|Home||Internet of Things||Aerospace||Apparel||Energy||Defense||Health Care||Logistics||Manufacturing||Retail|
Are Smart Cities Secure?
Planning and oversight have the most significant impact when securing a smart city utilizing Internet of Things and RFID technologies.
Jan 20, 2019—
Recently, I participated in several tenders for smart-city projects around the world. I also partook in CEO roundtable discussions at Telecom Exchange LA, including one about what Los Angeles would look like in 10 years for the 2028 Summer Olympics. From those projects, I realized there are several issues that may impact making a smart city secure.
Although the tenders originated from different countries, they had a lot in common. All were published by a single government agency, all were requirements specific to that agency and all asked for the standard set of security products: next-generation firewalls, intrusion-prevention systems, Web application firewalls, anti-DDoS, APT protection and so on.
What struck me about all of the above was that cybersecurity technology was not the issue; the smart-city requirements and the discussed roadmaps covered those rather well. What I saw not being addressed were the deployment of multiple Internet of Things (IoT) devices, conflicting or singular requirements for solutions, and organizational self-interest.
Deployment of Multiple IoT Devices
It is common knowledge that IoT devices are built for functionality and not security. Even IoT devices that have protection do not have good security. Earlier this year, one of my research teams found a number of vulnerabilities in Schneider Pelco Sarix Professional Cameras, a popular IP camera used for surveillance. All but one of the vulnerabilities were considered "high" or "critical," as they could disclose information, allow privilege escalation or command execution.
Some interesting papers propose using RFID to create intelligent traffic-control systems in smart cities. None discuss the security implications of their proposed solutions.
There were many ICS-related vulnerabilities disclosed this year. Siemens disclosed that some models of SICLOCK central plant clocks had several vulnerabilities, some deemed "critical." SICLOCK clocks are used at industrial plants to synchronize time across devices within the plant. Then there are IoT devices in smart buildings for heating, ventilation and air conditioning (HVAC) and environmental controls, as well as physical security and perimeter access, elevators and more, which most people don't think about but which could be used to jump air-gapped systems. There are several "ICS villages" around the world to promote awareness and education about ICS security. You should visit their sites to view information on or demonstrations of ICS cyberattacks.
None of the tenders in which I participated had any significant requirements related to IoT security. The government agencies offering the tenders had to be using the IoT, as all were related to specific infrastructure areas.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL
|RFID Journal LIVE!||RFID in Health Care||LIVE! LatAm||LIVE! Brasil||LIVE! Europe||RFID Connect||Virtual Events||RFID Journal Awards||Webinars||Presentations|