Make Smart Cities Secure: Policy solutions needed to deal with growing cybersecurity concerns

By - World Infrastructure Journal

Make Smart Cities Secure: Policy solutions needed to deal with growing cybersecurity concerns

Smart cities are an attractive option to local councils aiming to improve sustainability and economic growth. But this increased data sharing raises significant security risks. While there are a number of singular programmes to combat this, as smart technologies continue to become increasingly common there is a need for a more robust and policy-driven approach to data management.

In a post-pandemic Britain that is simultaneously aiming to begin the process of ‘levelling up,’ and lowering emissions in accordance with the Net-Zero 2050 initiative, the benefits of smart cities are arguably clearer than ever. 'Smart cities' are urban areas which create a framework of data collection to enhance operational efficiency and inrease sustainability, in practical terms this could mean something like monitoring traffic to inform air quality measures or using data to streamline waste collection. The implementation of smart technologies in urban centres and the surrounding regions can save on energy costs and usage in various ways, while also enabling local governments to be more responsive to future public health threats and create opportunities for innovation in British industry.

However, as a recent release from the National Cyber Security Centre (NCSC) has outlined, there are major security risks that come with such projects – particularly to local councils looking to contract overseas firms that may look to “[prey] on organisations which don’t have the expertise that GCHQ has. ” The real danger with creating smart cities goes far beyond who is given the contracts. There are risks inherent to the creation of any smart city that have “largely been ignored or underestimated by commercial and governmental interests,” such as the use of insecure legacy systems (many smart technologies rely on infrastructure using software that may be twenty to thirty years old) or lax cybersecurity testing, according to security experts Rob Kitchin and Martin Dodge.

Recent Concerns 

Recently, reports have surfaced that Dorset’s Local Enterprise Partnership, supported by the Bournemouth, Christchurch and Poole Council, has backed out of a contract with Alibaba to create a proposed smart place data platform (or a ‘city brain’) that would use machine learning and artificial intelligence to assist in minimizing energy usage and providing data for urban planners. This follows other cities such as Milton Keynes, who cancelled a contract with Huawei in 2020 and are currently still removing the Chinese telecom company’s hardware. Bournemouth’s move would seem to indicate the danger with creating a smart city is primarily with contracting overseas providers whose state governments may “access and exfiltrate data from UK-connected places, in support of those countries' security and intelligence services. ”  

However, simply switching to Nokia or Ericsson may not mitigate all the risks posed by the creation of more smart cities. It may assuage against common fears of a cyber attack from countries such as China, but as GCHQ Director Jeremy Fleming has warned “if we don't control the technology, if we don't understand the security required to implement those [services] effectively, then we'll end up with an environment or technology ecosystem where the data is not only used to navigate, but it could be used to track us. ” 

Fundamental Risks 

Smart cities are essentially systems of information that interact with one another by tracking and sending information back and forth to various do things ranging from optimising pedestrian crossings to enabling local authorities to respond swiftly to public health emergencies. However, by forming interdependent networks of information, the network only becomes as strong as the security of the weakest link in the system. This problem is further exacerbated by the fact that many of these smart city projects include connective features that encourage users to share information over telecommunications technologies such as NFC or 4G LTE - both of which have known security issues that allow for data to be intercepted by third parties. Even more concerning, the chances of ‘normal accidents’ (i.e. unforeseen bugs and human programming error) exponentially increase the more complex a network becomes.

These are all issues that can be dealt with, but only through smart and well-informed governance that holds both vendors and local councils to stringent security standards. These standards could and should include the codification and mandating of strategies ranging from simply demanding more secure access controls (i.e. passwords and identifiers) to necessitating built in redundancies to ensure bugs or failures in primary deliveries do not threaten the function of the network. In particular, a security-by-design approach is necessary to anticipate and adjust for the multitude of potential issues that come with dealing with large and complex systems with many interdependencies. Mandating such an approach to design may result in slightly slower rollout and uptake of smart city technologies. The need to build security measures into the systems, as opposed to attempting to layer them over existing systems after initial development,) and rigorously test those measures will inevitably slow the pace of production. However it is also the only sure way to avoid the “moment of reckoning” that Jeremy Fleming has warned of.

Being user-driven 

There are currently a number of smart city projects throughout the UK, including the Manchester Triangulum project (which though currently focused on the Oxford Road corridor could, if scaled city wide, reduce CO2 emissions by 57,000t) and Future City Glasgow (which has begun trialling efficiency solutions such as intelligent street lighting throughout the city), that are already providing tangible benefits to their communities. As such it would be a step backwards to “throw the baby out with the bathwater” as Paul Wilson, Chief Business Officer at the Connected Places Catapult, put it in an interview with the Financial Times. However, a sensible policy-driven approach (as opposed to one that favours technical and for-profit tactics) is absolutely necessary should Britain hope to enjoy the benefits of a more interconnected, environmentally aware, and data-driven city without fear of cyber attack.

The “smartness in cities comes from people understanding what’s important to them and what problems they are experiencing,” said John Harlow, a smart city research specialist at the Emerson College Engagement Lab. Given that cyber security is an issue of increasing concern for people across Britain, it is crucial that steps are taken to ensure these problems are addressed to feel the true benefit of future smart cities.

 #WIJDigital #EliotGillings #WIJenergy #wijnews #wijdigital #WIJInsight