Smart Cities, Part II: Why all Concepts will Fail without Indestructible Security Measures

The sustainable development of urban areas requires new, efficient, and user-friendly technologies and services, in particular in the areas of energy, transport and ICT. New IoT technologies have the power to be applied to seemingly unlimited devices and appliances and to truly meet the demands of a growing urban population competing for limited city resources. In fact, IoT will play a huge role in transforming the way people experience urban living, at their homes, at the office and everywhere in between. It will be interesting to see how this technology will provide sustainable answers to pressing urban issues.

 

Transforming cities into a broad, never-ending stream

n the city of Paris, France, the average resident spends an estimated four years of their life looking for parking. New applications that allow citizens to log into the city app to find parking or even reserve and pay for that spot in advance, as well as reports on traffic management, are a key to easing traffic congestion in a smart city. So a vision is slowly come into existence – in France and worldwide. Another example: In the EU ten million super-smart street lamps are planned to be installed as soon as possible, which should not only save electricity, but also serve as a data collector: Which temperature is at the application place? How dirty is the air? How many cars drive past? And who are the people who pass by here? Are they following their usual rut, or are they particularly frantic, are they nervous?

 

 

But with the increasing degree of networking also increases the dependence and vulnerability of technologies. For future concepts it is therefore indispensable to protect critical infrastructure against potential attackers and disorders. Because what happens if unauthorized people gain control over a smart street lamp or an autonomous vehicles in a city and sabotage it? The consequences can range from simple data breaches up to life-threatening situations.

 

Would it be possible to gain remote control access to a whole city infratructure?

The Prime Tower in Zurich is one of the most expensive construction projects in Switzerland and has become a landmark of the city. The tower is a so-called smart building, means a comprehensively networked and intelligent building. But recently the tower is cause for concerns as it is possible for theoretically everybody to open a web application on the Internet, which is serving as an administration tool for the whole parking deck of the Prime Tower. Thanks to the application it is easy to determine precisely when and for how long a parking lot is or was used – retrospectively for several months. The German website Golem.de examined the parking data of several months and revealed that can be determined quite accurately by data from the past, when a parking lot will be empty and when it probably will be occupied again – Big Data on a small scale.

The web application is primarily designed for internal networks. It allows the entire control of the parking decks, for example also of barriers, parking lights or parking reservations. There is also an event log, where one can initiate certain actions, such as blocking the ticket button. These functions are visible but require a login. But it is no secret at all, that these login data could be determined through so-called brute force attacks, with simple sequential attempts. It could also be possible to use default passwords of the manufacturer to take control. A more aggressive approach would be the excessive demands of the relevant services, as means by DoS or DDoS attacks. At worst, the entire parking garage would be inoperable. Recently, the web application has no longer a public IP address. So the external access to the web application is now blocked – fortunately! Also the developers of IoT infrastructures like Kontron already work on adequate solution which should offer maximum safety and connectivity so there is great hope that such situation can be avoided in the future.

 

Reasoned skepticism must be taken seriously

When it comes to IoT security the big question is, which organization controls the center where all the strands of information run together. Is it the city management or the IT companies which make the intelligent city possible in the first place? Despite all the Smart City hype, there is a reasoned skepticism especially in Europe about US manufacturers and the lax privacy rules in the US. For this reason, the security of data and privacy in a smart city should not be underestimated. The participation of citizens cannot be forced by pressing a button – and without them the concept of Smart Cities would most likely fail.

Thank you!

Your comment was submitted.

An error occured on subscribing!:
{{cCtrl.addCommentSubscribeErrorMsg}}

{{comment.name}}
{{comment.date.format('MMMM DD, YYYY')}}

{{comment.comment}}

There are no comments yet.

Stay connected