The smart city era has officially arrived.
In 2016 alone, there are more than 20 conferences and expos dedicated to smart cities, and the smart city market is expected to be worth up to $1.5 trillion by 2020. To meet the rising demand, tech companies — both large and small — are making significant investments to capitalize on the growing need for cities to safely make the transition to smart.
Smart cities integrate critical infrastructures like energy, lighting and building controls into a centralized network so these urban centers can run more efficiently. However, as formerly isolated systems join the network, they bring additional risk for unauthorized entry, increasing the number of vulnerabilities. This makes effective cybersecurity essential for every project.
The good news is that security innovators, brilliant companies and government organizations are working tirelessly to keep smart cities safe. We partnered with the Toyota Prius to showcase the leading minds and organizations behind the effort to advance digital security in the world’s most futuristic cities.
Laying Down The Framework
The increased demand for smart city technology is owed, in large part, to an unprecedented growth of urbanization across the globe. It’s estimated that over 54 percent of the world’s population currently live in urban areas, and that by 2030, that number will reach 60 percent. This sharp rise in urban populations has accelerated the need for cities to improve their sustainability and overall quality of life through smart services and infrastructure.
Since most urban areas weren’t built to be cybersecure from the ground up, they must integrate new technology into existing infrastructure systems — like transportation and communications — that weren’t designed to be upgraded.
This is where the National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce, comes in. Widely known as one of the official timekeepers of the United States, NIST also plays a significant role in the development of Internet of Things solutions, which play an important role in the development of smart cities.
“We’re interested in Internet of Things and smart cities [not only] from the perspective of an economic driver and an opportunity for commerce,” said Chris Greer, the director of NIST’s smart grid program, “but also to ensure that residences and communities experience the benefit of advanced technology and improved quality of life.”
NIST has developed two key frameworks to provide the public and private sectors with a “playbook” of leading practices. The Smart Grid Framework and the Cybersecurity Framework introduce robust and up-to-date standards and specifications that allow smart city infrastructures to achieve cybersecure interoperability — the ability for different systems to interact with each other in a safe and reliable manner.
NIST also extends its efforts beyond U.S. borders. The organization routinely collaborates with foreign governments, including those in Europe and Asia, and hosts a Global Cities Team Challenge Expo that showcases new applications geared toward the smart city.
“We’ve had interactions with 28 different governments across the world,” said Matt Barrett, the Cybersecurity Framework program manager at NIST. “We’re all convening around the same set of cybersecurity outcomes. It’s a really exciting promise for collaboration.”
Together, NIST’s Smart Grid and Cybersecurity frameworks represent a crucial first step in establishing cybersecurity as a priority for urban areas.
Dissecting The Goods
While these frameworks are useful in outlining a city’s plan for onboarding smart technologies, guidelines for the actual software and hardware are nonexistent.
“Technology is being acquired and deployed without any security testing,” said Cesar Cerrudo, the CTO of IOActive, a cybersecurity consultant firm. “If you acquire a product that is insecure, you are opening up your city infrastructure to attacks.”
IOActive specializes in identifying exploits at the software and hardware level, tracking down vulnerabilities and patching them up before the technology is rolled out. Among IOActive’s more impressive services is chip security assessment, a simple-sounding test that is anything but simple. The assessment uses a scanning electron microscope and a focused ion beam to analyze integrated circuits and look for hardware vulnerabilities. If it finds anything, those issues are then addressed through proprietary countermeasures.
A CPU die, as seen under IOActive’s powerful microscope.
“When you’re designing a system, software or a product,” Cerrudo said, “the later you start thinking about security, the more expensive and more complicated it becomes to improve, because the vulnerabilities were already a part of the product’s architecture. Companies should start caring about security starting with the design.”
Cerrudo is also the founder of Securing Smart Cities, a nonprofit that works with governments and corporations to educate cities on cybersecurity. The organization regularly publishes research and white papers on emerging threats to cybersecurity and best practices to combat them.
Ensuring Security, Day And Night
Thanks to rapidly changing technology, cities must be proactive to meet the challenge of maintaining cybersecurity. This means actively monitoring both the hardware and the software, testing for possible weaknesses, and providing upgrades that future-proof smart cities against rapidly changing technology.
Complexity poses one of the biggest risks to smart cities, according to Sean Sullivan, a security advisor at F-secure, a Finnish data security company. “Our old systems had physical redundancies that newer, smart digital systems might not have, and so it’s important to entertain theoretical situations that could happen.”
Through its Cyber Security Services division, F-secure provides the public and private sector with cybersecurity tools including penetration testing, which essentially allows cities to uncover vulnerabilities by attempting to break into their own systems. By revealing new ways their systems could be breached, smart cities can learn to thwart potential attacks before they happen.
At the speed data moves, time is of the essence when battling digital intruders. F-secure software assists the firm’s clients in the financial services and telecommunications industries (both of which were outlined in the 2013 presidential directive that gave birth to NIST’s Cybersecurity Framework) by continually scanning for attacks in real time. This allows security professionals to immediately respond to threats as they arise, which is central to preserving the integrity of 24-hour systems, such as those that make smart cities work.
Of course, no system is completely impenetrable, but thanks to the work of organizations like NIST, IOActive and F-secure, smart cities are able to achieve the next best thing, which is security that actually works.
“Anything that is perfectly secure is not usable,” Sullivan said. “We’re always going to try and find the perfect balance.”
Smart Cities are the next big thing, and they’re going to take urban living to the next level. Now that you know the innovators behind keeping Smart Cities safe, consider the all-new Toyota Prius to explore them in confidence.