The Future of Smart Cities
On Tuesday, November 7th, I had the pleasure of being a panellist at an industry summit, organised by GSMA & Hong Kong Applied Science and Technology Research Institute, at the Photonics Centre in Hong Kong. The focus of the summit was the development of Smart Cities in the Internet of Things Era. The event was attended by representatives from a varied selection of companies, all of whom were excited about the prospects that smart city infrastructure could have in Hong Kong, and indeed the world. Also speaking at the event was my colleague Scott Likens, who touched on the role of Artificial Intelligence in making cities “Smart” in a very engaging presentation.
Many in the audience had concerns about cyber security and privacy, which was the topic of my panel moderated by Dr Andrew Wat, Director of Security and Data Sciences at ASTRI. The constant stream of reported cyber attacks in the media and the 21 October 2016 Internet-of-Things (IoT) DDoS attacks, made possible by large numbers of unsecured IoT devices such as home routers and surveillance cameras, were likely still fresh in the minds of many.
Building a Smart City at the expense of privacy?
I made the observation that enjoying the many benefits and conveniences offered by an increasingly Smart City would be at the expense of privacy, as our physical and online activities became tracked, logged and monetised. Looking towards China where Fintech adoption is advanced, Wechat and Alipay which are the leading mobile/online payment systems have already launched their own credit scoring system. Both leverage the wealth of data they hold on individuals who use their platform to shop, make payments, pay utility bills, settle traffic fines, etc., as they go about their daily lives. It is envisioned that by 2020, China will establish a social credit rating system that may influence people’s access and priority to goods and services and even jobs.
Another illustration of how data gathered has been employed in an impactful way is the use of targeted ads during the 2016 US presidential elections to influence voters. Furthermore, study by researchers from the Paul G. Allen School of Computer Science & Engineering, University of Washington on advertising intelligence (ADINT) have showed how location-based advertising and knowledge of a person’s phone identifier may be used to track his/her physical location and movements. There is no telling how such data may be used or exploited, and to what detriment to the persons being tracked.
Will innovation outpace Cybersecurity?
As smart cities develop and deploy millions if not billions of IoT devices to connect up all sorts of devices in homes, buildings and cities to enable monitoring and control, secure design, deployment and maintenance of these devices must necessarily become a priority. It took the software industry some years to adopt security by design principles and embed secure development practice. While we hope that the IoT sector will evolve more quickly in adoption of good security practices, many of these IoT devices will be delivered as part of infrastructure and engineering projects where engineering focus, costs and other considerations may take precedence over security requirements. At homes, pricing and focus on other functional features may also lead consumers to make less ideal choices.
What does the future hold for Smart Cities?
With more personal information being collected and shared in the connected world of Smart Cities, and added risks arising from IoT devices, we will likely see the ever more new kinds of cyber threats and attacks taking place that we have not encountered or envisioned before. While data theft and denial of service attacks are commonplace today, new motivations for data integrity attacks could also emerge in future, which may have far more wide ranging impact than what we are seeing today.
To forge a more secure cyber world in the future of Smart Cities, governments, industries, research institutes and academia have to work closely together to formulate effective cyber security laws and regulations, establish consistent standards for network and security products, and direct investments to develop cyber security awareness and talent.
Finally I shared a positive prediction for Cyber Security professionals, some of whom were in the audience, that such professionals will be in high demand and can look forward to a challenging career in a dynamic environment that will continue to evolve exponentially. That brought back smiles on many faces in the room.
So ....how will cybersecurity fare as cities race to become smart and smarter ... thoughts?
Hi Ramesh, very interesting article, would love to see the slides or the video :) Let me share an example on an attack we didn't see till today but is more than probable in the near future. Let's assume apartments are all smart and allow device control, such as climate control, over, etc. Try to imagine a discovery of a vulnerability that allows threat agents to gain access to that these control. At this point the threat agents can contact ... the electricity company, demand a ransom, or else they will create surges of demands that will render the electricity grid in an unbalanced state. To prevent such an event the electricity company will need to spend more money on generating (or delivery of) energy, which means it will be cheaper to pay the cyber criminals. People forget: being smart does not mean you are wise. There is no correlation between the two. We need both - smart technology deployed wisely, to allow anti-fragility and robustness.
HSSE Practitioner
7 年I’m very cautious on being completely linked to the internet – do I want a refrigerator that takes a photograph of its shelves then emails that to me at the office so that I know what food to buy on the way home – NO – the refrigerator could be hacked and become the portal to all other electronic goods in my home. I have enough concerns around the new printer I bought that sends a continual page count to the manufacturer/supplier to charge me for the ink usage DOES THAT MEAN THE MANUFACTURER/SUPPLIER COULD/CAN SEE/READ THE DOCUMENTS I PRINT?? Also, you noted in your post “It is envisioned that by 2020, China will establish a social credit rating system that may influence people’s access and priority to goods and services and even jobs.” This rating could/would be used to RESTRICT people’s access to goods, services and jobs!!!
STEM is all about management training
7 年Google map has been capturing traffic data for a long time. You don't need IoT. It is HK GOVERNMENT not doing anything. It may be too late to talk about privacy.
Head of Financial Crime Execution - Institutional Operations
7 年Ramesh Moosa Nice summary of thoughts Very well articulated the challenge that one will face on balancing convenience and facilities on one hand and Privacy on the other. Some quick thoughts : Will depend upon the structure of Government and governance mechanism over internet and participants operating over it. (There has been some voices to day one has to have some rules over Internet ) Trust of the people in Government acting on the greater good of the society Robustness and speed of justice Ability to have governance and strong controls into what goes into making of the smart cities Just as for every cyber solution, speed of detection and ability to manage consequences with least damage and ability to bring remediate (current identity theft remediation leaves much to be desired )
Driving positive climate impacts of consumers & SMEs by partnering with banks and businesses. Passionate to foster financial innovations | Low Carbon Economy | Good Fintech | Himalaya Hiker| Diver
7 年A great pleasure organised this event and have you there Ramesh!