Urbanization is a global phenomenon. The United Nations predicts that by 2050, 68% of the world’s population will reside in urban areas, a vast increase from the 55% that resides in the cities of Mother Earth today. This metro migration is putting pressure on urban planners, managers and political policy makers to optimize the management of their communities and create sustainable economic stability while providing their constituents with an improved quality of life. Smart Cities, made possible by the rapid advancement of connected devices, software systems and information communications technologies are helping them meet this challenge.
The Pursuit of Smart City Technology
Implementing Smart City initiatives, given the novelty of the concept, had been an individual endeavor. Some cities started with just a project or two to test the technology waters while others actively pursued smart city status in a more comprehensive fashion. When the concept of smart cities first emerged, everyone was taking it step-by-step. The technologies were new, the implementations were sometimes challenging to get right, and general acceptance was not entirely promised. Not surprisingly, security in this type of ad-hoc technology adoption was and still is overlooked.
More recently however, the trend toward taking an active and planned approach for Smart City adoption is becoming a more deliberate and strategic way of embracing technology. According to Smart Cities Dive, inclusive planning is a top 2018 smart city trend. “These extensive smart city plans place a renewed focus on inclusivity, particularly as it applies to the installation and distribution of smart projects.” While this is hugely beneficial for citizen equity in the communities served – everyone can equally take advantage of the service provided with no communities overlooked, it’s also great news for the security of the services themselves.
We’ve found that when IoT technology is implemented in a deliberate and well-thought-out manner, security rightfully earns a more prominent role. Security by design is when security becomes a primary design consideration, as equal to any other technology feature being contemplated.
The Cost of Security Failure
While product manufacturers are flooding the market with new ‘smart products’ in a race to be first-to-market, municipalities must take a more cautious approach. The potential security failure of a Smart City initiative could have far greater impact and much more grave consequences. Take for example lights and communications. Many smart cites are using streetlamps as the backbone for city-wide field area networks (FANs). Unsecure devices, gateways and networks are fertile ground for hackers interested in causing city-wide disruption and possible system control. Imagine whole blocks of street lights going dark, potentially causing traffic havoc, compromising neighborhood security, and interrupting mobile communications.
Consider another common Smart City initiative – smart metering. Now picture a metro utility being hacked, causing electrical outages or compromising customer’ personal information or payment data. These are potential large-scale events that affect entire communities, not just individual users. The potential risks and impacts are real. IBM and Poneman Institute research estimates that the average cost of a data breach is $3.86 million dollars. That’s enough to strain any city’s budget.
Where Smart Cities are Turning for Guidance
As urban areas are adopting smart city technologies, organizations have emerged to help them find funding, follow best practices, and standardize their framework for data and technology policies. In 2015, the U.S. Department of Transportation held a Smart City Challenge, awarding $50 million dollars to jump start technology advancements in America’s cities. Today, the Smart Cities Council – the industry’s largest coalition, continues that tradition. They recently opened applications for their “2019 North American Readiness Challenge, an annual program that has so far helped nearly a dozen cities and states advance their smart cities initiatives.”
GlobalSign is actively involved with organizations that move secure IoT deployments forward on a world-wide basis. Organizations like the Industrial Internet Consortium (IIC) are helping establish frameworks across technologies. They work to safely and securely accelerate the Industrial Internet of Things (IIoT) for transformational outcomes. Wi-SUN Alliance, a global industry association devoted to seamless connectivity, is committed to supporting the worldwide development of Wireless Communications Networks for Utilities, Smart Cities and IoT. Similarly, the Arm® Mbed™ Pelion IoT Device Platform provides the operating system, cloud services, tools and developer ecosystem to make the creation and deployment of commercial, standards-based IoT solutions possible at scale.
Additionally, traditional standards organizations are adapting their recommended guidelines to address today’s IoT and Smart City security challenges. The National Institute of Standards and Technology (NIST), a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce publishes a Cybersecurity Framework. “This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk.” Gartner projects that by 2020, 50% of private U.S. businesses, critical infrastructure operators and countries around the globe will use the framework as they develop and deploy technology, including smart cities, smart utilities and IoT.
These groups are instrumental in assisting smart city decision makers in planning for the best, most secure IoT implementation outcomes. We encourage smart cities, smart utilities and municipal IoT markets to establish a common framework for data policies, to consider established standards – including a strong identification, authentication, and encryption security standard, that facilitate integration, and to start with pilot programs that improve adoption success.
GlobalSign’s Role in Smart City Security
Smart city security is a collaborative undertaking involving many partners – sensor and actuator manufacturers, gateway providers, standards boards and even operating system developers specifically focusing on smart city infrastructure. GlobalSign’s IoT Identity Platform is an important part of this vital and connected end-to-end IoT security ecosystem.
Based on proven public key infrastructure (PKI), GlobalSign’s IoT Identity Platformcombines the scalability and power of GlobalSign’s certified Certificate Authority (CA) to securely issue, deploy and manage device identities throughout the entire device identity lifecycle. Before devices communicate with the network, our IoT Identity Platform authenticates the identity of the devices, authorizes the communication and ensures the integrity of the data through encryption to secure the entire ecosystem. It does this thousands of times per second, every second, every hour, every day. Ease of integration through an API enables our customers and partners to make security by design an achievable part of their smart city initiatives.
Inevitably, all municipalities will at some point employ smart city technology to better manage resources and improve the lives of the residents in their communities. But how they manage security will determine the success of their endeavors. Authenticated, authorized and encrypted communication assures success.