Opinion | Dangers of IoT sensors for smart cities3 min read . Updated: 20 Aug 2018, 10:52 PM IST
Weakest link in smart cities installations may actually lie at the sensor level
Last week, this column focused on India’s ambitious Smart Cities programme. I wrote of the need for the computer systems enabling smart cities to have an open-source system infrastructure in order to make them efficient in collaborating with the various intelligent platforms that will run the smart cities via a smoothly functioning network, which will allow for cooperation among disparate civic bodies within a city.
India is not alone in this ambitious initiative. Municipalities the world over have realized how valuable it can be to make their cities “smarter". Smart City initiatives across the globe will attract technology investments of more than $81 billion in 2018, and spending is set to grow to $158 billion in 2022, according to the International Data Corp. (IDC). Singapore, Tokyo and New York City will be among the largest spenders. Serena Da Rold of IDC has been quoted as saying that intelligent transportation and data-driven public safety remain the largest investment areas, but that IDC is also finding significant pockets of spending and growth in back-office and platform-related use cases, which are less often publicized, but increasingly happening behind the scenes in cities around the world.
The opportunity to make money in installations like these does not lie in a closed, monolithic implementation, but is facilitated by an open system with the ability to easily add new services, applications and sensors. In such a model, it is not just the connections from application to application that are open. Every aspect of the enabling infrastructure is open, including its internal schema and interfaces, and the entire programming “source" code of the implementation is also made available on a royalty-free basis.
People are well aware of the vulnerabilities personal devices such as smartphones, laptops, routers and other hardware have, and the firms that make them work hard to plug gaps in a never-ending catch-up game with hackers. An entire sub-industry has been spawned for companies such as Symantec Inc., which owns Norton, the antivirus and anti-malware firm.
It turns out that while firms that are involved in the smart cities programme stand to make more money as they roll out new sensors, each with an Internet of Things (IoT)-based connection to their own application, as well as to other related smart cities applications, the weakest link in smart cities installations may also actually lie at this sensor level.
According to Wired magazine, researchers from IBM Security worked with their counterparts from security firm Threatcare to investigate sensor hubs from three different companies, Battelle, Echelon Corp. and Libelium, who sell systems to support smart cities installations. The researchers found that these sensor arrays are at great risk of being hacked.
These firms’ business is to set up an interconnected array of sensors and allow municipalities to use IoT information from these sensors to solve problems of coordination between various city agencies. These sensors monitor a variety of factors, such as pollution and traffic flow, and can automatically cause action at the ground level by controlling functions such as traffic lights, street lighting and emergency alerts. The magazine cites the instance of the false alarm that went off earlier this year in Hawaii about an expected missile attack as an example of such an accident. This particular false alarm was enormously stressful, coming as it did in the wake of sabre rattling by North Korea about its ability to hit US cities with its expanded nuclear missile capabilities.
The three firms have confirmed the vulnerabilities and issued patches for all the bugs. The magazine stated that researchers have confirmed none of the bugs their “white hat" or friendly hacking efforts exposed have actually been exploited by others with mala-fide intent. That said, officials in many countries, including the US, have acknowledged that their infrastructure is vulnerable, and it isn’t just the ballot box that the bad guys are coming after. For instance, Russian hackers have long been suspected of causing widespread electricity blackouts in the Ukraine.
Municipalities would do well to earmark some of those billions of dollars to focus on ongoing spending on security, much as corporations and individuals spend money on antivirus and anti-malware shields for their devices.
Siddharth Pai is founder of Siana Capital, a venture fund management company focused on deep science and tech in India.