Smart Cities

Interdependence and Overreliance

 

1)  “ We are weaving technologies into our homes, our communities, even our bodies- but even experts have become disturbingly complacent about their shortcomings. The rest of us rarely question them at all…. But what if it’s the harbinger of bigger problems? What is the seed of smart cities own destruction are already built into their DNA? –Buggy, Brittle and Bugged – Smart Cities. Anthony Townsend

“In our research at IOActive Labs, we constantly find very vulnerable technology being used across different industries. This same technology also is used for critical infrastructure without any security testing. Although cities usually rigorously test devices and systems for functionality, resistance to weather conditions, and so on, there is often little or no cyber security testing at all, which is concerning to say the least.”

“When either wireless or wired communications security is poor, an attacker can easily intercept and hijack communications and take control of devices and networks. We see this all the time; most such communications are insecure”. –  Active Hacking – Cesar Cerrudo

 

If smart cities contain bugs within their systems, before these systems are plugged into cities, how do you find the bug or error without plugging it into a city? How can they be tested before they are integrated into a network that effects not just the infrastructure but people as well? Is the system or method of testing prone to flaws as well? Aren’t security systems set up to prevent cyber hacking prone to hacking as well? They may defend the network better but they are also susceptible to attacks and are vulnerable too. How effective are cyber security systems? There are new virus developed everyday, how effective are cyber security softwares and systems? What are their limitations and parameters?

 

2) “The sheer size of city-scale smart systems comes with its own set of problems. Cities and their infrastructure are already the most complex structures humankind has ever created. Interweaving them with equally complex information processing can only multiply the opportunities for bugs and unanticipated interactions.”

“ The pervasiveness of bugs in smart cities is disconcerting. We don’t have a clear grasp of where the biggest risks lie, when and how they will cause systems to fail, or what the chain reaction consequences will be. Who is responsible when a smart city crashes? And how will citizens help debug the city?”

–Buggy, Brittle and Bugged – Smart Cities. Anthony Townsend

“There is a huge and unknown attack surface on smarter cities. With so much complexity and interdependency, it is difficult to know what and how everything is exposed. Therefore, simple problems could cause a big impact due to interdependency and chain reactions.20 This is what makes threat modeling so important…Has anyone seen a threat model for a city? Maybe these exist, but I haven’t seen one. Some larger software and services vendors have issued general documents about cyber security in cities but nothing very specific.”

 

“The current attack surface for cities is huge and wide open to attack. This is a real and immediate danger. The more technology a city uses, the more vulnerable to cyber attacks it is, so the smartest cities have the highest risks.”

 

–  Active Hacking – Cesar Cerrudo

City smart systems consist of the physical infrastructure and a digital one, both come with their own set of complications and problems, What approach can lead to this integration, to be less riskier and better fitting? How would one test this integration? Does it depend on the context or the issue, whether a bottom up or top down approach is effective, it also depends on which infrastructure is effected? What type of prototype or model should be built or an actual neighborhood would be taken as a prototype to test such technologies first? Can these systems, which are interdependent on each other, function better if when one is effected it shuts down so as not to effect other systems and back up system takes its place? (parallel circuit and not a series circuit). The malfunction of one network would replace itself with a back up system to prevent the other systems dependent on it to not malfunction. System such as the internet, cloud computing, cellular networks, GPS, sensors, etc. How can these chain reactions be addressed and what countermeasures need to be made or taken in order to prevent a complete system shutdown or malfunction?

 

3) “ In our rush to build smart cities on a foundation of technologies for sensing and control of the world around us, should we be at all surprised when they are turned around to control us?’

“ Thinking about the unthinkable dictated a whole new approach to building cities. By concentrating population, infrastructure, and industrial capacity in nice, big juicy, megaton sized targets they had become a liability in the nuclear age.” …Norbert Weiner, “The decentralization of our cities on the spots on which they stand, plus the release of our whole communications system from the threat of a disastrous tie-up, are reforms which are long overdue… For a city is primarily a communications center serving the same purpose as a nerve center in the body.”

“We will never know if the negative impacts could have been avoided, but it would not have cost much to try. We might have even avoided the very unintended consequences we now invent smart technologies.”

–Buggy, Brittle and Bugged – Smart Cities. Anthony Townsend

 

“It’s extremely important: Technologies used by cities must be properly security audited to make certain that they are secure before they are implemented. …. When we see that the data that feeds smart city systems is blindly trusted and can be easily manipulated, that the systems can be easily hacked, and there are security problems everywhere, that is when smart cities become Dumb Cities.”

“The nature of the impact depends on the extent to which a city relies on the services affected.”

–  Active Hacking – Cesar Cerrudo

 

By overseeing and managing the data being fed into and out of smart city systems, how effective would this solution of managing the data be when it comes to the structure of the system? If the system itself has bugs then does the data processing through it matter? To what extent?

If these consequences, (Townsend mentions) were addressed, would they only effect the problem in the short run or the long run? Is the patch, for solving the issue to let the system continue working rather than actually finding the core root of the problem?

Does the weakness or problems in the smart city infrastructure lead to it being called dumb city or does the existence of dumb citizens (participatory) lead to it being called a dumb city? Or the existence of both define the existence of dumb cities? What effects smart cities more, currently: citizens that effect the infrastructure of the city or do the networks or systems integrated in these cities. Can citizens take security into their own hands? How so ? Or do we need specialized companies like IOactive labs to secure our systems? How involved do citizens need to be when addressing such problems?

 

 

 

 

 

Cerrudo, “An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks,” White Paper

-Sadly cities are implementing new technologies without first testing cyber security, there is often little or no cyber security testing at all, vendors with little or no experience in implementing security features, Many vendors implement custom wireless and wired communication protocols with either very poor security or no security…. Who is responsible or at fault for such lack of knowledge or being carless while implementing technologies in smart city, the government, other private organizations or vendors who designs these devices and technology?

– In our research at IOActive Labs, we constantly find very vulnerable technology being used across different industries. This same technology also is used for critical infrastructure without any security testing. Although cities usually rigorously test devices and systems for functionality, resistance to weather conditions, and so on, there is often little or no cyber security testing at all, which is concerning to say the least (pg.no: 08). Is it always possible to test technology completely and assure that there is no bug? Sometimes a hardware failure can also cause system to fail.

Townsend, “Buggy, Brittle and Bugged,” Smart Cities

-The sheer size of city-scale smart systems comes with its own set of problems. Cities and their infrastructure are already the most complex structure humankind has ever created. Interweaving them with equally complex information processing can only multiply the opportunity for bugs an unanticipated interactions (pg.no:256). Will the bottom up process of building smart cities have minimal chances for bugs and unanticipated interactions?

 

 

Buggy, Brittle and Bugged

–In the case Y2K, the reality is very like the division of labour in society today, people just pay attention to their own duty, which relevance their own benefit only. However, if there’s a issue which brings no benefit or benefit others as well, who will have the motivation to do it?

 

An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks 

–In page 8, author talks about encryption issues, test process is really big issue. Because it is really depends on specific situation where this system placed. Kind like architecture, why we say it is irreproducible, because even we got the same drawings, we can’t build the same building in 2 places due to the different of weather, environment and even the workers. Same, I think the test should be in the specific location. How do we think about this idea which relates to the cost increasing and the time increasing?

 

–Another thing always comes to my mind is, in order to keep the city security, we have to keep improving the firewall in order to defend the hackers, same like the chip card technology. It’s kind like an abime, since we start with the big data, open source, we start to fight against the hackers. When we began to build smart city, did we consider about the cost of the follow up cost?

Buggy, Brittle and Bugged – Townsend

It becomes clear that as technology attempts to automate tasks the design for which fails to encapsulate uncertainties and preferences, we will be surrounded with “buggy” infrastructures. This begs the question, Will the smart city have a manual flush option? Or will we be subjects of frequent bugs and glitches at ever growing scales of complexity and relative consequences?

In describing the “First actual case of a bug being found”, Townsend highlights that bugs can be software glitches resultant of coding or physical wear and tear of hardware due to lack of maintenance or unforeseen accidents. Although the public persists to call for an “exposed smart city infrastructure” where citizens can more easily perceive and understand their smart city grid, do they understand the implications doing so could have in increasing the probability of bugs and failures due to tampering?

Is it worth considering that interlacing of the entire city into a centralized smart city infrastructure (due to software interdependencies) vs more analogous, fragmented structures deployed today, that the risk and relative cost of attacks/failures effectively underscores corporations’ promise of increasing efficiency and profitability?

Will fear of tampering with the smart city infrastructure delay / effectively abolish the hope of DIY citizens’ access to smart city “walled gardens”? How can we increase the smart city infrastructure’s resilience against bugs and attacks without walling out citizens and their potential contributions to the infrastructure?

If hacking is considered an expression of agency manifesting in contingent use (exploitation) of certain technologies can we think of hacking in and of itself as a form of citizen participation that prompts constant evolution adding layers of sophistication and resilience to the smart city? Are attacks, bugs and glitches the vaccine to larger scale threats? Much like viral infections are to our immune systems? Consider a group of ethical hacking activists that aim to highlight and expose areas susceptible to infiltration much like citizens report “bugs” in the physical infrastructure (potholes etc) to local authorities today

An emerging US (and World) Threat – Cesar Cerrudo

“What would commuting look like with non functioning traffic control systems” Non technologically-mediated infrastructures have been implemented in a number of areas around Europe and the UK (shared space initiative) and have had “positive” effects – It is feasible to consider where technology should be implemented vs where is can be. In doing so can we preserve our state of functionality more so than if we surrendered everything to a floating buggy infrastructure? Or would we, by doing so, omit seemingly unnecessary technologies from contributing to a larger picture that is yet to be realized?

“How would citizens respond to an inadequate supply of electricity”..etc. Consider the plausibility of a smart city backup structure that is surrendered to the citizens. The equivalent of citizen generators and independently owned and run street lights that kick in in the event of a superstructure bug or attack. Will doing so allow DIY activists to understand the system and actively contribute/inspire future implementations with regards to security and functionality, adding resilience to the smart city infrastructure and concretizing the dialogue between top down implementation and bottom up innovation?

“The public needs to see to believe. Cities are not spurred into action by discussions about suspected vulnerable products and threats” – This reiterates that bugs and hacking are a critical component to strengthening the smart city’s immune system – making it more resilient to devastating attacks and or failures.

An investigation of the weakness of sub structural infrastructures’ security systems begs the question: could their weakness be due to a general under-estimation of the public’s understanding and will to hack, manipulate and repurpose infrastructures in addition to a general complacency with regards to maintenance and upkeep with current technological processes? Is there simply less room for such complacency now?