Smart cities are the future-but what is the best approach?
Forbes notes the definition of a smart city to be ‘an urban area in which technology and sensors are used to collect data for resource management’ which may not sound that exciting to the public. However, they also note ‘what many people may not realize is just how big an impact combined smart city technologies could have on the ways we live and work in the coming years’.
This month the Hyundai Motor Group presented a ‘human centred future city vision that is well connected by mobility solutions while coexisting harmoniously with nature’. President and Chief Innovation Officer, Youngcho Chi further elaborated by saying ‘The HMG Smart City master model is our vision for a human-centered city that will revitalize urban communities. In the future smart cities, our ambition is for humankind to live with nature while embracing technology.’
The vision from HMG is bold. The city will be divided into two layers, the upper layer is where people live and interact, with an underground layer utilised only by goods and services autonomous mobility. The buildings will be divided into three sections based on population density – high, medium, and low with lower density areas being adjacent to parks and natural spaces to preserve the view of them from all corners of the city. The focus on sustainability and carbon neutrality is centre to this vision, with large natural areas being preserved in the centre of a hexagonal-shaped city map, with forests, parks, and a reservoir to provide water, and hydrogen power powering the city through smart grid pipelines through hydrogen fuel cell generators.
Analysing the risks
This ambitious vision sounds more in line with Forbes analysis of future smart cities ability to ‘reduce costs, enhance safety, better protect the environment and improve our quality of life’. And perhaps this is the key point. Whilst smart cities have potential to improve the lives of millions of people, this does not come without the inherent risks associated with increased connectivity on a scale we have never seen. It is for this reason that cyber security in regard to smart city innovation and infrastructure has been deemed by many experts as one of the biggest challenges.
One study from the University of California however noted that not all advancements associated with smart cities share the same cyber risk. The study ranked different technologies by levels of technical vulnerabilities, from water systems, sanitation, security, policing, and transportation. It found that the most vulnerable technologies were emergency and security alert systems, street video surveillance systems, and smart traffic lights and signals, with the least vulnerable being smart waste systems, recycling, and satellite water leakage detection technology. As a result, the researchers advised, ‘Local officials should therefore consider whether cyber-risks outweigh the potential gains of technology adoption on a case-by-case basis, and exercise particular caution when technologies are both vulnerable in technical terms and constitute attractive targets to capable potential attackers because the impacts of an attack are likely to be great.’
Deciding the best approach
So, this begs the question. Is designing entire smart cities as entire blueprints such as HMG and others propose the correct approach? Or should we instead be trying to implement smart technologies into existing cities and infrastructure on a case-by-case basis in line with this report? What has become evident in recent times is that advances in technology have raced ahead of many businesses ability to proactively implement cyber security tools and best practices, the unfortunate result being a more reactive approach is often utilised in dealing with vulnerabilities. This is why Zero Trust strategies are becoming more and more common. Zero Trust isn’t something that can simply be delivered by designing and/or implementing a new piece of technology or large-scale technology project, nor is it a product or service that you can just purchase ‘off the shelf’. It’s an overall security strategy, that centres around three core principals. The first ‘Never trust – always verify’ means that every time a user, device or application attempts to make a new connection, that attempt should be robustly authenticated and authorized and not simple trusted because it is coming from inside a closed network. The second, ‘Implement Least Privilege’ means only granting users and applications the minimum access required to minimize risk. The third ‘Assume breach’ forces teams to plan for the worst-case scenario and develop clear and tested incident response strategies.
The problem with building a highly advanced city from the ground up in this way is that realistically, an incredible number of proactive measures would need to be implemented during the ideation and design phases to make sure that all security vulnerabilities are covered. If using the example outlined above, this would need to include a Zero Trust framework on a scale never before seen and would require substantial server load and system requirements, a problem which still persists today when employing authentication systems such as tokenization at scale (just one aspect of the architecture). When the city goes ‘live’, these systems and potential vulnerabilities would need to be managed meticulously at epic proportions, all at once in a very short period. This sort of scenario is something which hackers thrive on because scale equates to increased probability that threats can go unnoticed or even be overlooked. In this case, without a clearly defined proactive Zero Trust security model, once an attacker is in the corporate network (or entire city network) they can move laterally to new systems with relative ease.
Designs of cities in this way and on this scale excite the imagination, but it is the ‘un-seen’ security infrastructure which will provide the foundations of the city’s success, and this could also be their downfall, negating many of the positive aspects proposed in its vision. Whether building a new smart city from the scratch or making an existing city smarter, it is important to consider that uncertainty should be minimised by authenticating all access rights to the correct user, which means Zero Trust is a prerequisite for smart city security when we redesign a city with numerous advanced technologies.
This is not to say security infrastructure could not be implemented successfully on this scale. Humankinds’ ingenuity is far reaching. However, we should be careful not to jump the gun and be honest with the fact that this level of cyber security implementation is just as important as the aesthetically pleasing designs that most of us are drawn too.