The security risk within Smart Cities

By Mirko Brandner, Technical Manager, Arxan Technologies.

  • 7 years ago Posted in
Technical innovations and increasing digitisation are a mixed blessing: On the one hand, we benefit from them as they simplify our everyday life and can help us to overcome challenges. On the other hand, they present new difficulties and problems. The concept of the smart city, which has been under development around the world for some years now, is a perfect example of this.

 

Whether it’s growing traffic volumes, environmental pollution, dissipation of energy, or growing mountains of waste – the smart city of the future has the answer for a number of problems faced by our cities. The answer being, the internet of things, i.e. millions of connected, digitised and sensor equipped devices and infrastructures. From connected automobiles within a car sharing service, smart traffic light circuits and energy-efficient street lighting, to sensor equipped garbage cans or irrigation systems in parks – everything is possible.

 

But environmental compatibility, comfort, and resource efficiency do not come without their challenges. Not only is it difficult to cater for the immense amount of data and rapid analysis that comes with smart cities, but even more concerning is the susceptibility of smart cities to cyber-attacks. Something all security experts agree on is that the smart city of the future is insecure.

 

Manipulated Traffic Lights

 

One of the greatest weaknesses of IoT is the utilisation of insecure devices that lack sufficient security testing, allowing the devices to be hacked and fake data to be fed to them. The reason this happens is because during the development of IoT devices and applications, functionality and customer orientation still have the highest priority for the vendors. Even in times of increased connectedness, aspects regarding security and data protection are still neglected – be it for cost reasons, time pressure or limited processing performance.

 

What this means for smart cities and connected infrastructures, was demonstrated by security expert Cesar Cerrudo some time ago. On numerous trips through big American cities such as New York, Los Angeles or San Francisco, he demonstrated how thousands of traffic control sensors were vulnerable to attack. Cerrudo showed how information coming from these sensors could be intercepted from 1,500 feet away — or even by drone — made possible due to one company failing to encrypt its traffic data. This enables hackers and cybercriminals to manipulate traffic data, permitting them to cause faulty traffic light circuits, traffic jams, large-scale obstruction traffic or even dramatic accidents.

 

 

 

Minimising IoT Security Risks and Vulnerabilities

 

In the case of cyber-attacks on smart cities, millions of devices are potentially threatened by manipulations or malware infections. Therefore, a well thought out security strategy is indispensable. This starts with identifying and then prioritising the critical infrastructure. Only those who can identify and clear away vulnerabilities, security flaws, malicious environments, outdated operating systems, etc. in time, are able to prevent serious failures and manipulations.

 

The best possible protection against hacking attacks is a security solution that is embedded within the IoT application itself. Instead of constructing a fence around the device and its software, applications need to be hardened with effective protection solutions such as obfuscation or Whitebox cryptography as well as with advanced RASP (Runtime Application Self-Protection) technologies. Being protected in such a manner, the applications are able to protect themselves against all kinds of attacks with individually defined activities e.g. informing the provider of the IoT device that the software has been modified. Thanks to these application hardening technologies the application?s sensitive binary code – its crown jewels so to speak – is proactively protected.

 

Smart cities offer great opportunities, especially for rapidly growing cities which have to deal with population growth and increasing traffic loads. Nonetheless, in terms of IoT innovations security, data protection and privacy have to be top priority if they should be profitable in the long run. An important factor here is education. The issue of security must be top priority in all companies and organisations. Suppliers and vendors of IoT devices and technologies need to be better skilled and should dedicate time to discussing risks and informing their customers about possible threats.

 

 

By John Kreyling, Managing Director, Centiel UK.
By David de Santiago, Group AI & Digital Services Director at OCS.
By Krishna Sai, Senior VP of Technology and Engineering.
By Danny Lopez, CEO of Glasswall.
By Oz Olivo, VP, Product Management at Inrupt.
By Jason Beckett, Head of Technical Sales, Hitachi Vantara.