Increasingly interconnected and interesting times

Connectivity is at the core of smart cities – and that is connecting IoT devices in a way that their inputs and outputs can be used to their maximum potential, writes Philip Ingram MBE.

When we look at IoT devices, it is easy to think of smart kettles, smart speakers and TVs you can talk to. And, it seems their proliferation is getting faster, with a predicted 14.4 billion devices according to ‘IoT-analytics.com,’ rising to 27 billion devices by 2025. Just about every home gadget has a connected version, but from a security perspective, there is a simple question everyone should ask – why? What does something need to be connected? From a security perspective, for the bad actor, the IoT is an Internet of Opportunities or Internet of Threats.

The same logic applies in a corporate setting and therefore in smart cities. Smart technologies are being deployed across the globe in many cities, aiming to improve operations, surveillance, efficiencies – but, also to gather data through surveillance. That data is used to keep the cities more secure and to gain a better understanding of the communities around the cities so services can be optimised. Smart cities are effectively a connected place. That corporate, private network separation has effectively disappeared with increased home working and processing on mobile devices.

The UK’s National Cyber Security Centre (NCSC) discusses what they call ‘connected places’ and how to secure them; this would include or be a component of smart cities. As always, one of the problems in the security world is terminology. Alexandra Weller from Vaylia sums this up beautifully when she says: “Too many security professionals end up using risk and threat (and occasionally, vulnerability too) interchangeably. The place to start is by understanding the proper definitions of the terms we use.”

The NCSC outlines what its understanding of a ‘connected place’ is and says that the “fundamental aim of a connected place is to enhance the quality of living for citizens through collaborative, interactive and connected technology.”

It continues: “A connected place can be described as a community that integrates information and communication technologies and IoT devices to collect and analyse data to deliver new services to the built environment and enhance the quality of living for citizens. A connected place will use a system of sensors, networks, and applications to collect data to improve its operation, including its transportation, buildings, utilities, environment, infrastructure and public services.”

Trend Micro identified one of the greater threats when connecting IoT devices, including those in smart places/cities into any network: ‘Device mismanagement and misconfiguration. Security oversights, poor password hygiene and overall device mismanagement can assist in the success of these threats. Users may also simply lack the knowledge and the capability to implement proper security measures, wherein service providers and manufacturers may need to help their customers achieve better protection.’

Things to consider

Many concerns are being addressed through legislation in the UK by a new “Product Security and Telecommunications Infrastructure Bill” that has been debated for the final time in The House of Lords, before going back to Parliament to be voted on and then passed into law.

The Bill will look at two real areas: IoT devices and the telecoms infrastructure enabling many of the devices to communicate. Given the increased propensity for home working as an integral part of most corporate and organisations’ working practices post-pandemic, the need to ensure our home IoT and networks are as secure as possible has grown.

This is where the NCSC advice is key, keeping working environments at home and in offices safe. They have 14 principals that highlight key considerations that are needed to keep in mind to ensure your connected place is designed, built, and operated in a secure manner. Details can be found on the NCSC website with additional guidance for specific areas such as supply chains and working into physical security structures. The principals are:

–              Understanding your connected place and the potential impacts

–              Understanding the risks to your connected place

–              Understanding cyber security governance and skills

–              Understanding your suppliers’ role within your connected place

–              Understanding legal and regulatory requirements

–              Designing your connected place architecture

–              Designing your connected place to reduce exposure

–              Designing your connected place to protect its data

–              Designing your connected place to be resilient and scalable

–              Designing your connected place monitoring

–              Managing your connected place’s privileges

–              Managing your connected place’s supply chain

–              Managing your connected place throughout its life cycle

–              Managing incidents and planning your response and recovery

These are great, but the UK isn’t the only country leading a greater awareness of safe cities and the impact of IoT devices. The Economist paper, “Safe Cities: Future Proofing for Tomorrow and Beyond,” 2021 edition, brings out some interesting observations around safe cities’ cybersecurity and useability.

It says: “establishing effective cyber-security involves a delicate balance between protecting data and networks and maintaining usability for people who may not have a technical background. Usability can be a particular concern for the elderly and people with disabilities. In Denmark, local organisations have offered training services so people could learn to access services without having to visit government offices during the [COVID-19] pandemic.”

The data generated by safe cities sensors is seen as important. The Economist report goes on to explain that “Data is a key to addressing global challenges such as climate change. For example, by using technology to measure the use of electricity, heat and water in government buildings, Copenhagen can better understand usage patterns, reduce consumption and increase efficiency. To do this, the data must drive what Esteban Léon of UN-Habitat calls, “evidence-based decisions” at the political level.”

Esteban Léon went on to say: “Complex urban systems are interconnected and require a multi-hazard, multi-sectoral and multi-stakeholder approach.” However, one thing is sure, the complexities around safe cities, their use of IoT and the integration of domestic IoT, with the personal space and professional space becoming much more of a blended environment, are just going to keep increasing. This is where the free resources of the likes of the UK’s NCSC are invaluable, as we live in increasingly interesting, interconnected times.

This article was originally published in the November edition of International Security Journal. To read your FREE digital edition, click here.