The Internet of Things could make our cities more efficient, sustainable, and enjoyable – if we keep the technologies and the data they generate secure.
Our cities have evolved over hundreds or even thousands of years, but the technologies that will shape them in the future have – in comparison – appeared almost overnight. The Internet of Things (IoT) will change the way we live in and move around our urban areas. It will provide the data and insights we need to make our cities ‘smart’.
The Benefits of Smart Cities and Building Automation
In practice, that means deploying devices at scale and automating processes to improve all aspects of city life, from the way we manage our utilities to the monitoring of air pollution. Some initiatives are already helping us understand what might be possible. For example, a program to install smart traffic signals in the US city of Pittsburgh was expanded after initial research found adding sensors to existing equipment reduced the wait times at intersections by more than 40%, which cut emissions by over 20%. Automating temperature, lighting and access control in buildings is transforming people’s experience of their workplaces and minimizing energy use. While having access to real-time information is even enabling us to engage in society in entirely new ways.
Smart roads and bridges, smart energy networks, smart utilities, smart street lighting systems
Energy management systems, building management systems, access management systems, connected lighting systems
Smart retail spaces, smart office spaces
IoT Asset Tracking
Smart stock-to-store asset tracking from warehouse to delivery, high-value asset tracking
Smart cities are the future – and analysts expect spending on these initiatives to almost double over the next few years, to reach $70 billion by 2026. More importantly, connected technologies can help city leaders, infrastructure operators and building owners meet the demands of a growing population and – at the same time – reduce our impact on our environment and improve our quality of life.
So, how do we move from the city of today to the smart city of the future? According to the McKinsey Global Institute (MGI), there are three layers to a smart city. The first is the widespread rollout of the technologies that help gather data, including smartphones and sensors. The second is the applications that turn the data that has been collected into “alerts, insight, and action”. The final layer is the widespread adoption and use of the technology and data by governments, businesses, and the public.
IoT Security for Smart Cities and Building Automation
However, people will only embrace new technologies if they can trust them and the data they generate, and unfortunately, well-meaning citizens are not the only ones that find them interesting. According to the UK’s National Cyber Security Centre (NCSC), a smart city can be an “attractive target for a range of threat actors”. That is because they are home to high-value assets, for example, our energy, water, health, and transport infrastructure, and the many organisations that have sensitive data to protect.
Therefore, it is crucial that every IoT device deployed in a smart city is built with security in mind. One building could contain hundreds, if not thousands, of connected products, so we can only imagine how many devices will be deployed city-wide. Overlooking security in even the simplest of them could expose an entire system to cyberattack. That will put organizations, their finances, people, customers, and their reputations at risk.
As Jan Münther, Head of Digital Product Security at ams OSRAM, explained in series one of our #beyondthenow podcasts: “We have lights in the medical sector, for instance, and in civil infrastructure. We have lighting on airport runways, and in the horticulture industry, or urban digital farming as it’s known. If we have our devices compromised in those settings, they can create very palpable damage. People might get hurt or companies could lose millions of dollars in income. That’s why we have to take security into consideration early in the device lifecycle.”
Our PSA Certified 2022 Security Report presents the results of our survey of more than 1,000 technology decision makers and it shows that IoT security is a top priority for most companies working on smart city solutions. Ninety percent told us it was one of their top three concerns.
It seems that customers are clear about the need to protect their devices from cyberattack too. Almost half of respondents (46%) who work in the smart cities market said security is a priority because their customers demand it. We expect that number to increase. The owners and operators of our critical infrastructure and the organizations that run our public services, for example, cannot afford to take a chance on insecure devices.
That creates opportunities for device makers that do build protection into their products from the ground up. Paul Williamson, VP and GM, Client Business, Arm says: “The breadth of application of IoT security means that it’s going to impact everything from driving your car to getting your groceries, to fundamental services like water and electricity, so getting it right is critically important to all of us.”
Overcoming IoT Security Challenges for Smart Cities
But, one of the challenges many device makers face is implementing security when they do not have access to specialist expertise. In fact, one-third of respondents to our survey said that was what stopped them adding stronger security to their products. To protect a device from cyberattack, security must be embedded into every layer, from the silicon and system software through to the end-product. So where do manufacturers look for help?
Best Practice Guidelines
When we asked decision makers for their insights into IoT security, 96% said they were interested in an industry-led set of security guidelines that could inform their implementation. Two-thirds of respondents to our survey went even further and said a framework would be useful.
Common frameworks help us democratize security – they ensure we are speaking the same security language and enable us to agree on what best practice in IoT security means. The industry can then develop solutions that align to that.
By utilizing components that already have security built-in, device makers can overcome the challenge of scaling their security, which is particularly relevant in smart cities where large numbers of devices are deployed. For those serving smart city markets building with trusted components was the most important factor for implementing security.
So, how do we define trust in this context?
All operations within a device, especially devices being deployed at scale, must take place on components that have a critical baseline of security built in. The key to this is a Root of Trust (RoT). The RoT is built into the silicon and plays a foundational role by completing a set of implicitly trusted functions that the rest of the system can use to ensure security. Device makers can leverage the expertise of the ecosystem by selecting components that have a RoT built in. This simplifies their security journey.
Another important consideration is how to demonstrate to customers that a product has security built in. Independent testing and third-party certification can provide that assurance. External validation is becoming increasingly important. Almost half (45%) of the smart city respondents to our survey said compliance and regulation were key drivers for working towards certification with security labs. This is not surprising. More regulators and authorities are trying to break down the barriers to security so they can protect people from the potentially serious consequences of a cyberattack on their devices. For example, the NCSC published its Connected Places Cyber Security Principles, which provides guidance on how spaces should be designed, owned, and managed. At the time of publication, Dr. Ian Levy, the NCSC’s technical director was quoted as saying: “… I urge every individual and organisation establishing a connected place in the UK to consult our newly published cybersecurity principles. It’s our collective responsibility to ensure that our cities of the future are safe and resilient.”
Third-party certification also makes selecting trusted components more straightforward because it tells device makers what security credentials to look for. Almost all respondents to our survey see the importance of it – 95% said it could be valuable to ensuring a secure IoT.
Our Ecosystem of Partners
PSA Certified partners are helping to build the secure urban environments of the future. Find out about their smart city solutions here.
Our partners at SDT Inc. speak about the importance of trust in a smart city.
All smart buildings need secure foundations, according to our partners at Veridify.
Our partners at Embedded Planet explain why security matters now, and why it will become even more important in the future.
Listen to ams OSRAM as they explore the use cases of smart lighting within the smart city.