Smart cities are on the rise, bringing promises of improved efficiency, sustainability, and a better life for residents. Pressing issues like climate change are pushing us to adopt a more intelligent approach to urban living.
For example, Copenhagen wants to become the world's first carbon-neutral capital by 2025. The city employs IoT smart meters to monitor energy usage – the data can be used to develop more energy-efficient building techniques, promoting sustainability.
The vision of technologically enhanced smart cities is exciting – but we shouldn’t forget it all begins with the underlying infrastructure. Any stakeholders aiming to be part of this transformation must recognize that smart cities must rely on a solid foundation.
Telecommunication companies – along with other infrastructure stakeholders – will play an important role in establishing a framework that ensures the secure implementation of innovative technologies in smart cities. So, let's explore the key considerations we need to keep in mind as we embark on this journey.
A transition that demands a “secure by design’’ approach
In the past, telcos often operated within their own closed systems and ecosystems, where they had full control over the equipment – from cables to switches to interconnections and everything in between.
However, the shift to enterprise IT architecture means that telcos must now rely on shared infrastructure, often collaborating with other vendors. This shared infrastructure can pose security risks, as vulnerabilities in one component can potentially impact the entire system.
To address this challenge, telcos need to establish robust risk management strategies. They must work closely with their partners to ensure security measures are in place throughout the shared infrastructure.
Modern smart city architecture will rely on cloud computing, edge computing, and virtualization and containerization technologies. While these technologies offer improved scalability and flexibility, they also introduce new security threats that will demand adequate security measures at each layer of the architecture.
Testing and hardening should be given top priority right from the design phase. This includes conducting security assurance/verification tests to uncover weaknesses and ensuring the infrastructure can handle heavy loads. Implementing robust security measures such as strong defaults, regular updates, and access controls is essential. Plus, regular audits and collaboration with security experts will be crucial for continuous security.
Overall, it’s important to incorporate security measures at the very foundation of the smart city design phase. By adopting a "secure by design" approach, we can lay a solid foundation for a secure and resilient smart city ecosystem. This means following industry best practices, guidance from relevant security bodies, and international standards.
Securing supply chains and devices
With the increasing complexity and interconnectedness of smart city infrastructures, it’s essential to assess and mitigate potential risks associated with the origin and integrity of components used in network equipment and devices.
One significant concern is the dependence on components manufactured in China or Russia. Certain products may contain software or hardware components with vulnerabilities or potential backdoors. To address this, companies will need to carefully select suppliers and evaluate their manufacturing processes and security practices.
How do we approach it at LMT? Before integrating any device into our infrastructure, we start by requesting a demo unit. Our security and cybersecurity experts disassemble and examine it to make sure it meets our standards. Software components undergo a similar process. When it comes to security, there's no room for shortcuts.
One of the most important aspects of developing secure smart cities is taking into account both physical and cybersecurity measures. Companies must recognize that physical devices, such as cameras, sensors, and access control systems, are small computers with vulnerabilities – and often placed in poorly controlled physical environments. These devices are interconnected within the broader network infrastructure, creating potential entry points for cyber threats.
Through comprehensive risk assessments, careful supplier selection, component analysis, and collaboration with regulatory bodies, companies can mitigate potential security risks and safeguard the integrity of smart city infrastructures.
Purpose-driven IoT devices
IoT devices serve as the backbone of smart city infrastructure – enabling the collection and transmission of data for various applications. To ensure the security and efficiency of smart cities, telecommunication companies must prioritize purpose-driven design principles for IoT devices.
Rather than creating devices with a broad range of capabilities, the focus should be on specific use cases, which would allow for streamlined operations, reduced costs, and enhanced security. Each device should be designed to perform its intended function without any extraneous features that may potentially introduce vulnerabilities.
For example, in Liepāja, Latvia, LMT recently introduced a smart red light enforcement system. By design, it’s limited to its core function of regulating traffic flow and ensuring pedestrian safety. It can only access specific servers – thus minimizing the number of potential entry points for cyber threats and unauthorized access.
Another crucial factor to consider is the lifecycle of devices. Consider a sensor embedded in an asphalt road to track vehicle traffic. What if you find a vulnerability and need to access it for software updates? Will you wait for the asphalt to wear out in about ten years or go through the costly process of demolishing the road to remove it? This highlights the need to focus on purpose-driven IoT devices – that allows simplifying hardware setups, maintenance, and updates – resulting in lower operational expenses for both companies and smart cities as a whole.
A balancing act between innovation and security
As the concept of smart cities continues to evolve, the promise of cutting-edge solutions can be enticing. However – as telecommunication operators engaged in the current developments can confirm – success will involve a delicate balancing act between innovation and security. Building smart cities will require an equal emphasis on advancing technology and safeguarding residents' privacy and safety.
