Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Are Smart Cities Secure?

Planning and oversight have the most significant impact when securing a smart city utilizing Internet of Things and RFID technologies.
By Guy Rosefelt

There was some discussion at the CEO roundtable regarding IoT security, but this was considered to be adequately addressed by the LA Cyber Lab, the first city-based cybersecurity lab in the United States. The LA Cyber Lab is an exciting concept, but it is little more than a year old and has yet to respond to a major regional cyber-event.

Conflicting or Singular Requirements for Solutions
Having worked with government agencies, I have often seen an agency that wanted to buy a solution and created requirements or performance specifications with little thought to the other agencies with which they interfaced. This was highlighted as a critical issue affecting response to the mass shooting at LAX airport in March 2014, due to the number of incompatible radios between all first-responders and airport security. The County of Los Angeles has since begun developing the Los Angeles Regional Interoperable Communications System (LA-RICS) to facilitate communication between all public-safety agencies across 88 cities within the county.

Although Los Angeles City and County should be lauded for LA-RICS, there are still dozens of cities and agencies running incompatible systems within a similar vertical infrastructure. Will the city and county be able to replace these legacy systems prior to the Olympics? Only time will tell.

More troubling is that the interoperability standards specified in the new smart-city tenders were minimal. There were the primary syslog and SIEM requirements, but no STIX/TAXI, XML/JSON or similar to pass or consume threat intelligence data. I can understand an agency's systems sending alerts and data to an SOC, but not the need to receive any data back. It could be argued that related agencies will use the same systems, but the tender process may prevent that. That is why it is essential to document and require all necessary interoperability standards.

Organizational Self-Interest
All government agencies have their own requirements to operate. But no agency wants to be secondary or beholden to another agency or organization. If we agree that happens within a city or national government, imagine what it is like between cities or large governments.

Los Angeles completed a 30-year project in 2013 to synch 4,400 traffic lights throughout the city. The project was originally started as part of the traffic plan for the 1984 Olympic Games, but expansion was never completed. One reason it stalled was the inability to get surrounding cities to agree to modify the timing of their traffic lights to accommodate the Los Angeles plan. The project, restarted in 2005, still only covers the signal lights within the City of Los Angeles boundaries and cities surrounded partially by those boundaries.

I live in the Coachella Valley of Southern California, where a single city, earlier this year, opted out of a plan to improve traffic flow down a major traffic corridor through seven cities. The city manager claimed the city was "not comfortable surrendering all control of the city's traffic signals over to CVAG as the association is assuming 'lead agency status.'"

I know there is a great deal of focus on traffic lights, but keep in mind that traffic infrastructure uses a lot of IoT devices to monitor and manage those lights. The point is, unless there is a higher authority to drive standards and cooperation, smart cities are at risk of having vulnerabilities lost in the political shuffle until it is too late.

At TexLA, I spoke with two former CTOs for the City of Los Angeles about this topic. Both agreed that it was an uphill battle at times to promote standards over a given agency's desire for some specific solution. Why? Because there was one justification an agency could provide that trumped all else: "If we don't get this {fill in the blank}, people will die!" Mayors and city councils are hard-pressed to argue against that.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations