Smart cities are here to stay, as their connected systems offer numerous benefits in terms of efficiency, security, and quality of life. But all these advantages come with risks; massive volumes of data, including sensitive and confidential information, flow through the information superhighways of smart cities, and this data must be protected at all costs against cyber threats. How can IoT service providers and cities protect their devices and communications? Talking about smart cities is not new, now well into the third decade of the millennium; there are more and more connected cities, with systems based on data and connectivity to automate and optimize processes aimed at improving the quality of life of citizens, the efficiency of travel, energy efficiency and the safety and well-being of people.
A smart city is a map superimposed on the urban landscape of roads and buildings; a digital dimension where data and information flow, with clearly defined objectives to power a wide variety of applications, ranging from energy generation systems and remote management of street lighting to surveillance systems and sustainable mobility solutions, to name just a few of the most common examples. Ultimately, it is a complex ecosystem of connected devices and processes, serving the citizens; but it is also a channel through which a vast amount of data flows, often of a sensitive nature. To guarantee the inviolability of confidential information and the proper functioning of the hidden mechanisms of smart cities, it is vital to understand the nature of these connections and to design all processes within the connected city to be secure from the outset.
The flexibility of cellular connectivity:
Even in urban environments, fiber optics isn't always the most viable option for connecting devices, and short-range technologies like Wi-Fi or LoRa networks have their own associated costs and spectrum restrictions, as well as the need for a gateway or router to provide internet access. In this scenario, cellular connectivity emerges as a highly versatile alternative, both for complementing these local networks, acting as a link between the cloud or client servers, and for installing M2M cards directly in devices enabled to connect to mobile networks, whether 4G, 5G, Narrowband, LTE-M, CAT-1 Bis, or any other cellular access technology.
When connecting devices to the internet, regardless of the medium, it's impossible to ignore the ever-present threat of cyber threats. The administrators of connected cities have an almost unlimited world of possibilities at their disposal thanks to smart systems, but they also have a great responsibility: to guarantee the security and integrity of all that data, which can sometimes be critical for the proper functioning of the city's infrastructure and which may contain confidential information.
Securing Communications and Data from the Design Stage with a 360-Degree Approach:
Cybersecurity is an essential consideration when discussing smart cities, yet it's often undervalued. Security should be inherent to deployed systems, not an afterthought. Smart city design must consider from the outset how different devices and systems will connect and identify potential cybersecurity threats. This is achieved by applying a 360-degree cybersecurity approach to the design process (which can be extrapolated from smart cities to any other IoT ecosystem). This approach equips administrators with the tools to defend against attacks, detect risks, and react quickly.
The greater the number of connected devices, the larger the attack surface and the more complex it becomes to defend. For cellular connectivity, it's advisable to leverage the IoT SAFE approach, a GSMA-endorsed standard based on SIM authentication and authorization for devices on a mobile network. This standard also emphasizes certificate maintenance and updates. It is also vital to pay attention to redundancy to make systems resilient to potential outages. It's worth noting that what were recently recommendations are now becoming standard practice; in the European Union, this is regulated by the EU Cyber Resilience Act.
Just as important as proactive protection of devices and communications is having processes in place that allow for the rapid detection of potential incidents or attacks. Constant monitoring of devices, along with the use of data-driven analytics, allows for alerts to be set up for potentially anomalous or suspicious behavior.
Since no precaution is too much, and new cyber threats are constantly emerging, it is essential to be prepared and have well-oiled internal procedures (that is, having the necessary tools and properly trained personnel) to react quickly to any potential security breach, quarantining affected devices, reporting potential vulnerabilities, and taking the necessary corrective measures.
A 360-degree IoT cybersecurity strategy must consider these three pillars (defend, detect, and react) to equip a complex IoT system, such as that of a smart city, with the appropriate tools to protect the critical information that flows through its invisible networks. At Wireless Logic, we have developed an IoT cybersecurity framework to help our clients protect their systems from the very inception of the project.
Author: Beni Álvarez, Wireless Logic Technical Department
