At this point, the concept of the Internet of Things is a fairly familiar one, but that familiarity is to the Internet of Things on the micro scale--appliances with capabilities enhanced by an available connection to the Internet. There is another, more macro application to the Internet of Things: as a way to collect data in a municipal setting. However, like the IoT we are familiar with, these “smart cities” are host to many familiar problems.
The Concept of a Smart City
Like many technological developments, the idea of a smart city is built on good intentions. Through the use of technology (much of it based in the IoT), a smart city leverages collected data to functionally serve the public, embetter the services of government, and improve the quality of life for its citizenry.
That’s the idea, at least.
Unfortunately, like many of the ‘smart’ devices that the populace can interact with, the systems that these cities leverage tend to be susceptible to attack.
What These Attacks Could Do
In order to understand the potential ramifications of these kinds of attacks, it is important to first have an understanding of the kinds of systems that a smart city is built upon.
The true purpose behind creating a smart city is to make it a better place to live, and to do that, certain systems need to be put in place. These systems are powered by the data they collect. With that data, insights into correlated problems can be leveraged to solve them.
The sensors that these cities use to collect this data monitor a wide variety of factors, ranging from traffic conditions to the weather and even health-related factors like air quality and radiation. The data that is collected is then used, through the power of automation, to decide how to approach infrastructural concerns. For instance, if traffic is moving slowly in an area, these systems would deliver that data to decision-makers, allowing them to make the call to reroute traffic a different way to ease the congestion. This system just makes the decisions, too.
The big problem with this is that now, if these systems don’t have sufficient security measures in place, they leave the city’s infrastructure vulnerable to attack. Unfortunately, in an initial study of three companies who provide these kinds of smart city systems, 17 basic vulnerabilities were present in their products. These vulnerabilities included things like easily guessable passwords, bugs that could allow malware to be introduced, and opportunities for authentication requirements to be side-stepped.
Why This Matters
The harsh reality is that developing smart cities with these kinds of vulnerabilities is the geopolitical equivalent of intentionally wearing a “Kick Me” sign each and every time you went out in public. The United States of America have already learned this the hard way, as electoral systems and the energy grid have been hijacked recently. If appearances aren’t deceiving, actions are being taken to reinforce these vulnerabilities in these IoT devices, but it certainly doesn’t help if careless oversights are being made in the security of major metropolitan areas.
We’re not saying that bringing the Internet of Things to cities is a bad thing, but the security needs to be there. The same goes for businesses. If your business relies on devices that connect to the Internet, like physical security devices, smart appliances, and networking infrastructure, locking down these devices and keeping them patched is critical to keep your operations running without a hitch.
Give Dresner Group a call at (410) 531-6727 to learn about the security options we have to offer you.