Interdependence and Overreliance
1) “ We are weaving technologies into our homes, our communities, even our bodies- but even experts have become disturbingly complacent about their shortcomings. The rest of us rarely question them at all…. But what if it’s the harbinger of bigger problems? What is the seed of smart cities own destruction are already built into their DNA? –Buggy, Brittle and Bugged – Smart Cities. Anthony Townsend
“In our research at IOActive Labs, we constantly find very vulnerable technology being used across different industries. This same technology also is used for critical infrastructure without any security testing. Although cities usually rigorously test devices and systems for functionality, resistance to weather conditions, and so on, there is often little or no cyber security testing at all, which is concerning to say the least.”
“When either wireless or wired communications security is poor, an attacker can easily intercept and hijack communications and take control of devices and networks. We see this all the time; most such communications are insecure”. – Active Hacking – Cesar Cerrudo
If smart cities contain bugs within their systems, before these systems are plugged into cities, how do you find the bug or error without plugging it into a city? How can they be tested before they are integrated into a network that effects not just the infrastructure but people as well? Is the system or method of testing prone to flaws as well? Aren’t security systems set up to prevent cyber hacking prone to hacking as well? They may defend the network better but they are also susceptible to attacks and are vulnerable too. How effective are cyber security systems? There are new virus developed everyday, how effective are cyber security softwares and systems? What are their limitations and parameters?
2) “The sheer size of city-scale smart systems comes with its own set of problems. Cities and their infrastructure are already the most complex structures humankind has ever created. Interweaving them with equally complex information processing can only multiply the opportunities for bugs and unanticipated interactions.”
“ The pervasiveness of bugs in smart cities is disconcerting. We don’t have a clear grasp of where the biggest risks lie, when and how they will cause systems to fail, or what the chain reaction consequences will be. Who is responsible when a smart city crashes? And how will citizens help debug the city?”
–Buggy, Brittle and Bugged – Smart Cities. Anthony Townsend
“There is a huge and unknown attack surface on smarter cities. With so much complexity and interdependency, it is difficult to know what and how everything is exposed. Therefore, simple problems could cause a big impact due to interdependency and chain reactions.20 This is what makes threat modeling so important…Has anyone seen a threat model for a city? Maybe these exist, but I haven’t seen one. Some larger software and services vendors have issued general documents about cyber security in cities but nothing very specific.”
“The current attack surface for cities is huge and wide open to attack. This is a real and immediate danger. The more technology a city uses, the more vulnerable to cyber attacks it is, so the smartest cities have the highest risks.”
– Active Hacking – Cesar Cerrudo
City smart systems consist of the physical infrastructure and a digital one, both come with their own set of complications and problems, What approach can lead to this integration, to be less riskier and better fitting? How would one test this integration? Does it depend on the context or the issue, whether a bottom up or top down approach is effective, it also depends on which infrastructure is effected? What type of prototype or model should be built or an actual neighborhood would be taken as a prototype to test such technologies first? Can these systems, which are interdependent on each other, function better if when one is effected it shuts down so as not to effect other systems and back up system takes its place? (parallel circuit and not a series circuit). The malfunction of one network would replace itself with a back up system to prevent the other systems dependent on it to not malfunction. System such as the internet, cloud computing, cellular networks, GPS, sensors, etc. How can these chain reactions be addressed and what countermeasures need to be made or taken in order to prevent a complete system shutdown or malfunction?
3) “ In our rush to build smart cities on a foundation of technologies for sensing and control of the world around us, should we be at all surprised when they are turned around to control us?’
“ Thinking about the unthinkable dictated a whole new approach to building cities. By concentrating population, infrastructure, and industrial capacity in nice, big juicy, megaton sized targets they had become a liability in the nuclear age.” …Norbert Weiner, “The decentralization of our cities on the spots on which they stand, plus the release of our whole communications system from the threat of a disastrous tie-up, are reforms which are long overdue… For a city is primarily a communications center serving the same purpose as a nerve center in the body.”
“We will never know if the negative impacts could have been avoided, but it would not have cost much to try. We might have even avoided the very unintended consequences we now invent smart technologies.”
–Buggy, Brittle and Bugged – Smart Cities. Anthony Townsend
“It’s extremely important: Technologies used by cities must be properly security audited to make certain that they are secure before they are implemented. …. When we see that the data that feeds smart city systems is blindly trusted and can be easily manipulated, that the systems can be easily hacked, and there are security problems everywhere, that is when smart cities become Dumb Cities.”
“The nature of the impact depends on the extent to which a city relies on the services affected.”
– Active Hacking – Cesar Cerrudo
By overseeing and managing the data being fed into and out of smart city systems, how effective would this solution of managing the data be when it comes to the structure of the system? If the system itself has bugs then does the data processing through it matter? To what extent?
If these consequences, (Townsend mentions) were addressed, would they only effect the problem in the short run or the long run? Is the patch, for solving the issue to let the system continue working rather than actually finding the core root of the problem?
Does the weakness or problems in the smart city infrastructure lead to it being called dumb city or does the existence of dumb citizens (participatory) lead to it being called a dumb city? Or the existence of both define the existence of dumb cities? What effects smart cities more, currently: citizens that effect the infrastructure of the city or do the networks or systems integrated in these cities. Can citizens take security into their own hands? How so ? Or do we need specialized companies like IOactive labs to secure our systems? How involved do citizens need to be when addressing such problems?