IoT Security needs to be the bedrock of Smart City Development

Internet of Things hardware and security

In the last 5 years we have seen many announcements and investments around the development of “smart cities” in Southeast Asia, including Singapore’s “Smart Nation” and “Thailand 4.0” initiatives. Along with the public announcements come the perception that nations in the region are now in a new tech “arms race” to be crowned as the regional tech hub, attracting both investors and the most innovative talent to anchor their businesses. The smart infrastructure investments that positively impact both business and citizens include those that effectively connect and capture, analyse and utilise data from transport, utilities and communication.

With a population of more than 600 million that is increasingly educated and hungry for success, Southeast Asia is poised to be the region to watch for further development and opportunities in technology, including the transformation of its cities into “smart” metropolises anchored by connectivity, data.

This essential connectivity across infrastructure and services is not possible without the development of the Internet of Things (IoT). It is the connector and moderator across intelligent system architecture that monitors and regulates the output of these devices. The development of smart cities is therefore dependent on the design and manufacture of those IoT devices. However, the security component of IoT has often been overlooked in the rush to city transformation. As a result, there has been a dramatic increase of cyber-attacks against smart cities and numerous such attacks were recorded in last few years resulting in billions of dollars of monetary damage.

GM Krishna, Director, IoT Solutions – Asia Pacific, Avnet Asia
GM Krishna, Director, IoT Solutions – Asia Pacific, Avnet Asia

Cybersecurity, which looks at the overall security of data in software and its systems, has instead been the main focus for governments, business and regulators in the region. For example, governments and companies have spent millions on ensuring that defence of major data centers are impervious to attempts from saboteurs. IoT security on the other hand, has been left to its own devices

An article from Application Threat Intelligence states that most IoT devices lack the basic security features of a standard home computer system, and that hackers have stolen from or hijacked IoT devices without any detection from the end user. Not surprisingly, according to a report issued by Independent Security Evaluators, vulnerabilities in IoT devices have more than doubled since 2013.

Like most technology, new IoT devices are developed through a process involving ideation, design, prototyping, manufacturing and final implementation. This long process involves different manufacturers at various stages each contributing to the final product without direct communication. This segmented manufacturing process and involvement of various un-related parties is what creates security vulnerabilities for the finished product which is uniquely designed to capture user data for analysis.

In order to address these security vulnerabilities, manufacturers must consider a chain of trust, enabling end-to-end security from devices to cloud, and including device life cycle. Implementing and integrating security within this chain of trust could become a challenge.

This is why it is recommended to work with a trusted partner that can provide expertise, network and resources to advise and mitigate the security implications of the IoT device’s design and implementation. This partner who has visibility to the entire manufacturing process, can be in a position to reduce security loopholes present in the development process, and plug the gaps that might be there if the inventor joins in the middle of the product development lifecycle. It is in being the central “one stop shop” for inventors that would help them focus on the benefits of the invention while maintaining the integrity of the security.

This process and centralized visibility is how banks and financial institutions have aggressively addressed the security gap by identifying potential vulnerabilities from the very start of the innovation and product development process.

As technological integrity of a smart city depends very much upon its reliability to be safe and secure for its citizens, we must employ that same spirit towards IoT device development as we do for the financial ecosystem.