A quick search on the Internet and it is easy to be convinced that smart places are the solution to the challenges facing urban and rural communities alike.
Embracing emerging technologies, like AI, IoT, and 5G, it is argued, will improve everyone’s lives.
The basic premise is that digital technology addresses all local transport, energy, healthcare, utilities and environmental challenges: smart street lighting, or using lamp-posts and other street furniture in new ways, for example for real-time environmental monitoring; the use of bin-fill sensors; smart traffic management and parking to allow people to rethink their transport choices; the use of road-repairing drones with asphalt-spraying 3D printers; smart housing and living; and smart work and play areas all become elements of what makes a place smart.
The concept is gaining traction as global investment in trials, testbeds and operational systems deployment shows.
But what lies underneath the shiny surface of a smart place?
At the end of the day smart places are all about data, captured by thousands of sensors distributed across an area, processed, analysed and mined (sometimes for profit) to offer information that aims to optimise services, effecting behavioural change, economic performance and improvements in quality of life.
There is however no such thing as an ‘out of the box’ smart place solution. Not only will a smart place vary by location, but it will invariably be underpinned by a vast amount of technologies, protocols, and devices provided by multiple manufacturers – chiefly, sensor networks and low power wide area networks.
This means that smart places will not simply appear from one day to the next. Making a smart place is an iterative and evolutionary journey, built on existing and future technologies, combining legacy and emerging approaches to structuring urban and rural lives, binding them together on the basis of continuous interconnectivity of sensors and systems, so that they become more than the sum of their individual parts.
What does this messy underbelly of a smart place mean for cyber resilience?
Monitoring thousands of sensors deployed around a city of the size of, say, Bristol, never mind assuring the cyber resilience of the complicated interconnections of a myriad of networks and orchestration systems that govern and control a smart place is challenging, and the risks are real. Each sensor, each interconnection presents a potential attack vector for cyber criminals to compromise personal data, or cause disruption. Sensors and hardware can be physically tampered with, sensor data can be manipulated to disrupt services, or introduce bias into data analysis and decision-making; if an attacker gains control of a smart place orchestration (or command and control) system, all bets are off.
But scaremongering will get us nowhere. The best we can do is to focus on the enabling role of security processes and solutions so that we can support the smart place evolution in the most safe and secure way possible. What exactly does that mean?
It means deepening our understanding of the technology landscape that underpins smart places, investigating and noting the technical functions and capabilities of devices alongside their societal functions to understand how they fit into the interconnected network that constitutes a smart place.
It means developing a model of governance that applies across a smart place in its entirety, from deciding who risk ownership to developing minimum standards for things like encryption and authentication.
And it means enabling decision-makers to make intelligent decisions on the technology they want to deploy and prioritise secure cyber solutions from the market, ideally based on informed procurement guidance, inclusive of products and solutions that have been tested independently before their large-scale roll-out.