In-brief: as the vision of smart cities becomes reality, so does the next generation of cyber-physical security threats. What can be done to ensure the security of smart, connected cities, and the citizens who work and live there? Ashley Stevenson of ForgeRock weighs in.
The smart city is no longer a far-off, futuristic idea; it is a very real initiative that governments all over the world are embracing.
The U.S. is particularly forward about its support of smart city initiatives. In September 2015, the White House updated its Strategy for American Innovation (PDF) by supplementing existing plans with a commitment of $160 million in federal funds for smart cities projects. Additionally, the president’s 2016 budget specifically calls for the allocation of $30 million to support the smart city vision.
However, as the Internet of Things (IoT) spurs the growth of smart cities, it also elevates the need to identify and address the accompanying security concerns. Since the initial wave of IoT implementations began rolling out a few years ago, the focus has been on connectivity—giving intelligent, ‘disconnected’ objects such as traffic signals, street lamps and other sensors the ability to communicate in new ways. But for all the potential these new connected ‘things’ offer, security risks are often overlooked. Today, as the maturity and stability of IoT communications increases, we are gaining a better understanding of the security threats and vulnerabilities that come along with a world of interconnected things.
Here are some things to consider:
The sheer volume of IoT devices provides a large attack surface for malicious operators. When considered on a citywide scale, where thousands of devices are communicating with both operators and each other simultaneously, the security implications are significant.
Smart cities present the ideal target for hackers to create bot-net style networks of compromised devices, and use them to perform tasks other than those for which they were originally designed, including disruption of critical public services. For example, imagine a city with earthquake sensors that communicate with interconnected gas and electric utility controls. During a serious event, the earthquake sensors could instantly send messages to shut down utilities in the affected area, preventing further destruction and potentially saving many lives.
[You might also want to read: HBR: Security, Privacy will maker or break IoT companies.]
However, these same technologies could also cause serious disruption if a malicious actor was able to replace an authentic sensor with a compromised device, or gain unauthorized remote access in order to send a false signal that could trigger a widespread utility outage without necessity. A coordinated attack on any set of connected devices in a smart city could easily have an economic impact, and—more importantly—prove to be a significant threat to citizen health and safety.
The Role of Digital Identity
A first step to preventing attacks of this nature in distributed environments like “smart cities” is to establish effective online trust for all connected devices and people in any given system. This is achieved through a comprehensive approach to digital identity and access management. If you’re not certain enough that the thing on the other end of an online transaction is what it claims to be, you’ve already lost.
There are four high level processes that fall under the “digital identity” moniker. The first is to establish an Identity by converting select bits of information about a person or thing into a digital record. The next step is to bind a portion of those identity bits to some sort of token that others can trust, also known as a credential. In the third step, authentication happens when a credential is used during a transaction to prove identity. Finally, authorization occurs when successful authentication is combined with additional pieces of information required to approve a given transaction, such as sending a command from one device to another.
Connected devices require all of the same identity processes as connected people, with just a few tweaks. Continuing the earthquake sensor theme, if a bad actor replaces an authentic sensor with a rogue device, any data from that device would not be trusted because the device would not contain a valid identity credential, and therefore would not be trusted by the utility sensors, preventing unauthorized commands triggering a utility outage. Further, a hacker would have a much more difficult time breaking in to perform any remote commands on connected devices if the interface is protected using strong authentication.
Effective risk management
Even with the best security measures in place, it is unrealistic to expect any network to be entirely free from malicious behavior. With so many attack vectors and threats in the wild, eventually some attack will be successful. As such, effective risk management is a key component in evaluating and responding to threats in any smart city. Controls and recovery plans should also be put in place to not only reduce the risk window, but to also actively respond once any issue is discovered.
Public infrastructure will always be a highly attractive target for criminals and terrorists. As such, it is fundamentally important that the steps taken to secure smart cities will scale effectively. Any smart city security program needs to be regularly reviewed, to ensure new innovations are incorporated, and compliance is always met.
This approach, when teamed with robust identity management technologies and a sound knowledge of threat vectors, are critical to securing the ever-growing smart city.
Ashley Stevenson is Identity Technology Director at the firm ForgeRock.