The most visibly useful application for the Internet of Things (IoT), Industry 4.0, software defined networking and advanced analytics will be in the establishment and running of smart cities.
The idea of city infrastructures and processes working together to make cities a safer and more convenient place to live has long been a dream but that dream is now rapidly becoming a reality, writes Simeon Tassev, MD and QSA at Galix.
This means it’s time to start thinking about and planning the security aspects of smart cities, to ensure that the reality is a safe environment in which citizens and officials can connect with the services and systems around them, securely and efficiently.
Smart city initiatives will result in the ability to remotely monitor, manage and control devices, and to create new insights and actionable information from large streams of real-time data. This will have the effect of transforming cities by improving infrastructure, enabling more efficient and cost effective municipal services, enhancing public transportation, reducing traffic congestion, and ensuring citizens are safer and more engaged in their community.

Any connection is a vulnerability
With smart cities, the aim is to use technology to enable, provide and enhance various functions within a city. This is done by embedding data collection and connectivity devices into the infrastructure of the environments in which we live. It will make it possible to develop data-driven systems for transport, waste management, law enforcement, and energy use to make them more efficient and improve service delivery.
Citizens will interact with and obtain information from these smart city systems using their smartphones, watches or other wearable technology and the machines within the system will be able to communicate with each other as well.
So, for example, rubbish collection trucks will be alerted to the location of refuse that needs collection, and sensors in traffic lights will be able to detect heavier than usual traffic, and adjust their timing accordingly to ease the congestion.
Given the possibilities for smart city technologies to have a positive impact, it is a step toward transformation that needs to be encouraged.
However, we must not be so hasty in our embracing of this new technology lest we forget about the importance of security and the very real risks associated with creating smart cities. Not just physical security within the city, it’s important to consider and plan for IT security as well. With the Internet of Things, any device or machine that connects to the Internet is a possible vulnerability for security breach.
With smart cities, there will be various systems that are controlled and governed by the municipality and the risk comes in because such a smart city will have a multitude of entry points. This means that the different levels of security and control should be in place first, in order for the infrastructure to be secure.
Obviously, this is a lot more complex than controlling a defined perimeter with a single entry point and on the other side of the smart city equation is the citizen. The smart city functionality involves enabling citizens to connect with and use services around them, thus their security needs to be factored in accordingly. Where free public WiFi is available, the safety thereof is in question.
The moment we start talking about technology and enabling connections, security needs to be a priority. It’s not a case of making something like free public WiFi available, and then worrying about security later – it is essential for security controls to be in place, from the beginning.
Not only from a pure security point of view, but from a user credibility perspective as well given that there’s the human aspect of the smart city, which requires that people feel comfortable using that connectivity or technology.
Just as important is security to control that infrastructure, especially when that infrastructure becomes part of a network of critical resources like energy, traffic lights, street lights, video recordings. If criminals can hack into those systems, there is a lot of damage they can do – tampering with video recordings is an obvious danger, but they can also sabotage electricity, water, traffic lights, and can generally cause chaos within the city ecosystem.

Personal information safety
When it comes to building smart cities, planners need to take a serious view of security when designing these systems rather than focusing purely on connectivity. For the provision of services like Wi-Fi, it needs to be borne in mind that personal information on a public network is usually not protected.
While it’s possible for the service provider to put up a disclosure to disclaim liability for security of data, the reality is that there will always be users that will provide their personal data. As a result, there is always the possibility of compromise. This means that it is the service provider’s responsibility (whether it’s local government or a third-party provider) to ensure that the user is aware of the risks of connecting to a public network and understands the technology they are using.
If the service provider is not taking responsibility for data and providing security of data, that needs to be clearly stated upfront rather than after an incident, given the potential harm to citizens.
While the potential benefits of smart cities are undeniable, the challenge is to roll out smart city solutions that will allow us to gain the benefits of their deployment, while upholding infrastructure and system security and minimising the opportunity for any malicious or harmful effects. Bearing in mind that there are so many different stakeholders at play within a smart city this is no easy task.
However, so long as security (from an infrastructure and user perspective) is considered seriously upfront, it will be easier to work toward that dream of a smart, interconnected city in which a citizen can live safely and conveniently.