Today cities are growing bigger and faster than ever before. This results in various negative aspects for the citizens such as increased traffic, pollution, crime and cost of living, just to name a few. Governments and city administrations and authorities are in need to find solutions in order to alleviate these drawbacks. Over the past years one solution arose and has grown continuously was the concept of the smart city.
The concept of smart cities is based on the application of connected systems to manage a city efficiently. There are various aspects in which smart cities emphasize such as transport control, energy and water transport or public health and safety management. The broad distribution of Internet of Things (IoT) technologies favors the development of smart cities. IoT devices are considered the backbone of a smart city as they function as sensors and can be applied in many environments.
In some environments today’s cities are already really smart. For example, many large cities are using a traffic and transport control system, which can control the flow of traffic and make it more efficient, reducing or even avoiding congestion and increase traffic flow. Smart cities are becoming reality. But as the smart city technologies touching more and more aspects of the citizens everyday life, these technologies drawing increased attention from cyber attackers. Since many of the smart city technologies control safety-critical systems like the already mentioned traffic and transport control system, those systems are worthwhile and, because of the security concerns about the underlying IoT technology, often weak targets.
Issues, Threads and Challenges
Security of Hardware
The IoT sensors are probably the biggest issue in smart cities. These devices are often not updated frequently or not updated at all and are not or only badly tested. Unfortunately, these devices are out in the wild, they are literally everywhere in a smart city. Even worse, to fulfill their purpose they may need to send and receive data over wireless communication channels such as WIFI or cellular networks, which means they are easily accessible on the network layer, and often are interconnected and part of a larger network. The lack of standardization makes it easy for attackers to hack such IoT devices and to feed fake data into the system, causing errors, failures and shutdowns.
Smartphones used by the citizens to access services of a smart city are also considered a security issue. Although these devices are generally better tested and updated, there are many legacy models which lack security updates and thus are easy to attack.
Security of Communication
The data generated by the citizens is a valuable good, which an attacker might be interested in. A security issue in the communication between a citizen’s client and a smart city service could lead to data theft of the citizens data. There are various technical issues an attacker could exploit to breach the security of the communication channel, such as incompatible file formats, weak or faulty encryption protocols and irregularities in response capacity.
Networks used by IoT devices likely come from many different vendors and manufacturers. The interoperability of different groups of devices can also cause security issues. An additional issue arises from the interconnected nature of the devices in a smart city: if only a single device gets corrupted, it can threaten the entire network.
Large Attack Surface
The number of entry points into the smart cities systems is enormous. A variety of sensors, IoT devices and smartphones are interconnected to large and complex networks to get access to or provide various services. Each of these devices could have vulnerabilities and thus get attacked and finally hacked. Because of the interconnected nature of these devices, a single compromised device constitutes a threat for the entire network and system it is connected with.
There are multiple approaches an attacker could use to compromise such devices. Security protocols encrypting the data send and received by the device over wireless communication channels may be unsafe. The device hardware components could have bugs and be exploitable. The firmware could be attackable because it lacks updates or is badly configurated.
A myriad of devices in a smart city are sending and receiving data. In most cases, this data is transmitted over wireless communication channels. The most common wireless communication channels for sure are WIFI and cellular networks. Although the data stream generated by a single device may be small, the sheer number of devices continuously generating data at the same time accumulate to a massive amount of data which needs to be transmitted over the wireless communication channels. The bandwidth of these communication channels however is limited. Especially when many devices use the same communication channel, data rates decreasing and the protocol overhead is increasing, making these transmissions more and more inefficient. Also, the extensive usage of wireless communication channels can affect other wireless channels on a different spectrum, causing interferences with other services such as radio or television.
Another issue arises if a great number of devices communicates with one single server or system. Again, because of the sheer number of these devices present in smart cities, the accumulated data can overload the system and lead to service failures.
The citizens of a smart city interact with the services of the city mainly via their smartphone. Applications installed on these smartphones represent the interface between the citizens and the services of the smart city. Developers can create apps, which access the services of the smart city in order to achieve added value for the citizens. It is easy to provide apps via virtual stores, and a hacker could exploit this functionality. Malicious apps, developed by hackers, could be used to violate the privacy of the citizens or could contain security holes like backdoors. The more apps the citizens install on their smartphones, the more likely some of the apps contain malicious code.
On the other hand, it does not need a hacker to create an app with security issues. Also, apps from serious developers sometimes contain security problems, which are then vulnerable to attacks.
There are plenty of possible technical and organizational solutions to solve the issues and challenges mentioned above and to secure a smart city. The solutions listed here may be incomplete, but nevertheless they are very important ones that should be implemented as a foundation of a smart city.
Smart city solutions such as IoT devices, sensors, smartphones as well as data centers should implement basic security mechanisms:
- Strong cryptography: Data should be encrypted using up to date encryption protocols and standards. This concerns all communication channels (wired and wireless) and all data at rest and in transit.
- Authentication: A username and password should be required to use the functionality of any system. Mechanisms like certification or biometric authentication can also be used to increase security.
- Authorization: Permission-based usage of functionality.
- Automatic updates: Software as well as firmware should be updated frequently and automatically in a secure manner.
- Auditing, alerting and logging: Mechanisms to audit and log any security relevant event. The logs should be saved so that they cannot be manipulated.
- Anti-tampering: Systems should implement mechanisms to prevent tampering with their data by unauthorized access.
- No build-in accounts: Systems should not have backdoor, undocumented or hardcoded accounts. Such build-in accounts constitute severe security issues if known to malicious persons.
- Non-basic functionality disabled: Only functionality really needed for the systems purpose should be enabled. All other functionality should be disabled.
- Fail safe: The system should remain secure in case of a malfunction or crash.
- Secure by default: Secure default configurations in each system.
Systems and solutions used in smart cities must be properly tested before they get implemented. This includes auditing the solutions for security vulnerabilities, weak security protection and compliance with basic security requirements. Beside the compliance with basic security requirements mentioned before, the solutions should pass some advanced security checks. Penetration tests ensure security of the solutions by revealing attack vectors. Hardening verifies that systems are properly separated and run in isolated spaces. Certification should be used to evaluate solutions and to support decision-making.
During operation the solutions implemented in smart cities must be supported, tracked and monitored. There are several requirements to ensure security during operation:
- Monitoring: Systems need to be monitored in order to get information about events which could threaten the correct operation of services such as system stability, suspicious activities, abnormal behavior or bad performance.
- Patching: Systems should be updated continuously via well tested patches. Updating the firmware of IoT devices can be difficult due to bad or no standardization. The update procedures of the systems themselves must be secure.
- Assessments and auditing: Testing systems to verify they comply with security standards and policies. After deploying a patch to a system, it needs to be tested again.
- Protection of logging environments: Logs are crucial to identify service-threatening events. They must be stored and transmitted in a secure manner, so that it is impossible to manipulate their information.
- Access control: Every access to a system of a smart city must be monitored and include information about identification, time and access type.
- Cyber-threat intelligence: To identify and react quickly to new threats and attacks, responsible organizations can use cyber-threat intelligence. Since many attacks use the same or similar vulnerabilities, they can be prevented before they occur in a system of a smart city.
- Compromise reaction and recovery: Well defined procedures in case a system of a smart city gets compromised. If such an event happens, for example, certificates and keys must be declared invalid. In the aftermath organizations must retrace the incident and draw conclusions out of it, so that this incident may not happen again under similar circumstances.
Governance and Management
Smart cities depend on data directly or indirectly generated by their citizens. The more data a smart city can use, the better the quality of services it can deliver to its citizens. Thus, it is important that the citizens trust their governance. If they lose their trust, they will stop using services of the smart city, generating less data and weakening the quality of the services for the remaining users.
To date, there exist no documented universal governance and management structures for smart cities considering privacy of their citizens. Instead, cities build and use their own structures, with no coordination. With respect to the potential risks, a strategic and coordinated approach to form universal governance and management structures is needed to build up and maintain trust from the citizens in their smart city.
A potential governance and management structure could consist of three parts : advisory boards, transparent data policies and emergency response teams. Advisory boards assess in which ways the smart city authorities generate, store and use data. They also account issues like confidentiality, anonymity, deletion or sharing and publishing as open data. Transparent data policies define and publish how authorities handle the data they gather and use, e.g. what personal data is hold, why and how it was collected and in what way it is used. Finally, the emergency response teams are groups of the privacy and security department or IT services, that react upon security incidents within the smart city systems. Their purpose is to reduce the impact of incidents and to get the systems up and running again in case of hacks or system failures.
Smart cities touch many fields of their citizens everyday life. There are two major points from which issues can arise and thus need special handling: smart city services control a lot of safety-critical infrastructure and they generate and use an enormous amount of personal data of their citizens. This results in several issues on different levels. To maintain the citizens trust and thus to keep the smart city well working it is necessary to solve the issues such cities encounter. Like the issues, the solutions must be implemented on different levels, too. In fact, the issues smart cities face and their appropriate solutions are very similar to the ones companies may be confronted with.
- Mohamad Amin Hasbini, Martin Tom-Petersen: The Smart Cities Internet of Access Control, opportunities and cybersecurity challenges. https://securingsmartcities.org/wp-content/uploads/2017/09/SSC-IAC.pdf (28.06.2018)
- Cesar Cerrudo, Mohamad Amin Hasbini, Brian Russell: Cyber Security Guidelines for Smart City Technology Adoption. https://securingsmartcities.org/wp-content/uploads/2016/03/Guidlines_for_Safe_Smart_Cities-1.pdf (28.06.2018)
- Mohamad Amin Hasbini, Cesar Cerrudo, David Jordan: The Smart City Department Cyber Security role and implications. https://securingsmartcities.org/wp-content/uploads/2016/03/SCD-guidlines.pdf (28.06.2018)
- Ernst & Young LLP: Cyber Security; A necessary pillar of Smart Cities. https://www.ey.com/Publication/vwLUAssets/ey-cyber-security-a-necessary-pillar-of-smart-cities/%24FILE/ey-cyber-security-a-necessary-pillar-of-smart-cities.pdf (29.06.2018)