Smart Cities Security and Uptime Through Secure Access

March 25, 2019
While IoT technology is the core of Smart City evolution, it also remains its greatest security threat

The Greek philosopher Socrates once wrote: “By far the greatest and most admirable form of wisdom is that needed to plan and beautify cities and human communities.” In Plato’s “Republic,” there is mention of Socrates’ task of creating the perfect city, one through which citizens could live in peace and prosperity. Although this was written over 2,000 years ago, the vision of a perfect city is just as relevant today as it was then. How amazed would these ancient leaders be if they could see the advent of the technology-driven smart city?

What is a Smart City?

Development of the smart city has tremendously progressed over the past decade. According to a May 2018 projection from the United Nations on world population, 68 percent of the world’s population will live in urban areas by 2050.[1] Combined with use-case growth spurred by citizen and business requirements, technology will be a force multiplier of momentum for the future.

Simply defined, a smart city uses information and communication technologies to improve upon common operational services used by citizens and businesses for energy and water supply, safety management, transportation and more. Smart cities are all about providing smart services to its citizens, which can save time and improve quality-of-life. The secondary smart city goal is creating a feedback loop through which citizens can voice feedback to city leaders as of how they want their city to evolve. Both these goals can best be turned into a reality with the use of technology.

Smart City Technology

The Internet of Things (IoT) is the core technology powering smart city innovation. IoT solutions are composed of connected structures using internet-enabled sensors to collect system and security data. Each structure is correlated using a centralized management platform, and through data analytics and deep learning, it produces an actionable system and security alerts that improve the efficiency of operational services.

Studies show that IoT-enabled smart cities bring the benefits of enhanced time management, rapid crisis response time, reduced traffic congestion and improvements for general city administrative duties. For example, studies show connected health services save citizens 10 hours per week, mobile productivity applications simplify common administrative tasks saving 21 hours per week and mobile public safety applications save 35 hours per year by helping law enforcement address incidents in an expedient manner. Once perfected, the IoT-enabled smart city could eradicate numerous issues including vehicle accidents and crime while delivering on the promise of a prosperous quality of life.

Smart city technology exists in a wide array of solutions, each with the ambition of supporting the goal of developing an urban ecosystem that supports the needs of its citizens. City leaders work towards developing comprehensive smart city infrastructure incrementally and add smart city solutions that support specific municipal services. A majority of smart IoT technologies are improvements to devices that have been used for many years:

  •  Smart water and energy meters
  • Intelligent parking sensors
  • HVAC systems
  • Smart street and traffic lights
  • GPS sensor garbage vehicles

Smart City Security Concerns

Security experts worldwide agree about the introduction of vulnerabilities and data theft brought by IoT devices. Any single unknown or unsecured IoT device represents a potential entry-point for network attack and could pose life-and-death risks. Millions of smart city IoT devices installed in key areas substantially widen the attack surface area for hackers to exploit. Consequences could be severe if bad actors shut down a city’s power grid or water supply. Also, many IoT platform vendors enable customers to build IoT applications. Unfortunately, these platforms often lack insight into the device-side environment and leave the responsibility of providing security measures to customers. Furthermore, vendors are promoting identity and access-management for device authentication that isn’t suitable for internet facing IoT devices. Lastly, incompatibilities and poor developer communication between IoT software and hardware vendors may create new vulnerabilities.

Leading up to the SamSam ransomware attack in March 2018 that took down the city of Atlanta’s computer network, the city expended significant resources to support its effort of making it a smart city. SamSam cleanup cost taxpayers upwards of $17 million according to a report by the Atlanta Journal-Constitution and marked it as one of the costliest attacks this year.[2]. This incident hampered several municipal services including public water utility, online bill-pay programs and public safety.

As the idea of smart cities and IoT is accepted, device technology matures and data traversal through expansive networks of interconnected devices grows evident, the potential for smart city outages will also grow accordingly, along with the associated costs, data loss and citizen dissatisfaction.

Mission-critical IoT applications should have high levels of security before they are adopted on a large scale. Applying appropriate network access control measures will ensure the privacy of proprietary information of citizens, governments, research partners, universities and digital infrastructure. IoT devices need strong authentication and integrity that assure city leaders that devices connected are authentic and their critical functionality is not tampered or altered. Cities will have to develop cybersecurity expertise and stay abreast a volatile threat environment. Proper incident response policies and remediation processes should also be adopted, enacted and practiced.

Smart City and IoT Security Through Secure Access

As far as smart city IoT security is concerned, efforts should be focused on maximizing smart city service uptime through real-time maintenance and support. The needs, concerns and safety of citizens, and the delivery of basic water, power utilities and efficient traffic maintenance are a sample of municipal services potentially at risk. A service interruption for any length of time could lead to public unrest and possibly result in death.

Essential elements of smart city security are summarized below.

Device Discovery and Enforcement

Complete knowledge of all connected devices is critical to IoT security. Without complete visibility, security of the network is limited.  “This is a critical area,” says Ruggero Contu, research director at Gartner Inc. “One key concern for enterprises is to gain full visibility of smart connected devices. This is a requirement to do with both operational and security aspects.”[3]

Until now, however, security has not been the primary driver of discovery. For some organizations, “this discovery and identification are about asset management and less about security,” says Robert Westervelt, research director of the Data Security Practice at International Data Corp. (IDC). “This is the area that network access control and orchestration vendors are positioning their products to address, with the added component of secure connectivity and monitoring for signs of potential threats.”

Companies should take a thorough inventory of everything on the IoT network and search for forgotten devices that may contain backdoors or open ports. A Network Access Control (NAC) product can then be used to apply granular policies for reporting and enforcement based on device role, location and application.

Secure Remote Access

Uptime is the goal when defining the security of smart cities. Electricity should always be on, water to homes and businesses should flow continuously, and traffic lights should route traffic efficiently. IoT devices that support city infrastructure requires private contractor access more than ever. Secure and real-time access through VPN technology to problematic devices is required to ensure uptime integrity and to reduce outage probability. In the case of malware outbreaks and ransomware attacks, invoking incident response procedures quickly may save lives.

Analytics to Understand IoT Device Behaviors

Benchmarking IoT device behaviors help in the building of security policy and determining suspect malicious activity and filtering false-positives. For example, a security analytics platform will gather data on common usage for smart water meters, allowing customers to build a behavior profile outlining nominal network traffic behavior. Smart devices exhibiting behaviors outside the normal area generates alerts and are flagged for analysis.  The practice of data aggregation and analytics from a centralized management platform or SIEM serves well for enterprise companies with potentially millions of IoT devices to monitor.

Centralized Management

Optimizing the task of managing the security of potentially millions of discovered IoT devices is best accomplished through a single management platform in an IT operations center. Aggregation of device logging, centralized policy management, automated device remediation, and single-pane monitoring simplifies the administrative overhead of discovery, enforcement and secure access of IoT devices while improving time to remediation and business recovery scenarios.

Conclusion

Smart and connected devices can be applied in a variety of scenarios throughout any city. IoT technologies and architecture play a significant role in smart cities. Use of big data and analytics streamline municipal management processes and improve the overall quality of life for citizens.

For smart cities to continue their growth through IoT, better and smarter network access control systems should be implemented to track and manage IoT infrastructure and secure data and resources from cyber threats. Socrates himself would likely agree that through modern IoT technology, his endeavor of building the perfect city would have a higher probability of success.

About the author: James Tolosa is the senior product marketing manager at Pulse Secure, the leading provider of secure access solutions. He has over a decade of experience as a marketer and as an IT and security engineer at both startups and global giants.

References 

[1] “68% of the world population projected to live in urban areas by 2050, says UN,” United Nations, May 18, 2018, https://www.un.org/development/desa/en/news/population/2018-revision-of-world-urbanization-prospects.html

[2] Stephen Deere “Confidential report: Atlanta’s cyber attack could cost taxpayers $17 million,” Atlanta Journal-Constitution, August 1, 2018, https://www.ajc.com/news/confidential-report-atlanta-cyber-attack-could-hit-million/GAljmndAF3EQdVWlMcXS0K/

[3] Bob Violino, “A Corporate Guide to Addressing IoT Security Concerns,” Networkworld, April 23, 2018, https://www.networkworld.com/article/3269165/internet-of-things/a-corporate-guide-to-addressing-iot-security-concerns.html