How connected devices transform smart cities into a nightmare of cyber security? On different scales, whether we’re talking about automation (shutters, cameras, thermostats, meter readings, connected devices, individual daily life (watches, tv, games and connected GPS) and now at a global scale of cities (traffic data, road and urban equipment, security cameras, energy consumptions): connected devices are everywhere ! And it will not stop here: Gartner states that 8.4 billion connected devices have been used in 2017, that is to say 31% more than in 2016.
Towards a global thought for a general data collection
Smart cities are no longer cities properly speaking, since they represent autonomous, communicating, interconnected entities, where each IoT is a component of the “smart city” scheme chain. This follows the evolution of technologies and the digitization of services / tools, making each person’s life a data catalyst.
For example, checking our home temperature remotely generates plenty of data (temperature, humidity, presence, location, date and time, etc.) These technological capabilities allow us to be more and more dependent on data since its inaccessibility makes our favorite tracking tools obsolete.
Connections raising doubts
The almost systematic use of electromagnetic waves (Wi-Fi, Bluetooth, Zigbee, etc) instead of wired connections (RJ45, fiber, etc) expose us to magnetic fields generated by our devices, but also by our neighbours’. Aside from the health aspect that remains controversial to this day, it also increases the potential attack surface on our privacy.
A security vision often neglected
At first created to simplify, automate and secure citizens lives, smart cities became the fish bond of data exchanges which, now, are subject to commercial, social and political pressures. Infrastructures security, exchanges and key business processes have not been taken into account nor integrated into smart cities. The risks are critical: they can go from abuse and corruption to destruction of data, violating simultaneously the private life and the confidentiality of those ones.
Last april, the Dallas emergency alarm system was hacked and the hurricane alert was activated during the night, triggering 156 alarms at the same time, around fifteen times for about two hours. This example, in between so many others, show the impact a malicious individual can have when entering an interconnected system. He could just as well cut out your electricity at any given moment and lock yourself inside your home!
The “Security & Privacy by design”: an essential base in people protection
Security has become a priority and it has to be integrated by design from the conception of a product / project. In order to manage the associated risks, and thus, limit / avoid the discovery of security breaches or the absence of security, risks must be known. Those breaches can engender data leaks as well as takeovers from afar.
In order to mitigate these risks, the GDPR (General Data Protection Regulation) compliance is necessary. This European regulation focuses on data protection at a personal level within the European Union, enforceable in May 2018. It could therefore be a gamechanger as it will fine non-compliant enterprises by up to 4% of their worldwide revenue or 20 million euros.
But what about the users, who, despite solid security mechanisms put into place by companies, could break this scheme by not being aware of the good sharing and personal data usage practices?