A #smartcity uses digital technologies to enhance quality and performance of urban services, to reduce costs and resource consumption, and to ultimately deliver a better standard of life to its citizens. Services, such as intelligent transportation, connected health care, emergency services, waste management and smart grid metering can be connected to drive efficiency and real-time intelligence.
Sound too good to be true? Well, no. Smart cities are a reality with the potential market forecast to be more than $1trillion by 2020.
Whilst an end-to-end smart city hasn’t been built yet, cities such as Glasgow have spent £24m installing technology such as smart streetlights that brighten for pedestrians and cyclists, and traffic-tracking sensors in roads. Bristol is researchinghow big data can be used to solve problems such as air pollution, traffic congestion and assisted living for the elderly. And #Dubai has set its stall out to be one of the smartest cities in the world by 2020 when it hosts the next World Expo. Recently embarking on a large-scale transformation programme to improve the quality of life of its people, #SmartDubai has a mission, which embraces innovation to make Dubai more efficient, seamless, safe & deliver an enriched city experience through smart technology experience. Whilst all three of these cities are pioneers, many others have some degree of smart features too. The momentum is building.
Cyber security in the context of smart cities is a hot topic. It’s the one area that has the potential to see the smart city bubble burst.
Connectivity and data factors bring risks, including breaches of personal information, disruption to critical infrastructure and damaged public trust. While a failure of internal systems is a containable issue, a failure between interconnected sectors in a smart city presents risks on a much larger scale with wide ranging implications.
One of the biggest concerns about smart buildings and smart cities is that the sensors in the equipment can be hacked and false data input – resulting in all sorts of problems, from causing signal failures that shut down underground stations to allowing contaminants into the water supply. Think FitBit hacking on a whole new level.
Unfortunately city officials can’t rely on the vendors to protect them. Cesar Cerrudo, CTO for IOActive Labs, explains that many firms selling smart systems are failing to build in effective security, such as encryption. “If you don’t have a good encryption, anyone can capture the data over the air and compromise security,” he said. For example, he revealed that the 200,000 traffic control sensors installed around the world, from Melbourne to London, were vulnerable to attack from hackers.
Building security into the foundations of the smart city
Smart cities are more than hype. The next few years will see the rapid growth of smart cities, and organisations will benefit from beginning their strategic planning now in order to fully realise the economic, social and environmental benefits securely and safely. Dubai is one of the few cities in the world, which has adopted a unique strategic approach to evolve into a smart city. This aspiration is underpinned by three themes of communication, integration and cooperation. It is this integrated approach that will ensure it becomes a secure and smart city.
The main priorities for implementing a smart city are ensuring an iron clad cyber security strategy and establishing a regulatory framework that all vendors and government departments will buy into. If these are not developed in line with smart city building, the consequences will be damaging.
Critical areas of focus should include:
Take a security centric approach
In order to guarantee service continuity and integrity, the ICT systems that oversee and control a ‘smart city’ need to be designed, from inception, with cyber security, robustness, reliability, privacy, information integrity, and crucially, resilience, in mind.
Establish a Computer Emergency Response Team
Cerrudo calls for every city to have a Computer Emergency Response Team, or CERT – just as many big businesses do – not just for information sharing, but also for cross-function vulnerability assessment and incident response planning.
Protect the data proactively
Take a data-centric approach and secure the data itself, providing a persistent protective vault around every data element, wherever it resides ensuring integrity, privacy, and compliance.
Strong authentication enables organisations to protect public facing assets by ensuring the true identity of a smart device, system or application thereby preventing individuals from accidentally disclosing credentials and from attaching unauthorised devices to the network.