Gerry Dunphy, Event Director of IFSEC and FIREX International, explores why the benefits that smart cities are heralded to bring will only be worthwhile if the technology involved can be made as secure as possible.
More than half of the world’s population are urban dwellers. The UN predicts that, by 2050, this will have increased to 68% of 9.9 billion, which means over the next three decades 2.5 billion more people will be living in our cities and putting infrastructure and resources under untold pressure.
The negative impact this could have on residents’ quality of life–their mobility, health and safety–is immense. This has not gone unnoticed; hence we are now witnessing an urban revolution and a Smart City uprising.
A smart city uses technology – devices, sensors, apps and networks, inside and outside the home – connected to the Internet of Things (IoT) to monitor the environment and its inhabitants: the energy they consume, how they move, live and breathe.
As humans, we are already better connected to the IoT than many are aware. In 2019, 79% of the UK population owned smartphones and an increasing number of us have smart devices installed in our homes – video-enabled doorbells, voice-activated speakers and smart energy meters – all monitoring our activity and sending data back to the cloud.
Smart cities also use GPS for transportation management and connected vehicles. This – coupled with the Geographical Information System (GIS) – can help engineers plan cycle, or even walking, routes. Some smart cities, particularly in Asia, are already using robots for surveillance, grocery deliveries and room service in hotels. And many, such as London – are installing 5G cells to take advantage of the network’s ability to connect millions of devices and sensors robustly in the future.
Smart cities are by definition, data driven, but the key to their effectiveness is how that data is used. According to Mckinsey Global Institute, a city’s ‘smartness’ is about “using technology and data purposefully to make better decisions and deliver a better quality of life”.
But before the vast datasets generated through the IoT can be used to support and improve the quality of life for a city’s residents, they need to be analysed. Only then can city officials understand how to manage resources and services more efficiently to create a greener, safer, more pleasant and economically vibrant environment for its habitants; only then will they understand how to improve mobility and reduce commuting times, relieve traffic congestion, reduce pollution and emissions, increase road safety, predict and reduce energy consumption, better manage waste disposal, detect crime patterns, prevent offences and much, much more.
On paper, smart cities sound like a modern-day Utopia. Who could possibly not want a one-way ticket to this ‘green and pleasant land’? The truth is, like anything that involves technology and data, smart cities come with their own set of challenges: security and privacy.
With so much personal and private data at risk of being hacked by cyber-attackers, it’s absolutely critical that data is kept secure and does not get into the hands of criminals. Not only is it a basic human right and a legal nightmare, but it’s also imperative to achieve civilian buy-in and participation. Without that, smart cities simply cannot exist, never mind function: they need their civilians to share data if they are to make smart decisions.
So, what can be done to limit the chance of a security breach? Well, the Department of Culture, Media and Sport (DCMS) produced a Code of Practice for Consumer IoT Security almost two years ago, while more DCMS work has been done since, with regulatory proposals soon set to introduce mandatory cyber security requirements for consumer IoT products. The European Parliament has also supported a voluntary cyber security certification framework, but questions must remain about its future once the UK has left the EU in January 2021.
While anti-virus software and firewalls are not always compatible with the IoT, a biometric authentication process is one option and would certainly limit permissions and access to data. Incorporating a multi-layered protection system on public authority-owned devices used to collect the data would also, at the very least, act as a deterrent. But, essentially, the key is to build in security by design to ensure the network is as robust as possible to withstand any attempted breach or cyber attack in the first place.
The introduction of the Cyber Essentials strategy backed by the UK government is a positive step, as it’s establishing a set of standards and procedures for organisations of all sizes. Further to this, the IASME Governance standard was developed over several years during a government funded project to create a cyber security standard which act as an affordable and achievable alternative to the international standard, ISO27001.
The standard allows small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking proactive steps to properly protect their customers’ information. The IASME Governance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self-assessment or on-site audit. IASME was also selected as the sole partner to the Cyber Essentials scheme earlier this year.
From a security point of view, a smart city is effectively a network of buildings and infrastructure that sits within the public and private sectors, so there needs to be a common approach and set of agreed protocols to make the effective management of cyber security more robust.
Smart cities are a natural evolution of human habitation and the integrated technology available will make them a desirable place to live and work in the future. The issue, however, is that the layering of technology upon technology will create greater risks and increased threats from criminal cyber activities. If this happens, the scenarios of entire cities being compromised, transport disrupted, data breaches and opportunities for terrorism are not to be underestimated.
IFSEC International will co-locate with Intelligent Building Europe from 18-20 May in 2021, a brand-new event, which will showcase the latest in smart building technology.
