IoT and Smart Cities have become terms we are all too familiar with, but looking at the rate at which they grows, we cannot ignore the growth of the attack areas, writes PAUL WILLIAMS, Country Manager SADC, Fortinet.
Smart cities are being planned the world over. Technology development always goes through two phases for any new discipline: First – tools are developed, and infrastructure is built and enabled. And second – the technology is scaled up. In the case of smart cities, we are in the first phase, where many of the kinks and challenges are still being ironed out.
Here are some examples of services a smart city might provide:
· Coordinated energy control of air conditioners at homes during hot summer days to manage and preserve city power resources
· Directed local discounts in retail and restaurants to avoid city congestion
· An automatic fee for driving a vehicle during highly congested periods
· A smart directed parking app that automatically discounts congestion charges for parking in specific parking lots
· Real-time sensor data to warn citizens affected by allergens and irritants
· Real-time sensor data of standing water for mosquito breeding, etc.
· Vehicle-to-vehicle communication, autonomous driving technology, and infrastructure with embedded sensors to warn of things like imminent traffic jams, construction, best routes for navigation during emergencies, etc. based on real-time traffic patterns.
To enable such services, smart cities will need to deploy plenty of IoT devices and services for metering, sensing, and controlling.
The Attack Surface of Smart Cities
The increase in the size of a smart city’s IoT device footprint corresponds to an increase in the size of its attack surface.
As was seen recently in a series of IoT-based denial of service attacks, IoT devices can be compromised and hijacked into a Shadownet (an IoT-based botnet that can’t be seen or tracked using normal browsers or tools) and controlled by a command and control (C&C) center run by hackers. Alternatively, these devices and services may be attacked in order to deny services to legitimate users.
Here are some examples of what hackers and attackers can do:
· Take control of parking, traffic lights, signage, street lighting, and automated bus stops, etc. For example, changing highway signs to read “terrorist threat in area” or “danger, toxic spill ahead” could seriously disrupt traffic and cause panic among drivers.
· Direct all cars and buses to a specific area to create congestion and gridlock.
· Disable local transportation, thereby disrupting businesses and services, such as banking, because employees can’t get to work.
· Open causeways to spill sewage and untreated waste water into parks, rivers, and communities.
· Cut off access to drinking water.
· Send fake SMS directing to people to a specific location, such as a targeted business or government agency
· Remotely switching off air conditioners or furnaces during extreme temperature days
· Randomly turning on fire and burglar alarms throughout the city
Increasing the Security in Smart Cities from the Inside
While it’s not possible to secure every possible security breach in a totally connected environment, it doesn’t mean we need to go back to the Stone Age. Instead, it’s possible to take some key initial steps to strengthen the smart city’s security posture and architecture:
· Use strong encryption
· Design systems that have strong protection against tampering.
· Provide strong access control, authentication, and authorization
· Maintain detailed logging of activities
· Segment services for individual sub-systems, and then aggregate and pool data that you want to make publicly accessible
· Create centralized management, analysis, and control systems through segmented and secured administration channels to troubleshoot problems
· Set baseline standards that trigger alarms or require manual override when thresholds are crossed or anomalous behavior is detected, such as rerouting traffic or disabling water treatment.
Segmentation is the Key
With a complex smart city network, segmentation is the key. For example, the Smart Transportation network needs to be logically segmented from other smart networks, such as user services, websites, or energy networks, etc. This aids in isolating an attacks, and allows for the advanced detection of data and threats as attacks and malware move from one network zone to the other. This also divides the smart city network into security zones, which aids in compliance, monitoring internal traffic and devices, and preventing unauthorized access to restricted data and resources.
Such segmentation will ensure that the majority of the IoT components deployed across the smart city only communicate with those devices and systems they should, and only talk in the protocols they have been assigned. This will also ensure that the interior network doesn’t get hacked and can’t participate in a DDoS attack.
In a similar way, other smart networks in the city can be segmented and isolated from each other, thereby avoiding the spread of malware and reducing the impact of any hacks and attacks. Further, smart cities must make include the ability of IoT equipment to support and control such traffic an essential purchasing requirement.
Increasing the Security in Smart Cities from the Outside: DDoS Attacks
While network segmentation will ensure that the internal network is protected and its integrity and availability are preserved, we need to increase the availability of the smart city’s Internet facing properties. DDoS attacks can be easily used to overwhelm this infrastructure. Depending on the size of the pipe, and expected worst-case scenarios, city IT teams must develop and implement and effective DDoS attack mitigation strategy. This may be comprised of either an over provisioned appliance solution, or a hybrid solution consisting of appliances combined with a cloud based scrubbing center.
An over provisioned appliance solution enables you to manage DDoS attacks that are larger than your normal bandwidth usage. For example, if your normal user traffic is 1 Gbps, develop a plan for a 20 Gbps DDoS attack that includes deploying an appliance to mitigate such attacks, and provision for such potential bandwidth requirements from your service provider. If the actual attack is expected to be larger than your service provider bandwidth, however, you may need a hybrid solution that includes a cloud-based scrubber that works closely with your DDoS appliance solution.
From Smart to Smarter
As time passes, smart cities will become even smarter as they learn from researchers, from each other, and from incidents that are bound to happen.
Smart grids needed for Africa’s utilities
Power utilities across Africa should rethink their business models and how they manage and monetise their assets to keep pace with the changing energy ecosystem, says COLIN BEANEY, Global Industry Director for Asset-intensive and Energy and Utilities at IFS.
Africa’s abundant natural resources and urgent need for power mean that it is one of the most exciting and innovative energy markets in a world that is moving rapidly towards clean, renewable energy sources. The continent’s energy industry is taking new approaches to providing unserved and underserved communities with access to power, with an emphasis on smart technologies and greener energy sources.
Power systems are evolving from centralised, top-down systems as interest in off-grid technology grows among African businesses and consumers. And according to PwC, we will see installed power capacity rise from 2012’s 90GW to 380GW in 2040 in sub-Saharan Africa. Power utilities are needing to rethink their business models and how they manage and monetise their assets to keep pace with the changing energy ecosystem.
Energy and utilities providers are transforming from centralised supply companies to more distributed, bi-directional service providers. They can only achieve this through the evolution of “smart grids” where sensors and smart meters will be able to provide the consumer with a more granular level of detail of power usage. This shift from an energy supplier to “lifestyle provider” will require a much more dynamic and optimised approach to maintenance and field service.
African companies must thus embrace digital transformation as an imperative. This transformation begins by embracing enterprise asset management to improve asset utilisation. The subsequent steps are enhancing upstream and downstream supply chain management; resource optimisation; introducing enterprise operational intelligence; embracing new technologies such as the Internet of Things, machine learning, and predictive maintenance; and becoming a smart utility.
Embracing mobility to drive ROI
Getting it right is about putting in place an enterprise backbone that accommodates asset and project management, multinational languages and currencies, new energies and markets, visualisation of the entire value chain, and mobility apps. Mobile technologies that support the field workforce have a vital role to play in driving better ROI from utilities’ investments in enterprise asset management and enterprise resource planning solutions.
Today’s leading enterprise asset management solutions feature powerful functionality for mobile management of the complete workflow of work orders – from logging status changes and updates, from receiving and creating new orders to concluding the job and reporting time, material and expenses. Such solutions are easy to deploy and intuitive for end users to learn and use.
Importantly for organisations operating in parts of the continent with poor telecoms infrastructure, connectivity is not an issue. The solutions work offline and synchronises when network connectivity is available. Users can work on any device—laptops, tablets, and smartphones—commercial or ruggedised.
By ensuring that field technicians have easy access to information and processes, the mobile solution enables technicians and maintenance engineers to easily do the following tasks:
· Create a new work order on the fly and log new opportunities
· Access both historical and planned work information when requested
· Permit customers to sign when the job is completed
· Capture measurements and inspection notes on route work orders
· Create new fault reports on routing
· Facilitate documentation through photo capturing
· Provide easy access to technical data and preventive actions.
The power of mobility allows the engineer to be the origin of all data capture on a service event. They can easily inquire on asset history, record parts used or parts needed for repair, record labour hours, and expenses as they occur, and any notes of repairs performed. When coupled with workforce management tools, such solutions unlock significant productivity gains for utilities who are trying to get the most from their workforce and assets.
Brands fall for app vanity
The experience of a mobile screen full of icons, representing independent apps that your need to open to experience them, is making less sense. Instead, businesses should serve customers with an ‘app-like’ experience inside the digital platform they already use, says PIETER DE VILLIERS, Group CEO at Clickatell.
Many brands remain obsessed with creating mobile apps. This not only defies trends that point to increasing consumer app apathy, but can exclude a sizeable portion of your customers in emerging economies. Companies need to engage with their users where they are rather than forcing them onto an app, in what can only be described as brand vanity.
In 2017 there were around 2.2 million apps available in the iOS app store and over 3 million on Google Play. And, while the number of apps being downloaded continues to rise, analysis shows that consumers are only using 30 apps per month and accessing just 9 on a day-to-day basis.
While these numbers still seem attractively high, in reality the majority of the apps we use are for messaging (like Facebook Messenger, WhatsApp, and WeChat) and our social networking, gaming, leisure, dating or utility activities.
Despite the facts, the application strategy as the holy grail for digital transformation is still being pushed even within large progressive brands. What’s more, some advertising agencies and digital consultants are still pushing apps as the best means for companies to connect with their customers. This has resulted in some organisations stubbornly doubling down on app strategies which are simply not showing return on investment (ROI).
It’s not immediately clear to us whether the fascination with apps is a roll-over from long overdue projects or whether brand owners equate a mobile-first strategy with a mobile app. Mobile-first in 2018 means customer first, and therefore embracing chat commerce in order to deliver services with convenience and simplicity in mind.
Why apps won’t win the internet
The problem with apps goes beyond user fatigue. In the first instance, many apps are poorly designed, assuming technical sophistication which may not match reality for the average customer. Poor user interfaces and attempts to provide complex engagement can result in even the best ideas missing their targets due to lack of engagement.
Secondly, we all know that economic realities drive consumer behaviour. In Africa, new mobile phone users typically opt for feature phones over smartphones. With a longer battery life and a much more accessible price point, feature phones still allow for a basic internet connection, chat platforms like WhatsApp, and call and message functionality. In these regions, the cost of an app – even if it’s free – goes far beyond installing it. Constant updates require reliable and cheap access to the internet. For the average phone owner in an emerging market, this can be a serious challenge.
Thirdly, and most importantly, apps must be relevant to their intended market. Frequency of usage is a key measure of relevance.
Apps which are used on a daily basis, like health and fitness trackers, enjoy constant engagement. New features which are added are eagerly awaited by users who are happy to update their apps.
However, users may well question the relevance of the app if they are required to conduct updates on a monthly or even weekly basis when they are only making use of the app once or twice a year.
On average, I download one app per quarter. Some I use more frequently than others, but all of these apps need to be regularly updated to maintain security, update features, and fix bugs. Many apps are pushing out updates much more frequently. I noticed over the past year that I could go from having all apps updated, to 32 apps requiring an update in five days.
When it comes to a customer-first digital strategy, companies should be asking themselves if an app is really the best way to reach their target audience.
In fact, at the end of 2016, Gartner predicted that by 2019, 20 percent of brands would ditch their mobile app. What’s more, in its 2018 predictions, the company forecast that by 2021, more than 50 percent of corporations would spend more per annum on bots and chatbots than on mobile app development.
So, we need to ask, what is the alternative for CIOs, CDOs, CMOs, and digital leaders who are looking for ways to reach, retain and grow their customer base?
The logical app alternative
The old battle advice goes: fight your enemy where they are not. Military strategists agreed that having your enemy come to you and fight you on your own terms was preferable. In a world where customers have access to thousands of offerings and millions of deals online, we need to flip that idea to Meet Your Customers Where They Are.
Any marketeer will tell you just a how difficult it is to drive app downloads. Development, cross platform testing and user interface aside, the marketing campaign required to get customers to download the app can swallow entire annual budgets and still come up short.
Looking at the facts, it makes infinitely more sense to work within the digital platforms already being used by your target audience.
Clickatell is already enabling chat commerce for some of the leading global brands with its Touch solution. This allows organisations to serve their customers with an ‘app-like’ experience inside the chat or browser platform of their customer’s choice (Twitter, Facebook Messenger, etc.)
Brands can now send an actionable Touch link such as ‘find the nearest ATM’ or ‘reset my password’ within a chat stream that will open an intuitive touch card without the user having to download an app to perform the action. Services can also be linked to the in-app experience for brands not looking to abandon their app efforts.
Working with our clients, many of whom are global innovators and thought leaders, we’ve found that having the courage to design with an ‘end user first’ approach and dealing with the back-end complexity behind the scenes results in cost efficient customer delight and ROI.