With the increased use of smart devices in every aspect of consumer lives, with Home assistants and smart fridges to name a few examples, the world is becoming more interconnected than ever before. However, with this boom in Smart technology comes with it an increased cybersecurity risk that needs to be addressed.
Yuri Andersson is CEO of ANGOKA, an IoT security company focused on protecting M2M communications for Smart Cities and Mobility. He has nearly 20 years’ experience of technology innovation in start-ups, research institutes and multi-nationals as a scientist, manager and director. Previously, he spent over a decade in financial technology innovation, both in startups and also at investment banks where he has overseen multi-year, multi-million global technology programmes, including six years at BNP Paribas.
Here he shares his thoughts on the threat of cybersecurity on Smart cities.
The past few years have seen an increase in IoT and Smart devices across sectors, leading to a boom in actionable data that will undoubtedly change the way we live forever. From heightened manufacturing outputs to reduced traffic and pollution to increased fitness knowledge, the world is becoming more connected than ever before. Soon, cities will be able to offer their citizens an upgraded quality of life, drawing on and using all of this data. It’s hard not to be excited about the prospect of a safer and more efficient world.
However, one aspect of Smart technology threatens the ambition of Smart Cities – cybersecurity.
It is predicted that there will be 1 trillion connected devices by 2025. Nearly all aspects of a city can be ‘Smart’ – think of all of the devices you may even personally own, such as a smartphone, Smart speaker or Smart doorbell. On a metropolitan level, these devices are responsible for larger swathes of city living. Examples include IoT devices that track traffic patterns, enable energy or water mains, or facilitate machinery operating at ports. The main selling point of all of these devices, regardless of their purpose or sector, is their connectivity. These devices can all be operated remotely, gathering data or carrying out their other functions.
Currently, most Smart and IoT devices are not built with security as a priority, as evidenced by the numerous news stories in the past few years of hacked cars, security cameras, and even baby monitors. As cities move to Smart systems for critical systems, such as energy, traffic lights and connected and autonomous vehicles, cyberattacks will soon not only be a case of security, but of safety.
IoT devices are commonly victims of spoof attacks, where hackers assume the identity of a device to gain access to the larger network. Identity authentication is key to protecting machine-to-machine communications. By ensuring the legitimacy of a device’s identity and thereby ensuring the trustworthiness of its ensuing message, IoT devices and their networks are less likely to fall victim to these attacks.
Therefore, connectivity – the key to the future of Smart Cities – is also its fatal flaw. Each device represents a new point of entry for attack by nefarious actors. Even 5G, which is starting to be rolled out across the world, has security flaws. As the future backbone of connectivity across cities, it is imperative that 5G is secured.
Of course, not all security flaws can be fully anticipated, and as technologies develop, so do new risks. But the cybersecurity landscape today is already outdated and highly siloed, making it difficult to even begin to protect an attack surface which is so incredibly connected. Additionally, networks often contain a mix of technologies, standards and operators, making them even more complex. Finally, at the moment, end-to-end communication between devices cannot be assured. It is not difficult to see how this isn’t scalable or workable for the Smart Cities of the future.
Ultimately, there needs to be a complete paradigm shift in the approach to IoT, Smart technologies and cybersecurity. Developers need to ensure that security concerns are a priority from inception, and seek interoperability and identity management measures as much as possible. The time to secure future innovations is now, as these technologies emerge – any later will be too late.