This piece was originally published in the February 2018 issue of electroindustry.
Joseph Howley, Manager of Industry Relations, GE Lighting and Current, powered by GE and Mr. Howley, a recipient of NEMA’s Kite & Key Award, chairs the NEMA Light Source Section.
As smart cities transform the way we live, work, and interact, the spotlight is on cybersecurity.
Our physical and digital worlds are interconnected in ways we never imagined: voices can control thermostats, there’s a Wi-Fi connection in every public building, and we can digitally navigate any urban environment. We are living in the Internet of Things (IoT) enabled by light-emitting diodes (LEDs).
Smart cities create new ecosystems for commerce and civic engagement. According to a Frost & Sullivan report, the global intelligent city market will be valued at $1.5 trillion by 2020. Big data also means big cybersecurity challenges. As light poles in cities become gateways for intelligent lighting systems, it’s critical to build an infrastructure to protect citizens, businesses, and governments.
U.S. cities are in the process of digital transformation. San Diego, for example, is installing what it calls the world’s largest Smart City IoT Platform by adding 3,200 intelligent nodes to existing infrastructure. It is also moving from a sole-use outdoor wireless control network to a multiapplication network for the IoT to better collect metadata and provide smarter services. These intelligent networks will use sensors to collect real-time data to direct drivers to parking spaces; guide fire, ambulance, and police responses; and provide weather data.
Smart street luminaires provide the ability to change light levels, track energy usage, and provide luminaire maintenance information—all while saving significant energy with LED street lighting systems that use utility-grade energy measurement per pole to pay only for what is used instead of fixed utility costs per pole.
As more municipalities explore strategies to integrate innovative solutions, it’s necessary to factor in the cost of a security breach. Industrial-grade multilayered cybersecurity measures must address three essential pillars of any smart city solution: edge security, connectivity security, and cloud security.
Edge security protects local data and secures access to the larger system. First, every node should have a unique, trackable identity that can be remotely authenticated using the device’s unique certificates stored within its trusted platform module. Second, every removable module should be authenticated using a reverse engineering–resistant crypto-chip carrying the module identity. These efforts, along with the secure boot sequence, enable a tree of trust expanding from the semiconductor components to the encrypted file system. This ensures that any security infringements are limited to the loss of the single node, even if the perpetrator possesses the node. As a final precaution, continuity of the security can be ensured by signing and verifying software patches.
It is critical to build solutions that secure transmitted data and prevent the potential of the infrastructure mounting an attack on third-party systems. For example, a cybersecurity team may use an encrypted, two-way transport layer secure protocol and transmit only via secure tunnels with source and destination inspection at the interface points.
Smart cities must embed security at every level of the cloud stack. Additional software systems can be built on top of a multiapplication cloud to ensure compliance standards and contractual clauses related to data. These types of security systems should use 24/7/365 monitoring of the cloud infrastructure, the software applications, and application programming interfaces that allow for constant oversight and provide internal teams with the ability to find vulnerabilities before potential attackers do.
When security needs for each pillar—edge, connectivity, and cloud—are properly implemented as part of a smart city’s blueprint, the foundation is established for a truly limitless future.