The Cybersecurity Conundrum in our Connected Urban Future

David Catzel (Miscellaneous sources incl. Delloite, PWC, Accenture

INTRODUCTION

In the rapidly approaching, smart city future, relevant agencies will need to guard against cyberattacks on the city’s constant data flow across its web of interconnected technologies. The threats will target how this data is collected and secured and how the sensitivity of the data is categorized and if it is protected by the right level of security.

A smart city uses data collected from sensors and other smart end points around the city. Including data from vehicles, smart asphalt, smart lighting and more. All this data is filtered through a centralized rule-based analytics dashboard so the city can make decisions about deploying resources.

THE DATA

The data is everywhere. Information extracted from the data collected is used to make intelligent decisions about transportation, the movement of people and utilities such as electricity, gas and water supply.

This data comes from a massive network of digital connections with millions of interconnected devices and sensors that are transmitting information and controlling the physical environments and making a decision about it—for example manipulating traffic lights to ensure that the emergency vehicles can pass through and at the same time, communicating to the hospital that there is a patient on the way requiring specific medical treatment. Information sharing enables rapid decision making and lifesaving efficiencies.

The underlying technologies that deliver this great smart city customer experience include three interconnected architectural layers

·      The “Edge Layer” with the IoT data-collection mechanisms like the sensors and actuators and applications, the smart phones, and all those devices which either are being used to collect information or process the information.

·      The “Core”, a centralized data platform, which serves as a repository for the data that the devices are collecting. It is the cloud layer where the data is analyzed so that decisions can be made.

·      The “Communication Layer”, between the Core and the Edge.

THE CYBER THREAT

The typical attacker steals funds or data for either monetary gain or to make a political statement. Either way, citizens can be impacted in serious and often life-threatening ways.

The challenge is that cities procure IoT devices, sensors and technologies from many different vendors. They generate data in different formats, use different communication protocols and have different update schedules and are interconnected through multiple different network infrastructures. The vulnerability in any one device can quickly impact the entire network. A chain is only as strong as its weakest link.

The massive amount of data collected from these devices being transmitted back and forth allows cities to serve their constituents more efficiently. HOWEVER, this massive web of interconnected devices and constant flow of data between them opens countless entry points for cyber attackers who are seeking to compromise the system. Examples include:

·      Booby-trapped ‘phishing’ emails sent to targeted city employees and contractors which give the hackers the logins to essential control systems .

·      Denial-of-service attacks, malware and identity theft and even ransomware attacks which can have devastating impact on essential services.

The conundrum is that smart city systems are interconnected for data sharing for the common good. However cyber vulnerability and issues in a single system can cascade into several other unrelated systems. Cyber awareness is paramount and constant software updates are essential to protect network integrity.

CYBER DEFENSE

To protect both existing systems and also new networks that are being deployed, urban planners must take an integrated approach to cybersecurity incorporating (i) a digital trust platform, (ii) Privacy by design and (iii) continuous monitoring.

A Digital Trust Platform

Smart cities require a holistic approach to their design and transformation, and this includes the development of a digital trust platform to ensure the secure implementation of technology.

Millions of devices and sensors over the network interact with each other 7x24. The authenticity of these devices, the integrity of the data they are sending, and the validity of that information is critical because life impacting decisions are being made based on the analysis of this information.

So as these devices are added to a smart-city network, the appropriate level of digital trust assigned ensures that the correct level of authentication and identification of these devices occurs before these devices provide data to the system.

Privacy by Design

“Privacy by design” is an extension of the trust required between devices. Data privacy principles are integrated at the beginning of the design process to ensure the trust between the resident and the smart cities… and clarify who owns the data about that city resident . 

The IoT sensors and devices such as cameras, microphones on the network are collecting and exchanging an enormous variety and sheer amount of information about the resident including physiological, the mental, economic, cultural, and even location states as he/she moves around in the city .

While citizens benefit from the increase in the efficiencies of services that they will get as a result of more information and better data. However, there is a legitimate question about the privacy implications of this data, the detail of the information collected, and what the data will be used for.

Continuous Monitoring

Cyberattacks can happen any time, despite precautions. So, cities need a cyber-threat intelligence platform to continuously monitor and use advanced technologies, both to react to attacks but also to proactively understand and mitigate evolving risks and threats. Companies such as Microsoft provide products and services, out of the box, which provide a rapid threat detection and response based on insights from security intelligence, machine learning, and behavioral analytics

Cyber-threat intelligence systems evaluate emerging global threats, continually evaluating the audits and logs of the existing systems and devices and utilize predictive analytics to create a pattern and understand if anything is going to be a risk to the systems which that city or organization is managing.

Paramount for cities is the ability to monitor and react to cyber threats in real time rather than trying to clean up and remediate after the attack.

As the world becomes more connected, cyber threats are growing in number and complexity. Security isn’t glamorous, and it can be difficult and expensive to implement. Smart city initiatives are pushing the technological envelope for urban infrastructure management, and it’s clear that cyber security is an ever more important part of the conversation.