Cyber-security and smart cities

An article on IoT security requirements for smart cities

In this article, we look at ‘smart cities’: what they are, the opportunity they represent, and some of the security issues that need to be considered.

What will urban living look like in the future?

This is a question that is on a lot of people’s minds at the moment – most pressingly because of the global pandemic that we are all living through. Another influence is the looming threat of climate change, which is fuelling a realisation that our species needs to find a more sustainable way of living.

Living in lockdown has led many people to value things such as access to outside areas and nature. For those who work in office jobs, many are reconsidering the model that involves commuting into the office on a packed train or congested highway five days a week. In the UK, there has been a huge surge in interest in properties outside of London. Will the long-term effects of Covid include any changes to the way that we conceive of our cities and urban areas? Perhaps urban spaces in the future will be designed more for high quality of life, rather than being geared towards office work and economic activity – more green space, more communal workspaces, less offices and sandwich shops.

In any case, there is a consensus that smart cities represent the future. Across the world, national and regional governments are making cities ‘smarter’, and there are a number of plans for new smart cities to be built from the ground up. The concept of a smart city presents a transformative opportunity to craft ‘better’ cities: more sustainable, efficient and connected, and with a focus on their citizens.

Flying cars, although a staple of futuristic films and books, seem to be less of a priority for today’s planners of tomorrow’s urban landscapes. Crown Prince Mohammed Bin Salman is an outlier on this – flying cars are reportedly an important part of his vision for Neom, a 500 billion dollar planned megacity in Saudi Arabia.

Smart cities – there are no dumb questions

So, what is a ‘smart city’?

In very general terms, a ‘smart city’ is one in which electronic data is used to manage aspects of urban living. It is worth noting that the term ‘smart city’ can refer to urban areas of varying sizes, not just a city – whether that be a town, a region with various small towns, a greater metropolitan area or larger conurbation. At the heart of the smart city lies data collection and processing, which means the internet of things (IoT) and machine learning (ML) or artificial intelligence (AI).

There are two aspects here:

  • Physical infrastructure. Involves adding control systems to infrastructure, e.g. sewage, water, street lighting, apartment blocks, traffic control, etc. to make the city more sustainable, more efficient and less wasteful of resources.

  • Human dimension. Connecting citizens to their urban environment, making collective decisions and empowering them.

How to build a smart city: just add water

The easiest way to end up with a smart city is to start with an existing built up area and add the Internet of Things. This is already happening today. According to research conducted by SmartCitiesWorld together with Philips in which key smart city stakeholders were surveyed, the three best smart cities in the world are Singapore, London and Barcelona.

Making a city smart can start on a small scale: a municipality might decide to install traffic sensors to control traffic lights so that traffic flows more smoothly and congestion is kept to a minimum. Or it might add sensors to its public transport network, the data for which is put into the public domain for app developers and companies to use as they wish.

The diametrically opposed approach (revolutionary rather than evolutionary, if you like) is to build a brand new smart city from the ground up. China is planning a number of these, for example Xiong’an New City – which is touted as being ‘Covid-proof’, which means designed with future lockdowns in mind. Outside of China, a number of new smart cities are being planned in the desert. The state of Qatar is planning to complete a new smart city, named Lusail, on 38 square kilometers of desert just outside the capital Doha. Both Lusail and Saudi Arabia’s planned city ‘NEOM’, have an expected completion date in 2030. Egypt is planning to build a new capital city in the desert. Even Bill Gates, the Microsoft billionaire, is getting in on the action: a smart city named Belmont is planned for the desert 45 miles west of Phoenix, Arizona. This is just a small sample: it seems every country that has the space to build, a need for housing and high-tech ambition has a plan for a smart city.

Every cloud has a silver lining – for hackers

According to a statement released by the firm behind Belmont:

“Belmont will create a forward-thinking community with a communication and infrastructure spine that embraces cutting-edge technology, designed around high-speed digital networks, data centers, new manufacturing technologies and distribution models, autonomous vehicles and autonomous logistics hubs.”

This very neatly highlights the potential attack vectors against the smart city. Once connectivity is at the heart of the city, the whole city becomes vulnerable to cyber-attacks. Indeed, given the complexity of such a system it might seem as though getting hacked is inevitable. It is worth thinking about what ‘getting hacked’ means in this context: what exactly are the security concerns? What needs to be protected, and against whom?

The starting point for security is to imagine some possible attacks. For a smart city, the obvious starting point is the integrity of the control systems governing utilities – known as ‘cyber-physical’ systems. There are many examples where taking control of a physical interface can lead to damage, for example:

  •  turning all traffic lights green;
  • overloading the electricity grid and causing shortages or blackouts;
  • interfering with sewage or wastewater in such a way to result in overflows, contaminating clean water or the environment.

In recent years, we have seen cities becoming a target in ransomware attacks. Smart cities are clearly an even more attractive target, in the sense that disabling the operation of a smart city would cause far more disruption and should lead to higher ransoms. It is thus imperative that the IoT devices that form the basis of smart cities have strong security baked in. This presents challenges when the devices are tiny sensors (for example), with constrained computational and battery power. There is also the issue that some devices are critical to smooth operations and can’t go out of order – does availability take precedence over security?

End-to-end to end security concerns

Cybersecurity is central to successful smart cities, and yet is challenging to implement. The IoT devices themselves are typically constrained (think sensors), but even those devices with some computing power aren’t going to be running antivirus software for example. What is needed is end-to-end security between devices and their control hub. This can be achieved with devices that have strong identities and use cryptography that is correctly configured, implemented and managed. When we are dealing with millions of devices, there is clearly a challenge in provisioning them all – configuring each device individually for example is impractical.

Each device needs to have a strong identity – that is, every device should be able to identify itself in a way that cannot be impersonated. If devices do not have strong identities, it might be possible for a malicious attacker to join the network by impersonating honest devices. For example, by adding their own fake traffic sensors to a residential street, they might be able to convince the traffic control system that the road is busy (when in reality it isn’t), so that traffic is diverted away from the neighbourhood. That is a relatively innocuous example, but the outcomes of less benign scenarios where an attacker adds their own devices to the network could run to financial or even physical damage.

Essentially what this means is that each device should have a strong cryptographic key that is shared between the device and the control hub. This can be achieved by using public keys, which will allow devices to receive communication from any entity that knows the public key. To ensure that public keys are authentic, there would need to be some public key infrastructure – certificates, signed by some authority – that will guarantee the authenticity of a public key. Public key cryptography is more resource intensive than symmetric key cryptography, so for constrained devices symmetric cryptography is preferable. The problem now becomes how to distribute symmetric keys between devices and the control hub, and how to do so in a way that is secure. Especially considering the steps in the supply chain – manufacturers, designers, component suppliers and re-sellers.

Do you still need street smarts when you live in smart streets?

Care also needs to be taken with the data collected about individuals. Privacy of citizens can be compromised if data is not kept confidential. For example, it might be possible to deduce all manner of things about a household from their electricity usage and the data from sensors in and around their apartment building. As citizens, we are presumably happy for that data to be used in aggregate to optimise electricity usage across the city – are we still happy for that data to be used to identify ‘suspicious’ citizens? And whose definition of suspicious are we using? What if the data is used by companies to identify prospective customers for their products? What if the data can be accessed by an abusive partner, or a school bully or a crime syndicate? How do we know what decisions the machine learning algorithm is making, and how can we be sure that those are fair?

One family’s ceiling is another family’s floor

Cybersecurity is only one aspect of security. Cybersecurity concerns the security of data – data about individuals, data collected about the flow of resources, data about the usage of services and data in the form of commands to some device. There are other valid questions that need to be asked, that go beyond a narrow technical sphere. Who is the smart city for: taxpayers, the rich, corporations, local government, central government? Who gets to decide how decisions are made, and who gets to have input on decisions? What is the contract between citizens and their smart city? It seems certain that the ease of mass surveillance is a nice side effect (or perhaps even a key driver) of the Chinese state’s enthusiasm for smart cities.

For oil producing countries in the middle east, smart cities present a form of security against a future where oil is no longer the driver of their economies. This is one way of thinking about security. What about the security of a tribe whose ancestral homeland is being cleared to build a new city? Or the security from physical injury of the workers who build the city? And how do traditional methods of building in the desert compare with high tech solutions?

With one eye to the future

Smart cities are clearly the next phase in urban living. Smart cities that are able to conserve resources and energy more effectively, that are innovative and whose inhabitants’ lives are made easier and more connected to their city. In this article, we have looked at some of the opportunities and security issues inherent in their design.

One important problem when considering smart cities is that infrastructure such as roads, sewage pipes or fresh water will persist for a long time. The core of London’s water infrastructure for example originates with the Victorians. When the Internet of Things is a crucial part of this infrastructure, ensuring that the technology doesn’t become obsolete is a particular challenge. Not only should control systems and IoT devices be robustly designed to withstand wear and tear, they may also need to deal with unforeseen security risks. The next blog post will look at the (post-quantum) future of cryptography on constrained devices, with a follow up to the introduction to post-quantum cryptography.

Additional resources