With the endless advances in technology and the proliferation of the Internet of Things (IoT), we have seen the concept of the “smart city” emerge in urban areas across the globe. Like a smart grid or smart automobile, a smart city implements modern information and communication technologies to improve the quality and performance of municipal services, while also reducing costs for its citizens. The adoption of smart city initiatives is accelerating worldwide, with more than 26 cities expected to become smart by 2025.
To be considered a smart city, according to market research company Frost & Sullivan, a city must adopt five of the following eight parameters: smart energy, smart building, smart mobility, smart health care, smart infrastructure, smart technology, smart governance and smart education. In all, the smart city market is predicted to reach $1.56 trillion in 2020, and the smart energy parameter is leading the way as smart grid deployments continue to roll out on a massive scale.
More than half of the world’s population lives in urban areas—a percentage that the United Nations expects will increase substantially in years to come. This influx of people brings with it an increase in energy consumption, waste and congestion. The goal of smart cities is to improve efficiency and sustainability of urban areas, which will ultimately improve the quality of life. The opportunities are endless: Advanced technology can manage traffic lights and parking meters, facilitate real-time response to emergencies, and improve communications between city officials and citizens.
Recognizing the potential benefits, the Amsterdam Smart City (ASC) initiative began in 2009 as a partnership between companies, governments, knowledge institutions and the citizens of Amsterdam. The initiative was developed with the goal of reducing traffic, saving energy and improving public safety. The city has since implemented systems in most of the smart parameters, including energy and governance. ASC has subsequently partnered with more than 100 organizations that are involved in over 75 projects, with most of the momentum picking up more recently.
This year, Barcelona was named “Global Smart City–2015” by Juniper Research for a number of impressive projects, such as the implementation of sensor technology to improve irrigation systems and an application to manage traffic flows for public bus routes. Using GPS and traffic management software, the city also created a response plan to get emergency vehicles to the scene of an accident faster by turning the appropriate traffic lights green as the responder approaches.
The United States is preparing to make more cities smart as well. In September, the Obama administration introduced its Smart Cities Initiative, announcing plans to invest $160 million in federal research to leverage more than 25 new technologies, including IoT applications, to reduce traffic, fight crime, manage climate change and improve the delivery of services.
But while there are clear advantages, connecting any system, asset or device to the internet introduces inherent risks, including data breaches, disruption of infrastructure and threats to public safety. These risks are further amplified when the connections span an entire city.
Security Risks in Smart Cities
Organizations worldwide are developing ways to facilitate the deployment of smart city technology, and city managers and government officials are either executing such initiatives or at least planning to do so. Unfortunately, with all the interest and buzz surrounding smart city initiatives, cybersecurity is often overlooked in both development and deployment of smart parameters. Integrating digitally connected systems into city infrastructure creates new pathways for adversaries to exploit. In addition to the possibility of intentional breaches, the risk of human error should be a major concern, as public workers are typically inexperienced with the complex technology associated with a smart city. The amount of data collected and shared by the city also raises privacy concerns and calls into question the ethical use of information technology.
In a smart environment, systems and networks are all interconnected so they can work together efficiently and in real time. In Barcelona, the smart infrastructure deployment optimizes connectivity to allow two-way communication between the traffic management software, GPS and the city’s public safety departments to ensure timely rescue and better protect citizens. However, every connection creates a new attack vector for a hacker to infiltrate and take control. What would happen if someone with malicious intent gained access to a city’s GPS? What if a nation-state infiltrated a city’s smart grid and halted the distribution of electricity? Without proper cybersecurity in place, these are very real scenarios that could result in significant damage and even pose a threat to national security.
In addition to threats from outsiders, internal error is possible in a smart city as complex technology is deployed throughout what are traditionally manual services. This kind of high-level technology may prove challenging to an untrained professional, making mistakes more likely. While an internal error historically would be limited and inconsequential, adding interconnectivity across an entire city could magnify even a minor mistake and threaten public safety across entire regions.
Finally, managing a smart city necessitates the integration of sensors, networks and data analytics. These assets collect vast amounts of data in real-time, but what exactly they are collecting, what the city is doing with that data, and whether it can be used against unsuspecting citizens are all questions left up to individual cities to answer. Where a smart city draws the line in terms of safety, privacy and ethics of information sharing is up for debate, but certainly should be of concern to the public, who must demand transparency from local government.
Given the hefty investment from the federal government, the conversion of U.S. municipalities into smart cities is inevitable. Despite the significant threats inherent in any connected metropolis, there are cybersecurity initiatives that already exist to support the safety and security of a smart city.
Overcoming the Obstacles
With the smart city market projected to exceed $1.5 trillion in the next five years, there is clear incentive for IT organizations and manufacturers to rush development and general availability of next-generation IoT devices. As a result, security may be overlooked.
There are also significant challenges involved with educating an entire population on the risks of living and working in a smart city. Many users do not have the time or the interest to learn about their personal devices, let alone those that make up an entire infrastructure. Nonetheless, smart cities must at the very least try to educate their employees, and doing so must be fundamentally important to them. Security should be addressed from the start, and everyone, from those in charge of deploying a smart city to those in charge of monitoring smart meters, should be trained on best practices and situational awareness.
For any city contemplating going “smart,” cybersecurity must be a consideration from as early as the initial planning phase, before a single smart parameter is ever adopted. Without a clear and comprehensive security strategy in place, the city could be left vulnerable to breaches and liable for the cost of recovering from one, even if accidental. To minimize the likelihood of human error, public workers need significant training in how to monitor and manage smart software and assets. Further, developing a response plan is an essential part of establishing the overall cybersecurity strategy. Every public employee and city official involved in operating a smart city should know their role in the event of a cyberbreach, much like they do with physical incidents.
To support safety in smart cities and provide educational resources to city planners and providers, leading security experts have launched Securing Smart Cities, a not-for-profit global initiative that aims to solve the cybersecurity risks inherent in smart cities through collaboration.
“The cybersecurity of a modern, smart city is not something you can solve on your own,” said Cesar Cerrudo, chief technology officer for security consultancy IOActive and board member of Securing Smart Cities. “The concept involves so many different technologies communicating with each other in so many ways that the only way to predict and eliminate all possible security issues is through collaboration between experts around the world. This is what Securing Smart Cities is for.”
With the recent recognition and substantial funding from the Obama administration, smart city deployments will increase tenfold in the United States in the next few years. While there are risks and concerns, there are already a number of collaborative programs and local initiatives to ensure that connecting its urban areas is done safely and securely.
To that end, the National Institute of Standards and Technology (NIST) has launched the Global City Teams Challenge (GCTC) to foster collaboration and the development of standards. The GCTC challenges teams of cities to collaborate and set goals and develop, deploy and evaluate standards-based smart city technologies. IBM will organize GCTC 2016 with 30 cities across the nation, providing technology experts to mentor and educate participants on IoT applications.
Cities like Chicago and Dallas have launched local smart city initiatives, bringing together public and private corporations, stakeholders and academia to support information-sharing and innovation to develop smart city models specifically designed to benefit their city. Universities are also focusing their research on smart city concepts. Boston University researchers, for example, are not only developing new technologies, but also considering economic and public policy implications for the city of Boston.
These initiatives are certainly a step in the right direction and will in fact help to mitigate cybersecurity risks, but local governments still need to be transparent with citizens on the smart technologies that are in place, what information is being collected, and if that information can be held against them. For example, while digital video surveillance systems helped identify the Boston bombing suspects, could data collected by the city actually be admissible in a civil case? Personal privacy will prove to be a major concern as more smart parameters are deployed, and it is the responsibility of the local government to protect not only public safety but also residents’ constitutional rights.
New Technology, New Risks
With the world’s urban population expected to surpass six billion by 2045, city-dwellers will suffer significant pollution and congestion. The costs of energy consumption, climate control and overall infrastructure maintenance will increase.
Many advances in technology will allow cities to deploy smart parameters including energy, health care and governance that can lead to a more efficient and sustainable metropolis. Smart technologies can not only reduce the congestion and pollution resulting from impending overpopulation, but also fight crime and promote economic growth.
As with any new technology, there are concerns and risks associated with its adoption. With organizations rushing to market with smart solutions, there is a lack of adequate concern for security, leaving those who deploy the solutions vulnerable to attack. In addition, there are many opportunities for human error, as public workers are not trained in the complex technologies associated with smart cities. Both scenarios could result in massive financial damages, loss of proprietary information, disruption of critical infrastructure and even physical harm to citizens. Attention must also be paid to the data being collected by the digital systems, and the potential invasion of personal privacy that could result.
While there are many benefits associated with a smart city, the threats must be addressed in order for the benefits to be meaningful. Through education and training, and with the support of nonprofit initiatives and local government, cities can overcome these challenges and reap the benefits of a smart city.
Smart city technology is here, now we have to ensure that we are just as smart as we put it to use.