Building (and Securing) the First Smart City with Flash-to-Cloud Protection

Smart cities are prime targets for cyber attacks. Flash-to-cloud security technology can enable secure smart city data pipelines, from the device and firmware layer to the cloud.

326
Building-and-Securing-the-First-Smart-City-with-Flash-to-Cloud-Protection
Illustration: © IoT For All

As connected devices continue to improve in both quality and affordability, smart cities are becoming more of a realistic picture for our future than a mere science fiction fantasy. In 2019 alone, IDC forecasts that worldwide spending on smart city initiatives will reach $95.8 billion. Singapore, New York City, Tokyo and London are each expected to invest more than $1 billion in smart city programs in 2019.

By using connected technology for energy, transportation and public safety with devices like security cameras and traffic, environmental, parking and road sensors, these initiatives aim to create an integrated system that makes our cities safer and improves the quality of life for everyone. With all of these thousands of connected sensors and controllers, however, smart cities will also become vulnerable targets for cyber attackers.

In order to develop cities that are as safe and trustworthy as they are smart, we must ensure that they are against potential cybersecurity breaches—but how?

To control and monitor all of the connected devices and applications that make up the smart city, each device needs to be connected to a Command and Control or Operational Center that has visibility over all the endpoints and the ability to engage devices, identify malfunctioning devices, update devices and security measures and more.

Some of these features already exist (e.g. connected traffic lights). With an increase in connectivity, we can only expect to see more of these connected systems in our cities in the future. As always, with great opportunity comes great risk; as these smart cities expand and more IoT devices are added, cyber risks will only compound.

To bring in an era of smart (but safe) cities, we must strictly control all connected devices. Imagine the consequences of an adversary who tries to comprise the system, the devices, the connectivity or even the command center in a smart city. It’s a particularly scary scenario to think about a hacker or terrorist organization accessing the system to manipulate traffic cameras and project rough inputs.

While this kind of dangerous scene may seem more akin to a storyline for a futuristic action movie, the impending development of smart cities means that threats such as this will become less science fiction horror stories and more realistic dangers.  

It’s a massive undertaking to secure smart cities against threats such as this. For one, the many edge devices that comprise a smart city are distributed across many miles and are exposed to the general population with limited restriction. Moreover, a smart city’s network is always expanding—and its data is always increasing. And, because the smart city is a public environment, the network is always exposed–whether it’s a wired or wireless network (e.g. LoRa, 5G, WiFi), making it susceptible to malicious agents.

Another challenge is the cost. City planners will likely seek cost-effective solutions when taking on such a massive project as a smart city implementation. However, limiting costs also limits hard security controllers for edge devices, which could end up comprising the city’s greater security.

Flash-to-Cloud IoT Network Security

One “out-of-the-box” concept offers a new, innovative approach to solving these security challenges: a flash-to-cloud solution. Such a solution could protect the firmware of the edge device from any unauthorized manipulation in the memory itself. With this approach, even in the case of a physical or network breach, the firmware in the memory cannot be comprised. This flash-to-cloud protection uses the capabilities from the processors in the edge devices to modify the content of the firmware and make it impossible to access by any kind of adversary.

This proposed solution is very cost-effective, as it’s a hardware solution built into the existing memory that doesn’t add additional modules to the system, and it doesn’t complicate the software integration or development as the system scales.

Many leading flash memory vendors (e.g. Micron, Cypress, Winbond and more) have already embraced this flash-to-cloud protection solution, which is being driven by an innovative company focused solely on cybersecurity in IoT: NanoLock Security.

Besides being complex, smart cities are also evolving structures that will expand in size and technicality over the years. This presents yet another challenge for security. Even after city planners have achieved an ironclad device protection platform that can resist physical and network attacks, there remains a key security obstacle: How can they maintain this level of security over time? Planners must be able to ensure that their system is securely updated with a trusted, manageable system for years into the future. The architecture must not only protect the network and devices from a breach but also ensure visibility of the network and enable the monitoring and management of the system.

Maintaining regular, secure updates is vital for the safety of smart cities and the people who populate them. In most cases today, update mechanisms are manually executed by a technician, who must connect with the edge devices to perform the update. This raises the concern that any remote update could increase the risk of attack and manipulation of the device. Moreover, updates with this current model are expensive, which means they tend to be less frequent. However, fewer updates mean more risks for downtime scenarios and increased potential for all the data that the edge devices send to the command center to be compromised. Thus, it’s critical to require a secure update mechanism that will enable remote updates, in addition to and a management platform that is trustworthy.

The new, flash-to-cloud protection approach configures the mechanism for secure updates and trustworthy management. By creating a secure channel between the cloud and the flash memory in the edge device, flash-to-cloud protection makes it possible to send a secure update from the cloud to the flash memory, regardless of the status of the network, the status of the processor or the version installed in the flash memory.

This secure channel can also be used to send status reports from the flash memory back to the management server to indicate when something looks harmful, when there is a breach, if someone needs to be quarantined or even if an attack has been prevented. Flash-to-cloud protection also provides status on the downtime of the device, the version, the latest update and more. Most importantly, all of this information can be trusted, as it cannot be manipulated by the software on the processor—even if it’s compromised.  

This kind of flash-to-cloud protection increases the security of edge devices and offers a holistic solution to the many challenges of smart cities and IoT domains. Moreover, flash-to-cloud protection is unique in that provides secure, trustworthy results without increasing the BoM cost—something other solutions can’t do. With their solution, NanoLock Security is both reducing operational costs—such as technician updates—and unexpected downtime, while offering advanced monitoring of devices. Together, these features make flash-to-cloud protection an attractive approach to security for industrial, automotive and IoT markets.

As smart city development continues to advance, amass and rely upon increasing amounts of data, we must ensure that security measures stay one step ahead of these expanding systems. This will require a security platform that can both manage complexity and enable a trustworthy management and update mechanism—heavy requirements that are fulfilled only by flash-to-cloud protection.

Mr. Kahana brings more than 20 years of experience in managing¸ leading and developing large-scale projects in secure telecommunications and embedded systems¸ from idea-stage to completion in R&D¸ product and business environments.