Cities across the globe want to become more intelligent – smart city is the magic phrase. It represents a vision of urban space, in which millions of interconnected devices and sensors use data analysis and intelligent controls to improve the overall quality of life for everyone, while helping to promote the conservation of resources and improve competitiveness. Currently, this concept is already taking shape – due to the exponential growth of the Internet of Things (IoT), effective mobile and broadband networks and progress made with respect to machine learning and artificial intelligence. This development is not just a luxury, but rather a necessary development, as it is estimated that 70 percent of the world’s population will reside in urban regions by 2050.
However, each new IoT device, server or data transmission increases the risk that cybercriminals, hacktivists or terrorists will be able to find and misuse gateways for the purpose of stealing data or even committing sabotage. Since these risks not only impact our data, but also increasingly our daily lives, the city of the future must be able to ensure the highest possible degree of cybersecurity. After all, a smart city can only be successful if people trust the infrastructure and feel like they can live safely in it.
Strongly regulated access
The Smart City Ranking 2020 conducted by the IMD Business School in Lausanne reveals that initiatives aimed at smart cities are multifaceted. A fact which is further represented by the cities topping out the list, namely Singapore, Helsinki and Zurich (see box). Each of these initiatives features a strategy for cybersecurity, so that important players such as municipalities and those managing critical parts of infrastructure – like hospitals, mobility or logistics – join forces, accompanied by specialists who are well equipped to adequately address cyberthreats.
Siemens can also support in this regard. Cities can, for example, take advantage of the company’s global leading security offerings aimed at comprehensively protecting infrastructure, facilities and people from cyberattacks. Such a holistic approach also includes testing soft- and hardware for vulnerabilities, around-the-clock monitoring of data traffic, provision of routine training for employees, and of course, the strict regulation of access to critical systems, for example, through the use of secure authentication solutions.
As secure as online banking
But each building block of a smart city has special requirements. Today’s modern buildings are equipped with control systems for air-conditioning, lighting, intelligent electricity meters, surveillance cameras, elevators, charging stations for electric vehicles, access controls and much more. While this operation technology was largely isolated in the past, nowadays it is connected to the internet and to IT systems of the companies responsible for managing the buildings. This enables not only remote maintenance but also cloud services such as data analysis aimed at optimizing operational processes; however, it also creates more entry points for attack by criminals seeking to access to various control systems.
“One of the measures against intruders is to create software and hardware based on ‘security by design and default’ principles. This means building cybersecurity into initial designs of products and providing secure default settings,” says Alina Matyukhina, Cybersecurity Manager at Siemens Smart Infrastructure. The control units for building automation, such as those launched on the market by Siemens in 2020 under the names PXC4 and PXC5, serve as an example of this. They include signed firmware to ensure that it – as well as all its updates – come from reliable sources. Also, the identity of these devices is cryptographically protected, based on digital certificates printed into every device during manufacture.
Another security component is the most recent extension of the popular open-source communication protocol – Building Automation and Control Network (BACnet) – which enables data traffic between devices of different manufacturers in buildings, BACnet Secure Connect (BACnet/SC). “It incorporates the same technology that is used to secure online banking,” explains Matyukhina. “It makes the communication through building networks just as secure as an online bank transfer and therefore greatly minimizes the risk that this data communication could be manipulated. For example, somebody could sabotage the air-conditioner of a data center and thus cause the entire server farm to stop working. That’s why we at Smart Infrastructure have increasingly started to implement this protocol for our products and systems.”
Cybersecurity for the power supply
Power grids also constitute an essential part of smart cities. Moreover, smart grids will become even more important in the future. These grids facilitate, for example, the coordination of decentralized power generation – such as photovoltaic units – and electricity consumption. This requires not only powerful electricity grids, but also communication networks with IoT devices like smart electricity meters or power storage devices. Due to the fact that such decentralized power grids drastically increase the number of devices involved and therefore the risk of cyberattacks, Siemens is also committed to addressing the topic of grid security.
"If, for example, hackers gained access to the control system of a train and the railroad infrastructure - this could result in massive security problems."
No access to the control system
A smart city also will not exist without an intelligent mobility system which incorporates public transportation, private vehicles, car and bike sharing, traffic lights, traffic signals, control centers and a comprehensive wireless network to connect everything under one roof. Just analyzing cities’ modern rail operations highlights the sheer complexity that has to be addressed here: It extends from the traffic control centers to the operation information service to vehicle control and the passenger information system. “Mobility providers have a great interest in increasing the quality and efficiency of their services via an intelligent, networked system. But this has to go hand in hand with protection of the infrastructure and personal data, be it credit card information or movement data,” says Andreas Mehlhorn, Head of Mobility Consulting at Siemens. “But we would have a much graver problem if, for example, hackers gained access to the control system of a train and the railroad infrastructure - this could result in massive security problems.”
To prevent such incidents, Siemens mobility experts are working on numerous solutions. The Data Capture Unit (DCU) is one such example. It allows data to move only in one direction to IT networks or cloud services. Thus, this data diode prohibits systems and therefore signaling centers or trains from being controlled by hackers via the Internet.
Collaborating with international partners
The building of smart cities relies on these and other building blocks – such as city planning, healthcare system, administration or citizen involvement. Moreover, regulatory and statutory requirements are needed to ensure the orderly implementation of cybersecurity defenses. In 2020, several laws therefore went into effect, and are aimed at helping to protect critical infrastructures and the IoT. They range from the California IoT Bill through Japan’s Telecommunications Business Law to Germany’s IT Security Act 2.0. Furthermore, international standards guarantee that devices, systems and processes of various manufacturers comply with the minimum requirements for cybersecurity. These measures are supported, for example, by the cybersecurity initiative Charter of Trust, which was initiated by Siemens in cooperation with leading companies from around the world. This collaboration has already demonstrated the first signs of success and has ambitious goals for the future.
All of this underscores that regardless of how local a smart city will ultimately be, international cooperation is the only means of ensuring it can become reality. This transforms the magic word of smart city into smart world.