The expression smart city, as it is often used in English speaking countries, could be translated to Hungarian as liveable city, where the primary goal is to make the lives of residents easier by improving both the physical and digital infrastructure. Yet the concept comes with various, previously hidden risks. Hackers today are no longer pimpled teens hiding away in basements, but hacktivists who could easily paralyze the smart city’s complete public transport system in protest against, let’s say, free passes for seniors. However, there is no security without analysis, says T-Systems Security Strategist Arthur Keleti in an interview following his presentation at ISACA about cities of the future, cybercrime and the reasons why we don’t fear the internet enough.
Nowadays people call anything ‘smart’ as soon as it is connected to the internet or can be controlled through an app. When can we really call a city ‘smart’?
Smart cities employ technology and sensors to collect data and use it to manage assets and resources efficiently to make people’s lives easier and better. People living in smart cities have easier access to certain local services or access to services never seen before, such as tracking their children on their way to school. At the same time, the city fulfills its original function: provides security, access, and simplicity. As soon as such functions start to emerge, you can start calling the city smart, even if not all functions have become smart yet. Of course, the ultimate goal is that people run all errands online, without having to go to the local municipality office. Smart functions would include waste collection and public transport management. That is the main role of a smart city.
In your presentation, you underlined that today’s cities are only semi-smart.
There are certain functions you simply cannot switch on and off in a city. Take public transport routes, for example, or camera systems that require physical installation. Sensors and measuring devices must be put in place, they need to be glued or installed in the pavement. It is a complex piece of infrastructure comprising multiple hardware and software elements, plus you have to operate and maintain the applications. This is a huge IT challenge for any city, as operators might not have prior experience in maintaining and operating 24/7 online apps for cities. I think it is already a great achievement if a city has a couple of smart functions. You don’t have to implement everything at once. It is a gradual process.
So, in the best case scenario, developments deliver solutions to unresolved problems.
Exactly. Smart cities fix urban functions that don’t work properly or don’t work at all. If you have a main road that always gets jammed, you can place cameras and sensors there and gather information to identify the causes of recurring traffic jams. But technology creates new challenges. When citizens of a smart city go home, they still remain in the city. Is it the city or the government that is responsible for ensuring the appropriateness of IT security devices and software that protect them and their family from the dangers of cyberspace in their homes? The city can protect the citizens both offline (public security on the streets) and online. That can also be an important goal for a smart city.
Can users be fully protected? User awareness is important, yet many people still don’t use multifactor authentication or proper passwords. How can we improve IT security awareness?
That is a very difficult question. I don’t think we can ‘reprogram’ people’s minds. Some people are more aware and better at detecting security weaknesses while others are not so good at it.
People understand risks and dangers in the real world, but a logical space – the internet – is abstract, it’s difficult to grasp and fully understand.
Cyberspace requires a different attitude, one that hasn’t been developed yet. Our sense of danger is not as strong as it is in the real, physical world, and therefore smart cities must ensure cybersecurity in the virtual world – besides the obvious public security in the real world, through police presence. Smart cities can also educate people via public screens and apps. That is already common practice at many companies. You can guide people with messages and reminders. But, besides raising awareness and education, IT security technology and protection of users in cyberspace is a must for any smart city. Just like in your car: there are many built-in devices that protect you from crashing and you don’t even know about them.
China is an extreme example of mass surveillance based on face recognition technology.
Let’s get something straight: to ensure safety and security in a city, surveillance, and monitoring are inescapable. This is a complex question because people’s privacy must be respected. But no one can expect protection without being monitored. That would be like blindfolding police officers, emergency doctors or firemen and expect them to take off the blindfold only when someone has already gotten into trouble. People in modern societies must understand that their activities are analyzed to a certain extent because it is vital to the operation of services in cyberspace. The challenge lies in defining the boundaries, collecting and processing data without violation of privacy rights and personal data laws prescribed by the GDPR.
We shouldn’t fight against technology, but rather be glad that it reached this high level of development where it is capable of recognizing hundreds or thousands of faces per minute. The question is: what are we going to do with all this data? If harnessed for good causes, people will like and accept technology.
Give me some examples.
If you go to a concert, the face recognition software instantly recognizes you upon entering the venue. This makes it impossible to sell you fake tickets. In public venues and stadiums, you don’t have to be afraid of criminals and offenders, as the system detects them automatically. We can better protect pedestrians with technology that automatically detects traffic violations. Cities may incentivize people to lead a healthier lifestyle and follow a better diet, e.g. those who consume more milk get tax cuts or lower insurance rates. Technology helps you track and monitor milk consumption. Finding the right balance is difficult, but it is possible.
So you don’t think the system in China is a bad thing?
There is no problem with the system. The question is how we use the data, and that decision falls in the hands of the government. The approach may vary with society or the region. Many things that are OK in Asia might cause trouble in Europe.
In many aspects, Hungary is dominated by its capital city. If cities get smarter, does that mean the villages become relatively ‘dumber’? Does technology widen the gap between large and small towns?
Quite the opposite, I would say. The technology used in smart cities can be implemented anywhere, as these are modular developments. What’s more, smaller towns or villages have a relative advantage because they can be quicker in implementing certain solutions. The same goes for countries. Take Estonia, home to a little over 1 million inhabitants, for example. Estonia can implement the latest IT technologies because its population is significantly lower. If they want to introduce a new solution, they can quickly implement and test it, and smaller cities are also faster in adopting changes. All in all, new technology opens doors and creates truly equal opportunities for everyone.
Do benefits go beyond city limits? Could, for example, a city that optimizes energy management with smart solutions contribute effectively to the fight against climate change?
We, at T-Systems firmly believe that good projects must have not only direct but also indirect positive impacts and benefits. For example, if consumption and use of resources at people’s homes become measurable, and data is sent to the local government, the management may offer benefits to incentivize people or suggest solutions to the problems of the population. A good example is the ‘online cash register’ program launched in Hungary at the beginning of the 2010s, which achieved great success even at a European level. It was sort of a smart city concept, as all cash registers were connected online that allowed tax authorities to monitor small enterprises, and lifted the tax-related administrative burden of entrepreneurs. If you link such reporting systems, it can lead to economic benefits on a national level.
Smart cities have to incorporate all these elements, organize data and information into databases and analyze them (inter alia by means of artificial intelligence,) to enable city management to make informed decisions and develop strategies. We must build ecosystems in which data from a vast amount of sensors and IT devices can be used to draw conclusions and make decisions. On top of this, I think great opportunities lie in connecting smart cities on a national or global level.
That all sounds great but what risks and dangers will connectedness bring and how will security experts efficiently manage them?
The more complex the system, the higher the cybersecurity risks. For the average user to feel bad, it is enough if a favorite service is not available or reliable. If Google Maps, Waze, or other applications don’t work when you get in your car, you already have a bad day. And hackers, and the people behind them are well aware of this.
What makes hackers want to paralyze a city?
Hackers today can have a variety of reasons. We have to put behind us the stereotype that hackers are pimpled teens who operate from mom’s basement while eating donuts. This might be true for no more than 5 percent of all hackers. And the remaining 95 percent is also a diverse group. There are, for example, hacktivists who might pose a serious threat to the operation of smart cities because they are the ones who attack IT systems in protest against local problems.
A hacker group like Anonymous might get upset about the free public transport pass, or the lack of it, for senior citizens. You can never tell what they get upset about.
To promote social change, they might hack into the public transport system or the information system, and display messages like “Take the free passes away from seniors”. They can also stand behind certain political messages, especially during election times. Some terrorist groups also moved to cyberspace and they may perpetrate organized attacks, for ideological or religious reasons, against smart cities by paralyzing vital infrastructure. As a result, the power supply may go offline and traffic could collapse.
There are hackers that work for money. They blackmail a city and ask for a ransom. It is a kind of protection racket. Last year, the city of Atlanta, Georgia, was the victim of a ransomware attack that cost millions of dollars for the city. Just recently Florida town has decided to pay hackers over half a million US dollars to get their systems working again.
And there are hacker groups paid by governments, cybercriminals who pose a national security threat because they tend to target critical infrastructure, like energy supply, food production, or medicine supply chain. So, there is a wide range of reasons and a smart city must be well-equipped and ready for any kind of cyber attack. As I mentioned in my presentation, a smart city might get several million attacks per day and serious problems may arise within a couple of hours. Incident management and information management are carried out continuously.
When will smart cities be able to protect their citizens? It is a good question. But first, we should develop this system, step by step. We shouldn’t rush anything.
Are there any smart solutions working in Hungary? And how is the progress in Budapest?
In Monor, for example, smart solutions are implemented in a modular manner since 2018, so that they can be easily implemented in other cities. In Debrecen, the city development strategy has become public. Kaposvár has a modern energy management approach. In Budapest, smart city construction programs include displays in tram stations, the BKK Futár or Bubi bike sharing system – these programs were harmonized. Programs depend on available funding and strategies of the municipal districts. The will is there, and the next step will be a closer connection of such systems.
How can Deutsche Telekom help? You mentioned that, in terms of development, the smart city center of Europe is there.
Smart city project owners from across Europe come to T-Systems for central control and expertise in problem-solving. We connect developers and owners of already implemented projects, share best practices and link solutions across Europe. Cities have very complex systems, including sensors, software, application layers, operation and cybersecurity monitoring. We help to ensure that all elements are in place and the system is built properly.
For example, we have a complex drone security system that alerts when a drone flies over an industrial establishment or stadium. It is capable of disabling drones, as well. To do that, you need a highly efficient combination of cyberspace and physical space security with the latest technology. The security and technology aspects of smart cities are so complex that we really need all our expertise and the experience of several hundreds of engineers to ensure that smart city solutions operate properly.
This article was originally published here.