Opinion: Perils of the smart city

Opinion: Perils of the smart city QinetiQ is a British multinational defence technology company headquartered in Farnborough, Hampshire. It is the world's 52nd-largest defence contractor measured by 2011 defence revenues, and the sixth-largest based in the UK.

There is a tacit acceptance that the world appears to be growing ‘smarter’. The total number of internet-facing smart devices is expected to exceed 38 billion by 2025, and reach 50 billion by 2030. By 2022, your average family home could contain over 500 smart devices, according to Gartner. Consider the ‘smart city’, in which critical infrastructure, government services, utilities and management systems are all interconnected. What benefits do these smart cities promise to bring? And what are the concerns?

A smart device lives in its environment, constantly monitoring or sensing what is going on. When that environment is sensed, it creates data – and potentially lots of it. On its own, data has limited value, it needs to be collated, compared and contrasted in a structured way that allows insight to be generated. The insight gained from that environment can then be actioned in many different ways to give us an outcome. In our example of a smart city, this could be fusing knowledge of ongoing roadworks, and a subsequent increase in traffic flow to inform a change in traffic light patterns, that then reduces the traffic flow. 

With so many devices sensing environments, and the increasing number of supportive systems providing additional data, the result is an enormous (and growing) volume of information. It’s not possible to manually manage this level of data, and therefore we are becoming more and more dependent on artificially intelligent (AI) oversight, facilitating the move towards a more data-driven normal. According to Deloitte, every two days the world creates more data than in the entire human history up to the year 2003. 

Different approaches

Smart cities develop in one of two ways – retrospective deployment (by embedding sensor, connectivity and compute capability into their products and services, that are deployed into an existing environment – for example, people flow detection integrated into CCTV cameras, which are then retrofitted in a shopping centre); and integrated deployment, where the capability is integrated into the core fabric of the infrastructure at build.

In the latter approach, government agencies might deploy environmental sensors to monitor natural events; all contributing to a deep pool of ambient data, promising to augment the city’s operations and, in the cases of emergency services and disasters monitoring, potentially save lives.

By far, the growth of retrospective deployment far outstrips the ground-up integration into new infrastructure – there aren’t many new cities being built at the moment. However, there are plans to build some whole new smart cities from scratch. 

In 2017, the Saudis announced ‘Neom’. Neom, reportedly a $500 billion investment, will supposedly feature ‘artificial clouds’ that will allow for rain in the desert, schools taught by holographic teachers, a giant artificial moon, and more. 

However, there is a sizeable issue to be addressed: protecting all of this data. 

Data: lifeblood/vulnerability 

In December 2016, renowned cybersecurity expert Mikko Hypponen tweeted ‘Hypponen’s Law’ – “If it’s smart, it’s vulnerable”. This simple premise has proven repeatedly itself over the ensuing years. 

For example, numerous smart city products are left exposed to the open internet. Public safety sensors or industrial control systems left open to manipulation creates unpleasant possibilities – tampering with traffic lights, silencing disaster warnings, or interfering with radiation readings are a few examples. 

We can use the USA as a case study for data being compromised. In 2015, an enormous Distributed Denial of Service (DDoS) attack brought down a large proportion of America’s internet. This was driven by the ‘Mirai’ botnet, mostly made up of IoT-enabled devices (such as media players and digital cameras). Because of the sheer number of IoT devices within its network, Mirai was able to bring an incredible amount of processing power to the attack. 

These types of complex cyberattacks are only growing in frequency and scope. In fact, honeypots (sacrificial computer systems intended to attract cyberattacks) operated by Kaspersky Labs detected 105 million attacks on IoT devices in the first half of 2019 alone.

Steps must be taken to protect such information from malicious actors who might incorporate it into attacks, both on states and on individuals. 

Security vs privacy: the ethics and politics of the smart city 

As with many issues at the leading edge of technology, the legal framework around smart cities (and the governance of data within them) continues to evolve. 

Personal devices play a large role here. One of the most obvious issues is safety at the expense of privacy. Individuals already surrender vast amounts of data to their personal devices; much of this will have to be managed, and decisions will be made – both at the individual and governmental level – over which data to absorb into the smart city. With instances like the Cambridge Analytica scandal of 2018, trust in data is somewhat lacking. Though the trepidation isn’t unfounded, there are plenty of reasons to be excited by the prospect of smart city. And efforts such as GDPR will bolster this too.

Still, some are less reserved in their outlook. Issues of personal privacy tend to be more politically charged in the West, where many nations in the more collectivistic East choose a different path. 

China, for instance, has built arguably the world’s most intricate surveillance system in its Xinjiang district – millions of CCTV cameras watch its inhabitants. The details of people’s energy use, and travel habits are all collected to help collate a ‘social credit score’ that penalises or incentivises individuals, based on their behaviour. Elsewhere in China, some Chinese consumers embrace facial payment technology.

‘Predictive’ policing and AI surveillance 

There are a number of security measures that pertain to the smart city environment, but two of them are of particular note. 

PredPol is an American predictive analytics program used by dozens of police departments. It forecasts criminal activity by examining enormous volumes of past data, claiming to be able to predict who will commit crimes, and where. It has raised more than a few eyebrows, and for this reason, a number of police departments choose not to admit to their use of predictive policing. 

The second technology, AI surveillance, has a broader definition – drawing on everything from facial recognition systems and social media monitoring to license plate tracking, along with body language analysis. Champions highlight the ability to help emergency services and law enforcement better deal with crimes and accidents. But biases implicit to AI systems have caused concern, along with a culture of ubiquitous surveillance that could be ushered in. Though such concerns are legitimate, the heavily-invested-in technologies like Explainable AI begin to address some of them and will pave the way for some really credible and enriching experiences with AI in the smart city.

Basic steps for inevitable vulnerabilities 

By 2050, the UN projects that 68% of the world’s population will live in urban areas, many of them, presumably, full of smart architecture. From our current vantage point, the smart city is more than inevitable – the transition is happening, right now. But there is much to be done to ensure that this new, data-rich world doesn’t turn out to be a Faustian bargain (at least from a security perspective). 

In the shorter-term, there are some relatively simple best practice ‘quick wins’. For instance, ensuring that devices are not publicly discoverable, not set to use default passwords and regularly patched for software vulnerabilities. Many smart device exploits can be (and have been) achieved via simple ‘old school’ black hat hacking techniques, like Structured Query Language (SQL) injections to bypass authentication during login, or simple password guessing. 

And of course, going forward, there is also an obvious and substantial amount of work to be done to protect the smart city at the legislative and technical level. Our new, smart urban spaces have the potential to be one of the sharpest double-edged swords of the next decade.

(Photo by Hugh Han on Unsplash)

Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Tags: , , ,

View Comments
Leave a comment

One comment on “Opinion: Perils of the smart city

Leave a Reply

Your email address will not be published. Required fields are marked *