1 year ago


smart cities RISK AND

smart cities RISK AND REWARD IN THE BIG CITY BACK IN THE 1960S, DISNEYLAND HAD A RIDE CALLED 'UTOPIA'. IT WAS A GLIMPSE INTO THE FUTURE OF HUMAN CITIES AND GAVE US A TASTE OF WHAT SMART CITIES COULD BE. ALASTAIR HARTRUP, GLOBAL CEO, NETWORK CRITICAL, TAKES UP THE STORY Of course, everything on the Disneyland ride Utopia, from its stoplight-less streets and smooth traffic control, was pre-programmed. It was just a theme park ride, after all. However, this shows that humanity has had the idea of a smart city on its mind for a long time. This idea is something we are only recently able to make into reality. Just like the ride, smart cities help to create a 'utopia' where life is streamlined and less frustrating. Unfortunately, as with most good things, there are plenty of problems that could ruin the dream for millions and these are caused by the threat of cyber-attacks. 2018 is now well underway, but already many are expecting it to be the year of smart cities. Back in 2016, global city population was at an all-time high and commute congestion was as bad as it had ever been. However, with the introduction of Internet of Things (IoT) devices, within both the city and vehicles themselves, we have begun to slowly make driving in the city a much easier experience, just like the way Utopia made it feel all those years ago. These devices provide everything from navigational advice and real-time traffic alerts to alternative route suggestions, based on prevailing traffic conditions. We can rideshare, bike share and plan public transportation routes, and pay tolls with smartphones. Internet connectivity via personal devices is only the first step in a new wave of intelligent urban transportation technology. Centralised urban technology hubs and associated apps are being developed to provide a wide range of services. One example is the introduction of card scanners on public transport, simplifying travel payment and removing the issue of not having exact change for the fare. Centralising and synchronising traffic signals helps to smooth traffic flow, provide quicker response times for emergency vehicles and keep buses on schedule. Parking sensors have even been installed that will alert smartphone users to open parking spaces. To have IoT devices work to maintain a 18 computing security March/April 2018 @CSMagAndAwards

smart cities smart city, it needs to collect and analyse personal data from the users, so that it can tell what works and what does not. To be as effective as possible, they need to collect data from users about their movements, peak traffic times, transportation mode preferences, streetlight data, traffic camera data, payment options and more. All this information then needs to be stored somewhere, whether this is a Cloud server or under the control of a municipal IT department. Doing this is a necessity, but the centralisation of information and control of an entire municipal transportation system is putting a lot of eggs in a single basket. As we've seen, though, putting so much precious data in one location is an invitation for trouble. 2017 saw a rise in cyber-attacks that purposely target private data, whether to use as ransom or to release online and cause chaos. Uber and Forever 21 were just two of the many companies to suffer massive data breaches in 2017 and, in recognition of the very real risks to people's personal information, 2018 sees the introduction of the GDPR [in May], a new regulation that will force companies to take more responsibility for the protection of customer data [see page 24]. If enterprises want to continue the upkeep of smart cities, then the basket that holds all this information must be designed for maximum security, controlled access and limited information portability. According to Von Welch, director of the Center for Applied Cyber Security Research at Indiana University: "We have a lot of companies making new devices for the urban Internet of Things that have not made computers or written software before." This is a critical warning to intelligent urban traffic planners. Get the IT security team involved early. There is great technology available to help protect and defend large centralised networks. Robust security requires many specialised appliances, so an intelligent connectivity solution should also be part of the initial plan. Alastair Hartrup, global CEO, Network Critical. Without properly planned network protection and rapid attack remediation, the commerce, movement and safety of entire cities could be vulnerable to a malicious breach. Traffic signals could be manipulated; electronic road signs could be hacked to provide misinformation; emergency responders could be blocked from trouble spots; funds could be stolen; or bank accounts compromised. We've seen this already: in 2014, security researchers at the University of Michigan were able to hack traffic lights of nearly 100 intersections that they found to have no security controls at all. This hack was just an experiment to point out the flaws; imagine if it was performed by someone with malicious intent. This is all scary stuff, but not impossible to manage. If proper network visibility, threat landscape reduction, data loss protection, data backup and employee training are planned and implemented early on, then Utopia may, in fact, be possible, without opening the door to a municipal apocalypse. @CSMagAndAwards March/April 2018 computing security 19