With more than a third of U.S. households owning smart homes and more than half planning to invest in one in the next year, it’s clear that more and more people are connecting to IoT. With increasing advancements like connected cars, smart buildings and even smart infrastructure, it’s no longer just people that are getting smart, but entire cities.
Already, Brazil unveiled its newest 170-hectare smart city, dubbed Planet Smart City, and Philadelphia announced plans to deploy a suite of smart applications for the public. A Research and Markets report expects the market size of smart cities to explode by 2023 from an already impressive $79.5 billion in 2018 to an astounding $219.58 billion. But with this more than $40 billion expansion — which will comprise burgeoning connected technologies for transportation, energy and public safety — come increased cybersecurity vulnerabilities and a broader landscape for attacks.
The lurking threats in smart city development
To control the thousands of connected devices that will make up the future’s smart cities, every city will need to be equipped with a command-and-control or operational center. The center will connect every device in the city together and give the city’s technologists needed visibility into the endpoints. Technologists will be able to engage with devices, identify devices that are malfunctioning and update devices and security measures.
It’s important that these command-and-control centers have accurate, reliable control of each connected device in the smart city. Even slightly compromised security can open the doorway for malicious intruders and lead to dangerous — or even fatal — consequences.
Consider a scenario in which a cyberattacker gains control of a smart city’s traffic lights: What may seem like an innocuous technology can cause severe damage if manipulated. For example, attackers could abuse traffic lights’ signals to send vehicles, which will likely become autonomous, careening into accidents. A compromised network of smart lights could be extinguished to cause a city-wide blackout, weakening public safety and opening opportunity for crime. These threats may seem premature while we’re still living in a world that’s not completely smart, but they have the potential to become very real if we don’t act now to institute the necessary security protocols. In order to avoid potentially fatal attacks from ruining the utopian ideal of a fully functioning smart city, we will need to find a reliable security approach.
Obstacles to safeguarding the smart city
Constructing a smart city with thousands of connected devices is a massive undertaking — and it’s even more overwhelming to take on reliably securing every device and connection in the network.
Size and tangibility: Smart cities are large. Thousands of connected devices are dispersed across many miles, making it difficult to manage them together. Such a wide geographical dispersion easily exposes these devices to the general population. The devices that govern everyday tools, such as traffic lights and streetlights, are likely to be exposed continuously to the public with few restrictions, making them susceptible to malicious elements.
Moreover, a smart city is not a tangible smart hub that sits in your living room; it is a living and breathing entity that will only expand in geography and complexity over time. Its massive depository of data will compound every day, further complicating the task of securing the smart city and all of its connected components.
Cost: Besides the physical and digital breadth, smart cities also come with massive price tags. Despite the risks of attacks, city planners will likely seek the most cost-effective mechanisms for smart city security. This is understandable, given the already gargantuan expenses needed to build these cities. However, capping costs on security is likely to reduce the hard security controllers for edge devices, which could compromise the city’s greater security.
Maintenance: Even if city planners are able to achieve a comprehensive, ironclad device protection platform that can sufficiently protect the smart city against physical and network attacks, the evolutionary nature of the smart city presents an additional obstacle: How can city planners maintain a high level of security over time?
Planners must ensure that their smart cities can endure secure updates for years into the future; the security architecture must not only protect the cities’ networks and devices from a breach, but also ensure that technologists can maintain visibility of the networks and continuously monitor and manage the cities’ systems. Maintaining these kinds of regular, secure updates is vital for the safety of smart cities and all of their inhabitants.
In most cases today, these updates are performed by a technician, which is expensive and time-consuming. Updates tend to be performed less frequently, and less frequent updates means more risk for downtime scenarios and more opportunities for hackers to compromise the data that edge devices send to the command center. To build smart cities that support their own physical and digital breadth over a wide expanse of time, city planners must invest in a trustworthy management platform with secure update mechanisms that can enable timely remote updates.
A new security approach to protect our smart cities
One out-of-the-box approach to security that promises to solve the challenges of achieving safe smart cities is cloud-to-flash technology. This technology can protect the flash memory of edge devices from any unauthorized manipulation of firmware, boot image or critical code. Even in the case of a physical or network breach, the firmware in the memory cannot be compromised. This strong security is realized by a hardware root-of-trust in the flash memory that makes it impossible for adversaries to access and modify the firmware.
Unlike other approaches, cloud-to-flash technology overcomes the obstacles of size, cost and maintenance to help city planners build cities that are as safe as they are smart.
The cloud-to-flash protection approach is cost-effective because it is hardware-based and built into the existing memory of devices. It doesn’t add additional modules or latency or complicate the software integration or development as the smart city’s systems grow and scale. Most importantly, this hardware does not carry additional costs.
Cloud-to-flash protection also enables technologists to maintain secure updates and trustworthy management of the smart city’s system over time. By creating a secure channel between the cloud and the flash memory in the edge device, cloud-to-flash protection makes it possible to send a secure update all the way from the cloud to the device’s flash memory, regardless of the status of the network, the status of the processor or the version installed in the flash. The secure channel can also be used to send reliable status reports from the flash memory back to the management server to indicate when something looks harmful, when there is a breach, when firmware has been successfully upgraded, if something needs to be quarantined or if an attack has been prevented. The technology provides status on the downtime of devices, the versions and the latest updates. Most importantly, all of the information that is exchanged during maintenance can be trusted because it cannot be manipulated via the software on the processor, even if a hacker compromised it.
Cloud-to-flash protection is quickly becoming recognized by the industry as a holistic approach to protecting future smart cities that can overcome the many security challenges of smart cities and IoT domains.
Efforts to realize the smart city are rapidly advancing, and it won’t be long before these connected environments become the norm. As smart city development continues to grow, IoT domains expand and reservoirs of data compound, we must ensure that we are able to keep pace with reliable security. This will require a security platform that can manage the multiple complexities of smart cities and provide trustworthy management over time.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.