IoT and Smart Cities have become terms we are all too familiar with, but looking at the rate at which they grows, we cannot ignore the growth of the attack areas, writes PAUL WILLIAMS, Country Manager SADC, Fortinet.
Smart cities are being planned the world over. Technology development always goes through two phases for any new discipline: First – tools are developed, and infrastructure is built and enabled. And second – the technology is scaled up. In the case of smart cities, we are in the first phase, where many of the kinks and challenges are still being ironed out.
Here are some examples of services a smart city might provide:
· Coordinated energy control of air conditioners at homes during hot summer days to manage and preserve city power resources
· Directed local discounts in retail and restaurants to avoid city congestion
· An automatic fee for driving a vehicle during highly congested periods
· A smart directed parking app that automatically discounts congestion charges for parking in specific parking lots
· Real-time sensor data to warn citizens affected by allergens and irritants
· Real-time sensor data of standing water for mosquito breeding, etc.
· Vehicle-to-vehicle communication, autonomous driving technology, and infrastructure with embedded sensors to warn of things like imminent traffic jams, construction, best routes for navigation during emergencies, etc. based on real-time traffic patterns.
To enable such services, smart cities will need to deploy plenty of IoT devices and services for metering, sensing, and controlling.
The Attack Surface of Smart Cities
The increase in the size of a smart city’s IoT device footprint corresponds to an increase in the size of its attack surface.
As was seen recently in a series of IoT-based denial of service attacks, IoT devices can be compromised and hijacked into a Shadownet (an IoT-based botnet that can’t be seen or tracked using normal browsers or tools) and controlled by a command and control (C&C) center run by hackers. Alternatively, these devices and services may be attacked in order to deny services to legitimate users.
Here are some examples of what hackers and attackers can do:
· Take control of parking, traffic lights, signage, street lighting, and automated bus stops, etc. For example, changing highway signs to read “terrorist threat in area” or “danger, toxic spill ahead” could seriously disrupt traffic and cause panic among drivers.
· Direct all cars and buses to a specific area to create congestion and gridlock.
· Disable local transportation, thereby disrupting businesses and services, such as banking, because employees can’t get to work.
· Open causeways to spill sewage and untreated waste water into parks, rivers, and communities.
· Cut off access to drinking water.
· Send fake SMS directing to people to a specific location, such as a targeted business or government agency
· Remotely switching off air conditioners or furnaces during extreme temperature days
· Randomly turning on fire and burglar alarms throughout the city
Increasing the Security in Smart Cities from the Inside
While it’s not possible to secure every possible security breach in a totally connected environment, it doesn’t mean we need to go back to the Stone Age. Instead, it’s possible to take some key initial steps to strengthen the smart city’s security posture and architecture:
· Use strong encryption
· Design systems that have strong protection against tampering.
· Provide strong access control, authentication, and authorization
· Maintain detailed logging of activities
· Segment services for individual sub-systems, and then aggregate and pool data that you want to make publicly accessible
· Create centralized management, analysis, and control systems through segmented and secured administration channels to troubleshoot problems
· Set baseline standards that trigger alarms or require manual override when thresholds are crossed or anomalous behavior is detected, such as rerouting traffic or disabling water treatment.
Segmentation is the Key
With a complex smart city network, segmentation is the key. For example, the Smart Transportation network needs to be logically segmented from other smart networks, such as user services, websites, or energy networks, etc. This aids in isolating an attacks, and allows for the advanced detection of data and threats as attacks and malware move from one network zone to the other. This also divides the smart city network into security zones, which aids in compliance, monitoring internal traffic and devices, and preventing unauthorized access to restricted data and resources.
Such segmentation will ensure that the majority of the IoT components deployed across the smart city only communicate with those devices and systems they should, and only talk in the protocols they have been assigned. This will also ensure that the interior network doesn’t get hacked and can’t participate in a DDoS attack.
In a similar way, other smart networks in the city can be segmented and isolated from each other, thereby avoiding the spread of malware and reducing the impact of any hacks and attacks. Further, smart cities must make include the ability of IoT equipment to support and control such traffic an essential purchasing requirement.
Increasing the Security in Smart Cities from the Outside: DDoS Attacks
While network segmentation will ensure that the internal network is protected and its integrity and availability are preserved, we need to increase the availability of the smart city’s Internet facing properties. DDoS attacks can be easily used to overwhelm this infrastructure. Depending on the size of the pipe, and expected worst-case scenarios, city IT teams must develop and implement and effective DDoS attack mitigation strategy. This may be comprised of either an over provisioned appliance solution, or a hybrid solution consisting of appliances combined with a cloud based scrubbing center.
An over provisioned appliance solution enables you to manage DDoS attacks that are larger than your normal bandwidth usage. For example, if your normal user traffic is 1 Gbps, develop a plan for a 20 Gbps DDoS attack that includes deploying an appliance to mitigate such attacks, and provision for such potential bandwidth requirements from your service provider. If the actual attack is expected to be larger than your service provider bandwidth, however, you may need a hybrid solution that includes a cloud-based scrubber that works closely with your DDoS appliance solution.
From Smart to Smarter
As time passes, smart cities will become even smarter as they learn from researchers, from each other, and from incidents that are bound to happen.
5 Ways to get coding
SAP Africa Code Week will return this October to the Cape Town Convention Centre to spread digital literacy across the continent and aim to empower over 600 000 children and youth in the basics of coding.
Fact: Did you know that by 2020, 80 percent of all jobs will be related to science, technology, engineering and mathematics (STEM)? By then, Africa would also have added 122 million younger people to its workforce, the most of any region in the world. This will provide the continent with the opportunity to be the fastest-growing digital consumer market on the planet, supported by the most youthful population.
To build this educated workforce, children & youth must be provided the opportunity to acquire digital skills from a very young age. This is what led SAP to give birth to Africa Code Week (ACW) and work closely with UNESCO YouthMobile, Google, Governments, educational institutes, schools, businesses, Tech-Hubs, Start-Ups and NPOs to drive sustainable learning impact and make digital skills a core pillar of basic education across Africa. In partnership with SAP these stakeholders are joining forces to power opportunities through digital inclusion in support of the United Nations Sustainable Development Goals- SDGs (#1 – No Poverty, #4 – Quality Education and #5 – Gender Equality) through what Nelson Mandela described as “the most powerful weapon which we can use to change the world”: education.
With over 1.8 million youth introduced to coding over the past three years, ACW returns to the continent this year with a core focus on driving increased sustainability of the programme through its Train-the-Teacher sessions and female skills development in support of the #eskills4girls initiative, which was launched to help overcome the gender digital divide and promote education, skills and employment for girls and women in a digital world. In October 2018, ACW will support thousands of free workshops organized for youth aged 8-16 years across 36 African countries.
Computer Coding, Artificial Intelligence, Data Science, Machine learning, Virtual Reality; the list of today’s digital skillset is ever-evolving within a fast-paced digital economy. Whether a technophile or technophobe – here’s how you can get involved:
Attend a Live Workshop
Taking place at schools, universities, science centers or community centers, ACW’s free digital workshops address specific age groups regardless of learner levels. Get yourself up to speed with fun learning tools and passionate teachers! Visit the ACW Map to locate a workshop near you.
- Access a Free Online Course
Learn Coding from Scratch: If you are between 12 and 16 years old and would like to learn computer programming, openSAP is the place to start. This free online course will teach you how to create your own animations and games using the famous Scratch interface, a free programming language designed by the MIT Media Lab to simplify the face of coding for the young generation.
Teaching coding using Scratch: If you would like to learn the skills to teach youth coding using the famous Scratch interface described above, openSAP also has a free course for teachers.
- Both courses are also available in French on openSAP for teachers and youth in Francophone Africa.
Host a Coding Workshop in Your Community
Why not support the planning and execution of workshops in your own venue community? You can visit the ACW website to download your full partner guide including a checklist of what you’ll need to host a successful coding workshop in your school or community.
Become a Coding Instructor
Use your teaching skills for the greater good and visit the ACW website to see where Train-the-Trainer workshops are taking place in your country. While ACW takes place over a one-week period every year, it is the local capacity building within schools and communities that will ensure sustainable 21st century skills development across the continent.
Become a Corporate Sponsor
ACW relies on a global network of likeminded companies. By becoming a sponsor, your organisation will be able to engage customers, partners and employees as skilled volunteers as part of its own series of workshops and help expand the scope to more African countries. You can reach out to firstname.lastname@example.org for further details.
Together We Can Make the World Run Better
“There is so much we can do to empower our youth in the digital age,” says Sunil Geness, Project Lead for Africa Code Week. “ACW creates awareness about the importance of digital skills through creative and interactive learning. It also fosters the rise and growth of a community training culture which supports Government and Education institutions with the integration of coding into existing school curricula.”
He adds that it is not enough to rely on traditional teaching tools to equip our children with the skills they need for the future. “Beyond the activities taking place across the continent, Africa Code Week is also a fast-growing and powerful ecosystem that enables teachers and learners to connect and collaborate with their peers. This sustainable approach is a powerful contributor to realising the potential of Africa’s immense talent pool.”
Feeling inspired? Join SAP and partners; the Cape Town Science Centre, the Camden Education Trust, UNESCO Youth Mobile, Google, The German Federal Ministry of Economic Cooperation and Development and a fast-growing network of over 150 private and public partners on their Africa Code Week mission to bridge the digital skills and gender gap. Simply visit www.africacodeweek.org to find our more.
How AI can save elephants
Deep in the rainforest in a northern corner of the Republic of Congo, some of the most sophisticated monitoring of animal sounds on earth is taking place. Acoustic sensors are collecting large amounts of data around the clock for the Elephant Listening Project.
These sensors capture the soundscape in Nouabalé-Ndoki National Park and adjacent logging areas: chimpanzees, gorillas, forest buffalo, endangered African grey parrots, fruit hitting the ground, blood-sucking insects, chainsaws, engines, human voices, gunshots. But researchers and local land managers who placed them there are listening for one sound in particular — the calls of elusive forest elephants.
Forest elephants are in steep decline; scientists estimate two-thirds of Africa’s population has likely been lost to ivory poaching in recent decades. Africa’s savannah elephants have also declined by 30 percent over a recent seven-year period, primarily because of poaching, according to results released in 2016 from Paul G. Allen’s Great Elephant Census.
But those working to save these species, which are critical to keeping ecosystems in balance and that also draw wildlife tourists, have a powerful new tool at their disposal: artificial intelligence.
Conservation Metrics, a Microsoft AI for Earth grantee based in Santa Cruz, California, uses machine learning to monitor wildlife and evaluate conservation efforts. It is applying its sophisticated algorithms to help the Elephant Listening Project, based at Cornell University’s Lab of Ornithology, distinguish between forest elephant calls and the other sounds in a noisy tropical rainforest. It’s a perfect job for AI — looking for these rare patterns in terabytes of data that would take humans years.
Researchers use the elephant call data to build more accurate and frequent population estimates, track their movements, provide better security and potentially to identify individual animals, which can’t be easily seen from the air.
It is one of many ways biologists, conservation groups and Microsoft data scientists are enlisting artificial intelligence to prevent the illegal killing of elephants across Africa, stop the global trade in their parts and preserve critical habitat. Efforts include using machine learning to detect real-time movement patterns that could alert rangers to poaching and blocking online ads that attempt to sell illegal ivory or elephant parts.
Scientists with the Elephant Listening Project estimate that Africa’s population of forest elephants has dropped from roughly 100,000 animals in 2011 to fewer than 40,000 animals today. But those numbers are largely based on indirect evidence: ivory seizures, signs of poaching and labor-intensive surveys that are too expensive to be done regularly.
The Elephant Listening Project has spent more than three decades researching how elephants use low-frequency rumbling sounds to communicate with one another. More recently, those scientists began to use acoustic sensors at research sites to build population estimates and, ultimately, to track and protect forest elephants across their ranges in Central and West Africa.
If scientists find, for example, that at specific times of year elephants are using clearings in an unprotected logging concession to access scarce minerals or find mates, scientists can work with the loggers to schedule their work to minimize disturbance and reduce conflicts.
But there has been a bottleneck in getting data out of these remote African forests and analyzing information quickly, says Peter Wrege, a senior research associate at Cornell who directs the Elephant Listening Project.
“Right now, when we come out of the field with our data, the managers of these protected areas are asking right away, ‘What have you found? Are there fewer elephants? Is there a crisis we need to address immediately?’ And sometimes it takes me months and months before I can give them an answer,” says Wrege.
Conservation Metrics began collaborating with the Elephant Listening Project in 2017 to help boost that efficiency. Its machine learning algorithms have been able to identify elephant calls more accurately and will hopefully begin to shortcut the need for human review. But the volume of data from the acoustic monitors is taxing the company’s local servers and computational capacity.
Microsoft’s AI for Earth program has given a two-year grant to Conservation Metrics to build a cloud-based workflow in Microsoft Azure for analyzing and processing wildlife metrics. It has also donated Azure computing resources to the Elephant Listening Project to support its data-processing costs for the project. The computational power of Azure will speed processing time dramatically, says Matthew McKown, the CEO of Conservation Metrics. The platform also offers new opportunities for clients to upload and interact with their data directly.
It takes about three weeks for computers to process a few months of sound data from this landscape-scale study, says McKown. Once the Azure migration is complete later this year, that same job may take a single day.
“It’s a huge improvement. We’re really interested in speeding up that loop between having equipment monitoring things out in the field and going through this magic process to convert those signals into information you can send into the field where someone can take action,” says McKown. “Right now, that process can take a really long time.”
‘We’ve only scratched the surface’
Across the continent in East Africa, Jake Wall, a research scientist with Save the Elephants who collaborates with the Mara Elephant Project and other conservation groups, typically has more immediate access to data about the savannah elephants he studies in Kenya and seven other countries. That’s because animals in those populations have been outfitted with GPS tracking collars that transmit location data via satellites and cell networks.
That information is uploaded to the Domain Awareness System (DAS), a real-time data visualization and analysis platform now used in protected areas across Africa. It integrates data from about 15 different sources today, including ranger vehicle and radios, animal trackers, camera traps, drones, weather monitors, field reports, snare locations and satellite imagery. The tool was developed by Paul G. Allen’s Great Elephant Census, another AI for Earth partner that is moving the DAS system and its data onto the Azure cloud, to give managers a real-time dashboard that can inform tactical decisions for interdiction against suspected illegal activity or apparent threats to endangered wildlife.
In some areas, DAS also powers a Save the Elephants tracking app that can alert rangers when an animal has slowed or stopped moving via email or text message. The app can also warn when animals are heading toward human settlements where they might raid a farmer’s crops. Reserve managers or the farmer can then help herd the animals back to safety. From Gabon to Mozambique to the Congo, some 463 animal tracking devices are deployed, of which 358 are on elephants.
In other projects, Microsoft has worked with the Peace Parks Foundation, which combats rhino and other wildlife poaching in South Africa, to create remote sensing systems that can detect and evaluate poaching risks. Microsoft, through a NetHope Azure Showcase grant, is also helping move the open-source SMART (Spatial Monitoring and Reporting Tool) Connect to the Azure cloud. It is used in dozens of conservation sites across Africa to improve the effectiveness of wildlife patrols.
AI for Earth has also provided grants to researchers at the USC Center for AI in Society (CAIS) and Carnegie Mellon University, who have created and are continuing to improve Protection Assistant for Wildlife Security (PAWS). It uses machine learning to create patrol routes based on where poaching activity is most likely to occur. USC CAIS has also created and is continuing to improve the Systematic Poacher Detector, which detects poachers and wildlife in nighttime drone footage, now being used by organizations including Air Shepherd.
Even with advances in radio collar technology, sensors and imagery collection, a lot of additional work is needed to turn that data into scientific insights or actionable intelligence, says Wall.
“I think we’ve only scratched the surface of what’s possible,” says Wall. “We’re really excited because the expertise that Microsoft and AI for Earth can bring to the table includes skillsets that field biologists don’t typically have.”
“Machine learning could be applied to seven or eight immediate things that I would love to know more about, whether it’s recognizing individual elephants or picking up on changes in movement behavior or figuring out what’s happening on a landscape level with human expansion and deforestation,” says Wall.
Wall has been collaborating with Dan Morris, a Microsoft researcher working with AI for Earth, on a half dozen project ideas. One examines how to use machine learning to identify streaking behaviors — when elephants run fast and in an unusually straight line — that can be a sign of poaching or other threats.
Morris has also been working to apply machine learning algorithms to camera traps, which are remote field cameras that are triggered by motion and photograph anything that crosses their path. But finding an animal of interest can be like looking for a needle in a haystack.
“Sometimes no one has time to look through these images and they end up sitting on a grad student’s shelf somewhere,” says Morris. “The potential for machine learning to rapidly accelerate that progress is huge. Right now there is some really solid work being done by computer scientists in this space, and I would guess that we’re less than a year away from having a tool that biologists can actually use.”
Wall and Morris are also beginning to work on using AI to distinguish between elephants and other animals like buffalo or giraffes in aerial photography. Knowing when and where elephants are coming into contact with other wildlife — and particularly domesticated animals like cattle — can help rangers minimize conflicts with humans and help scientists better understand disease vectors.
These insights can also inform land-management decisions, such as where to lobby for protected areas and where to locate human infrastructure like roads and pipelines. That’s one of the most significant yet least understood threats to elephant survival, says Wall. With access to the right imagery data, AI tools could help begin to keep tabs on, and draw useful insights into, human encroachment into their habitat.
“We’re always focused on poaching and these acute problems, but really it’s the expansion of human settlements and the advancements of roads and railways and pipelines that are going to affect African elephant populations going forward,” says Wall.
‘AI is really the key piece’
Saving elephants isn’t just about stopping poachers where they hunt. Disrupting the global marketplace that rewards them economically is equally important.
Microsoft and other tech companies have joined the Global Coalition to End Wildlife Trafficking Online, organized by the World Wildlife Fund (WWF) and partners TRAFFIC and the International Fund for Animal Welfare. After observing that trafficking in wildlife parts like elephant ivory, animal skins and live pets had largely moved from physical marketplaces to the internet, they convened companies from across the online landscape to combine forces to stop it.
Along with targeting the illegal trade in elephant products, the coalition partners target criminal transactions such as the sale of tiger cubs for pets and the trade in pangolin scales and illegal coral.
“Previously cybercriminals were able to operate pretty freely on the internet because there wasn’t much risk,” says Giavanna Grein, a wildlife crime program officer at WWF. “But now we’re creating deterrents and consistency across all the different platforms — if every time a criminal creates a new account and puts up a new post, it’s taken down immediately, that’s going to be really frustrating for that criminal.”
The coalition has since worked with search engines like Bing, e-commerce sites and social media companies to adopt strong and consistent policies about what products are prohibited on their platforms. WWF also provides training to help companies recognize and shut down advertisements and customer accounts that traffic in illegal wildlife.
That involves some mix of human detective work and algorithms that search for keywords associated with wildlife trafficking. In September, Microsoft’s AI for Earth team will host an AI-focused workshop for tech companies and academics working to enhance automation to detect illegal wildlife and their products online. The goal is to advance technologies to identify and root out endangered species posts before anyone has a chance to see and purchase them.
“AI is really the key piece in combating wildlife trafficking online. While it’s not the only solution needed, automating the review of posts containing illegal wildlife and their products would drastically increase the barrier to entry for wildlife cybercriminals,” says Grein.