machine learning is giving us the ability to track immutable identity and device reputation to provide the kind of real-time detection that is essential to securing the billions of devices that will make up the web of infrastructure supporting and protecting smart cities.

Vaughan Emery is the Founder and CEO of Atonomi.

Overlay Init

Curated By Logo