As of this point, the vast majority of our experience with the Internet of Things has been on a small scale – accessories and appliances that connect to the Internet to gain some added functionality. This technology can also be applied to a larger, more civic purpose – the development of something called a “smart city.” Unfortunately, this application could prove to be as problematic as the IoT we are more accustomed to.
What a Smart City Should Be
On the surface, a smart city sounds like a great idea. Using technology and heavily leaning on Internet of Things principles, a smart city collects data and leverages it to improve public services, inform the local government’s actions, and generally improve the population’s contentedness. Traffic flows more smoothly, infrastructure is better maintained, and life is good.
At least, in theory.
There is an unfortunate tendency for consumer-focused IoT devices to be vulnerable to attack, a trait shared by the systems that control a smart city.
The Effects of an Attack
To fully grasp the influence that an attack on a smart city could have, it would help to take a closer look at some of the systems that a smart city would have in place. As we’ve established, the motivation behind a smart city is to improve the population’s quality of life, a goal that requires data collection and analysis to be reached.
This data will be collected via sensors that examine a wide variety of factors, like the weather, traffic conditions, and even air quality and radiation. While this data would once be delivered to human decision makers, automated systems would be able to make changes to resolve any issues. For example, if traffic was starting to become congested in a certain area, the surrounding traffic signals could be automatically manipulated to relieve the gridlock.
The trouble starts when these systems don’t have enough security to keep them safe from cyberattack, potentially leaving the city’s infrastructure wide open. In a preliminary study of three companies that could supply the systems that a smart city would be built upon, their products had 17 basic vulnerabilities – and we’re talking very basic vulnerabilities, like easily-guessed passwords, avoidable authentication requirements, and bugs that could let in malware.
Why This is Important
Speaking in a geopolitical sense, enacting a smart city with vulnerabilities like these is like painting a target on one’s back. You only have to look at the fairly recent attacks on both the energy grid and electoral systems of the United States for evidence that infrastructure and civic systems are considered very fair targets. While there are actions in process to shore up these vulnerabilities, opening up metropolitan areas to attack through obvious security flaws would not be a good idea.
Of course, we don’t mean to say that scaling the Internet of Things to a metropolitan scale is inherently not a good idea, either, it’s just there needs to be more security protecting the well-being of the populace that lives there. The same can be said of any business that relies on Internet-connected technology. If the devices and network components that a business uses aren’t patched and secured, that business is vulnerable.
Palindrome Consulting can help. Give us a call at 305-944-7300 to learn about our security solutions and how they can protect your business.