The development of smart cities, where infrastructure and services are interconnected through the Internet of Things (IoT), have promised to dramatically improve safety, quality of life, and economic prosperity for residents and businesses in major urban centers. According to SmartAmerica Challenge, city governments will invest approximately $41 trillion over the next 20 years to upgrade their infrastructure to benefit from IoT advances. However, as IoT technology expands in these major urban centers to connect everything from automobiles, utilities, law enforcement, and other city services, concerns are being raised regarding how smart city developers might secure a robust IoT infrastructure against attack.
Smart city security presents three major concerns: scale, interdependency, and oversight. The average smart city of the future is likely to have millions of devices connected to its network, each one a possible point of entry for hackers, identity thieves, and other bad actors. Since devices in a smart city would depend on one another for effective operation, only one improperly secured device could leave the entire system vulnerable to anything from personal data theft to the disruption of transit networks. It also is likely that the smart cities would have devices designed by multiple players in the private and public sectors, creating a web of connected devices with potentially competing structures. Without a basic cybersecurity standard managed through a single platform, municipal guardianship of personal data across these competing structures would be nearly impossible.
According to the Identity Theft Resource Center (ITRC), the total amount of data breaches in 2018 were down 23% from the previous year. However, the amount of personal identifiable information (PII) that was exposed skyrocketed 126% from 2017. With data security concerns in mind, there are many options for both device manufacturers and city governments to take cybersecurity seriously and protect their smart city futures.
IoT Devices Should be Secure by Design
A good starting place for municipal governments to address smart city security would be to pass laws that clearly define a set of security standards for connected devices. A recent paper by Microsoft outlined seven key properties that a secure device must have:
- Hardware-based root of trust: The device has a unique identity that can’t be separated from the hardware.
- Small, trusted computing base: Private device keys are stored in a hardware-protected vault that is inaccessible to software, and the division of software into self-protecting layers.
- Defense in depth: Multiple layers of protection built into the device so as to mitigate the consequences of any successful attack on one vector.
- Compartmentalization: Hardware-enforced barriers to stop failures from propagating to other components.
- Certificate-based authentication: Certificates, rather than passwords, that are proven by unforgeable cryptographic keys.
- Renewable security: Automatic software updates that create more secure states.
- Failure reporting: A cloud-based reporting system that instantly informs the manufacturer of any failures.
This list is one possible starting point for cities to develop standards for connected devices. By taking the necessary steps to define a device that is secure by design and bar any device that doesn’t meet these standards from connecting to their network, developers can make sure their smart city is protected at all possible entry points.
Use One IoT Management Platform to Provide Effective Oversight
Smart city IoT infrastructure will have to manage millions of connected devices from countless companies to make sure they do not compromise the network. Each of these devices will require a certain level of interoperability with one another to effectively utilize their capabilities. If a future municipal IoT department is to effectively monitor device connectivity, troubleshoot issues, root out attackers, and manage interoperability, it must require all devices to connect through a single IoT management platform.
A single platform can provide a complete picture of an entire smart city IoT deployment. Custom alerts, analytics, and other insights would flow to one place that can organize the data into actionable information. Device provisioning and other management tasks can be handled remotely and instantly by IoT managers. Most important, data breaches and other types of attack from a connected device can be caught and blocked instantly before any information is compromised.
Aeris: Prepared for the Future of Smart City Security
Despite cybersecurity concerns, smart cities still are one of IoT’s most exciting possibilities. Aeris is committed to leadership in smart city security with the Aeris Connectivity Platform (ACP), our connectivity management platform, which provides companies with the tools they need to manage their IoT infrastructure. With real-time reporting of usage and costs, ACP gives you the tools to understand your most critical operational details. Aeris connectivity analytics enable proactive identification of usage issues through a single dashboard for in-depth visibility, thereby allowing any potential cyber-attack to be identified and stopped as soon as possible.
To learn more about how Aeris is working to ensure IoT network security, contact us today.