May 29, 2015 – Connected Cities Can Mean Metro Mayhem

By Chris Rouland

The world is awaiting the idea of the smart city; a city digitally connected to its residents and operators to provide an enhanced quality of life and cost savings. South Korea, Barcelona and now India are all boasting about their cleaner, greener and yes, smarter, city projects. And, while the idea of digitally driven cities is less common in North America, there is a growing momentum behind the idea, driven in large part by the massive growth and interest in the Internet of Things.

Frost and Sullivan estimates the Smart Cities market to grow to 1.5 Trillion, but its unclear how much of that will be spent on security. What is clear is that without the proper security supporting these technical advances, the result could be chaos in the city. So, while communities enjoy free wifi to enables apps that find open parking spots from beaconing meters, are city leaders and residents alike truly ready for the security risk that comes with smarter urbanization?

My own city fell victim to a hack of public property when a digital billboard in one of Atlanta’s busiest intersections displayed lewd images for all of Buckhead’s citizens to see. The prank isn’t new; as a matter of fact it was shown at DefCon in 2013 and since then a number of how-to articles have made their way online. While a billboard has no ability to truly harm people or infrastructure, it is an example of the insecurities in the connected, public domain. The following year at the same conference, Cesar Cerrudo of IOActive demonstrated how easy it was to completely control traffic lights in major cities like New York and DC with less than $100 worth of equipment. Weak passwords and poor encryption make commandeering our traffic systems all too easy – and worse yet, remotely.

And we’re only at the beginning. Wellington Webb, former mayor of Denver, said it best, “the 19th century was a century of empires, 20th century was a century of nations and 21st century will be a century of cities.

As the burgeoning population makes life less bearable in major cities, leaders are turning to technology to help ease the pain. If you’ve ever traveled on the tube in London, then you’ve heard the voice announcing that your train will be late for one reason or another. It’s for this reason that London has decided to completely revamp their tube system by leveraging IoT. This is on top of an already hyper-connected cityscape, including the largest CCTV network in the world and real-time traffic and air quality monitoring. You can even see how many bikes are available for rent in a city-wide data dashboard.

I’m sure that all of this instant information is great for app loving Millennials that thrive on knowing the easier, faster or better ways to get what they need, but could all this ubiquitous sensing birth a new breed of criminal? Smart Cities mean Smart Homes, and our own research has been able to bypass wireless security alarms, silence door chimes and render locking your vehicle impossible with a device purchased off of Amazon. And, according to a recent article, should such personal property violations occur, the police might be slow in responding due to potential vulnerabilities in connected police cars.

And then there’s the big one, the one that could cause major damage on a global scale – an attack on critical infrastructure. Real time smart metering on water, energy, gas and oil via embedded technology widens the attack surface of our utilities exponentially. However, it also provides great data to help municipalities conserve resources and save tax-payer money, but that will need to be balanced to ensure public safety. And, while this entire blog has been riddled with FUD, it’s important to note that the good guys are doing something about it. Recently, my company joined Securing Smart Cities, a non-for-profit brainchild of Cesar Cerrudo of IOActive. The organization is comprised of several companies and cyber experts that realize the necessity of getting ahead of the risk that could come with smarter cities.

We all want to live in communities that are fiscally and socially responsible. And as we turn to technology to improve our quality of life, we must remain vigilant to it’s compromise from the bad guys.

Chris Rouland
Chris Rouland Headshot_SMALL
Twitter: @chris_rouland